diff --git a/scd/apdu.c b/scd/apdu.c index bc34c2048..2d77ae03f 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1,3457 +1,3456 @@ /* apdu.c - ISO 7816 APDU functions and low level I/O * Copyright (C) 2003, 2004, 2008, 2009, 2010, * 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* NOTE: This module is also used by other software, thus the use of the macro USE_NPTH is mandatory. For GnuPG this macro is guaranteed to be defined true. */ #include #include #include #include #include -#include #include #ifdef USE_NPTH # include # include # include #endif /* If requested include the definitions for the remote APDU protocol code. */ #ifdef USE_G10CODE_RAPDU #include "rapdu.h" #endif /*USE_G10CODE_RAPDU*/ #if defined(GNUPG_MAJOR_VERSION) # include "scdaemon.h" # include "../common/exechelp.h" #endif /*GNUPG_MAJOR_VERSION*/ #include "../common/host2net.h" #include "iso7816.h" #include "apdu.h" #define CCID_DRIVER_INCLUDE_USB_IDS 1 #include "ccid-driver.h" struct dev_list { void *table; const char *portstr; int idx; int idx_max; }; #define MAX_READER 16 /* Number of readers we support concurrently. */ /* See also MAX_DEVICE in ccid-driver.c. */ #if defined(_WIN32) || defined(__CYGWIN__) #define DLSTDCALL __stdcall #else #define DLSTDCALL #endif #if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__) typedef unsigned int pcsc_dword_t; #else typedef unsigned long pcsc_dword_t; #endif #ifdef HAVE_W32_SYSTEM #define HANDLE uintptr_t #else #define HANDLE long #endif /* PC/SC context to access readers. Shared among all readers. */ static struct pcsc_global_data { HANDLE context; int count; const char *rdrname[MAX_READER]; } pcsc; /* A structure to collect information pertaining to one reader slot. */ struct reader_table_s { int used; /* True if slot is used. */ unsigned short port; /* Port number: 0 = unused, 1 - dev/tty */ /* Function pointers initialized to the various backends. */ int (*connect_card)(int); int (*disconnect_card)(int); int (*close_reader)(int); int (*reset_reader)(int); int (*get_status_reader)(int, unsigned int *, int); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, pininfo_t *); int (*check_pinpad)(int, int, pininfo_t *); void (*dump_status_reader)(int); int (*set_progress_cb)(int, gcry_handler_progress_t, void*); int (*set_prompt_cb)(int, void (*) (void *, int), void*); int (*pinpad_verify)(int, int, int, int, int, pininfo_t *); int (*pinpad_modify)(int, int, int, int, int, pininfo_t *); struct { ccid_driver_t handle; } ccid; struct { HANDLE card; pcsc_dword_t protocol; pcsc_dword_t verify_ioctl; pcsc_dword_t modify_ioctl; int pinmin; int pinmax; pcsc_dword_t current_state; } pcsc; #ifdef USE_G10CODE_RAPDU struct { rapdu_t handle; } rapdu; #endif /*USE_G10CODE_RAPDU*/ char *rdrname; /* Name of the connected reader or NULL if unknown. */ unsigned int is_t0:1; /* True if we know that we are running T=0. */ unsigned int pinpad_varlen_supported:1; /* True if we know that the reader supports variable length pinpad input. */ unsigned int require_get_status:1; unsigned char atr[33]; size_t atrlen; /* A zero length indicates that the ATR has not yet been read; i.e. the card is not ready for use. */ #ifdef USE_NPTH npth_mutex_t lock; #endif }; typedef struct reader_table_s *reader_table_t; /* A global table to keep track of active readers. */ static struct reader_table_s reader_table[MAX_READER]; #ifdef USE_NPTH static npth_mutex_t reader_table_lock; #endif /* PC/SC constants and function pointer. */ #define PCSC_SCOPE_USER 0 #define PCSC_SCOPE_TERMINAL 1 #define PCSC_SCOPE_SYSTEM 2 #define PCSC_SCOPE_GLOBAL 3 #define PCSC_PROTOCOL_T0 1 #define PCSC_PROTOCOL_T1 2 #ifdef HAVE_W32_SYSTEM # define PCSC_PROTOCOL_RAW 0x00010000 /* The active protocol. */ #else # define PCSC_PROTOCOL_RAW 4 #endif #define PCSC_SHARE_EXCLUSIVE 1 #define PCSC_SHARE_SHARED 2 #define PCSC_SHARE_DIRECT 3 #define PCSC_LEAVE_CARD 0 #define PCSC_RESET_CARD 1 #define PCSC_UNPOWER_CARD 2 #define PCSC_EJECT_CARD 3 #ifdef HAVE_W32_SYSTEM # define PCSC_UNKNOWN 0x0000 /* The driver is not aware of the status. */ # define PCSC_ABSENT 0x0001 /* Card is absent. */ # define PCSC_PRESENT 0x0002 /* Card is present. */ # define PCSC_SWALLOWED 0x0003 /* Card is present and electrical connected. */ # define PCSC_POWERED 0x0004 /* Card is powered. */ # define PCSC_NEGOTIABLE 0x0005 /* Card is awaiting PTS. */ # define PCSC_SPECIFIC 0x0006 /* Card is ready for use. */ #else # define PCSC_UNKNOWN 0x0001 # define PCSC_ABSENT 0x0002 /* Card is absent. */ # define PCSC_PRESENT 0x0004 /* Card is present. */ # define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */ # define PCSC_POWERED 0x0010 /* Card is powered. */ # define PCSC_NEGOTIABLE 0x0020 /* Card is awaiting PTS. */ # define PCSC_SPECIFIC 0x0040 /* Card is ready for use. */ #endif #define PCSC_STATE_UNAWARE 0x0000 /* Want status. */ #define PCSC_STATE_IGNORE 0x0001 /* Ignore this reader. */ #define PCSC_STATE_CHANGED 0x0002 /* State has changed. */ #define PCSC_STATE_UNKNOWN 0x0004 /* Reader unknown. */ #define PCSC_STATE_UNAVAILABLE 0x0008 /* Status unavailable. */ #define PCSC_STATE_EMPTY 0x0010 /* Card removed. */ #define PCSC_STATE_PRESENT 0x0020 /* Card inserted. */ #define PCSC_STATE_ATRMATCH 0x0040 /* ATR matches card. */ #define PCSC_STATE_EXCLUSIVE 0x0080 /* Exclusive Mode. */ #define PCSC_STATE_INUSE 0x0100 /* Shared mode. */ #define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */ #ifdef HAVE_W32_SYSTEM # define PCSC_STATE_UNPOWERED 0x0400 /* Card not powerred up. */ #endif /* Some PC/SC error codes. */ #define PCSC_E_CANCELLED 0x80100002 #define PCSC_E_CANT_DISPOSE 0x8010000E #define PCSC_E_INSUFFICIENT_BUFFER 0x80100008 #define PCSC_E_INVALID_ATR 0x80100015 #define PCSC_E_INVALID_HANDLE 0x80100003 #define PCSC_E_INVALID_PARAMETER 0x80100004 #define PCSC_E_INVALID_TARGET 0x80100005 #define PCSC_E_INVALID_VALUE 0x80100011 #define PCSC_E_NO_MEMORY 0x80100006 #define PCSC_E_UNKNOWN_READER 0x80100009 #define PCSC_E_TIMEOUT 0x8010000A #define PCSC_E_SHARING_VIOLATION 0x8010000B #define PCSC_E_NO_SMARTCARD 0x8010000C #define PCSC_E_UNKNOWN_CARD 0x8010000D #define PCSC_E_PROTO_MISMATCH 0x8010000F #define PCSC_E_NOT_READY 0x80100010 #define PCSC_E_SYSTEM_CANCELLED 0x80100012 #define PCSC_E_NOT_TRANSACTED 0x80100016 #define PCSC_E_READER_UNAVAILABLE 0x80100017 #define PCSC_E_NO_SERVICE 0x8010001D #define PCSC_E_SERVICE_STOPPED 0x8010001E #define PCSC_E_NO_READERS_AVAILABLE 0x8010002E #define PCSC_W_RESET_CARD 0x80100068 #define PCSC_W_REMOVED_CARD 0x80100069 /* Fix pcsc-lite ABI incompatibility. */ #ifndef SCARD_CTL_CODE #ifdef _WIN32 #include #define SCARD_CTL_CODE(code) CTL_CODE(FILE_DEVICE_SMARTCARD, (code), \ METHOD_BUFFERED, FILE_ANY_ACCESS) #else #define SCARD_CTL_CODE(code) (0x42000000 + (code)) #endif #endif #define CM_IOCTL_GET_FEATURE_REQUEST SCARD_CTL_CODE(3400) #define CM_IOCTL_VENDOR_IFD_EXCHANGE SCARD_CTL_CODE(1) #define FEATURE_VERIFY_PIN_DIRECT 0x06 #define FEATURE_MODIFY_PIN_DIRECT 0x07 #define FEATURE_GET_TLV_PROPERTIES 0x12 #define PCSCv2_PART10_PROPERTY_bEntryValidationCondition 2 #define PCSCv2_PART10_PROPERTY_bTimeOut2 3 #define PCSCv2_PART10_PROPERTY_bMinPINSize 6 #define PCSCv2_PART10_PROPERTY_bMaxPINSize 7 #define PCSCv2_PART10_PROPERTY_wIdVendor 11 #define PCSCv2_PART10_PROPERTY_wIdProduct 12 /* The PC/SC error is defined as a long as per specs. Due to left shifts bit 31 will get sign extended. We use this mask to fix it. */ #define PCSC_ERR_MASK(a) ((a) & 0xffffffff) struct pcsc_io_request_s { #if defined(_WIN32) || defined(__CYGWIN__) pcsc_dword_t protocol; pcsc_dword_t pci_len; #else unsigned long protocol; unsigned long pci_len; #endif }; typedef struct pcsc_io_request_s *pcsc_io_request_t; #ifdef __APPLE__ #pragma pack(1) #endif struct pcsc_readerstate_s { const char *reader; void *user_data; pcsc_dword_t current_state; pcsc_dword_t event_state; pcsc_dword_t atrlen; unsigned char atr[33]; }; #ifdef __APPLE__ #pragma pack() #endif typedef struct pcsc_readerstate_s *pcsc_readerstate_t; long (* DLSTDCALL pcsc_establish_context) (pcsc_dword_t scope, const void *reserved1, const void *reserved2, HANDLE *r_context); long (* DLSTDCALL pcsc_release_context) (HANDLE context); long (* DLSTDCALL pcsc_list_readers) (HANDLE context, const char *groups, char *readers, pcsc_dword_t*readerslen); long (* DLSTDCALL pcsc_get_status_change) (HANDLE context, pcsc_dword_t timeout, pcsc_readerstate_t readerstates, pcsc_dword_t nreaderstates); long (* DLSTDCALL pcsc_connect) (HANDLE context, const char *reader, pcsc_dword_t share_mode, pcsc_dword_t preferred_protocols, HANDLE *r_card, pcsc_dword_t *r_active_protocol); long (* DLSTDCALL pcsc_reconnect) (HANDLE card, pcsc_dword_t share_mode, pcsc_dword_t preferred_protocols, pcsc_dword_t initialization, pcsc_dword_t *r_active_protocol); long (* DLSTDCALL pcsc_disconnect) (HANDLE card, pcsc_dword_t disposition); long (* DLSTDCALL pcsc_status) (HANDLE card, char *reader, pcsc_dword_t *readerlen, pcsc_dword_t *r_state, pcsc_dword_t *r_protocol, unsigned char *atr, pcsc_dword_t *atrlen); long (* DLSTDCALL pcsc_begin_transaction) (long card); long (* DLSTDCALL pcsc_end_transaction) (HANDLE card, pcsc_dword_t disposition); long (* DLSTDCALL pcsc_transmit) (long card, const pcsc_io_request_t send_pci, const unsigned char *send_buffer, pcsc_dword_t send_len, pcsc_io_request_t recv_pci, unsigned char *recv_buffer, pcsc_dword_t *recv_len); long (* DLSTDCALL pcsc_set_timeout) (HANDLE context, pcsc_dword_t timeout); long (* DLSTDCALL pcsc_control) (HANDLE card, pcsc_dword_t control_code, const void *send_buffer, pcsc_dword_t send_len, void *recv_buffer, pcsc_dword_t recv_len, pcsc_dword_t *bytes_returned); /* Prototypes. */ static int pcsc_vendor_specific_init (int slot); static int pcsc_get_status (int slot, unsigned int *status, int on_wire); static int reset_pcsc_reader (int slot); static int apdu_get_status_internal (int slot, int hang, unsigned int *status, int on_wire); static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo); static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); static int pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo); /* * Helper */ /* Return true if (BUFFER,LENGTH) consists of only binary zeroes. */ static int all_zero_p (const void *buffer, size_t length) { const unsigned char *p; for (p=buffer; length; p++, length--) if (*p) return 0; return 1; } static int lock_slot (int slot) { #ifdef USE_NPTH int err; err = npth_mutex_lock (&reader_table[slot].lock); if (err) { log_error ("failed to acquire apdu lock: %s\n", strerror (err)); return SW_HOST_LOCKING_FAILED; } #endif /*USE_NPTH*/ return 0; } static int trylock_slot (int slot) { #ifdef USE_NPTH int err; err = npth_mutex_trylock (&reader_table[slot].lock); if (err == EBUSY) return SW_HOST_BUSY; else if (err) { log_error ("failed to acquire apdu lock: %s\n", strerror (err)); return SW_HOST_LOCKING_FAILED; } #endif /*USE_NPTH*/ return 0; } static void unlock_slot (int slot) { #ifdef USE_NPTH int err; err = npth_mutex_unlock (&reader_table[slot].lock); if (err) log_error ("failed to release apdu lock: %s\n", strerror (errno)); #endif /*USE_NPTH*/ } /* Find an unused reader slot for PORTSTR and put it into the reader table. Return -1 on error or the index into the reader table. Acquire slot's lock on successful return. Caller needs to unlock it. */ static int new_reader_slot (void) { int i, reader = -1; for (i=0; i < MAX_READER; i++) if (!reader_table[i].used) { reader = i; reader_table[reader].used = 1; break; } if (reader == -1) { log_error ("new_reader_slot: out of slots\n"); return -1; } if (lock_slot (reader)) { reader_table[reader].used = 0; return -1; } reader_table[reader].connect_card = NULL; reader_table[reader].disconnect_card = NULL; reader_table[reader].close_reader = NULL; reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; reader_table[reader].check_pinpad = check_pcsc_pinpad; reader_table[reader].dump_status_reader = NULL; reader_table[reader].set_progress_cb = NULL; reader_table[reader].set_prompt_cb = NULL; reader_table[reader].pinpad_verify = pcsc_pinpad_verify; reader_table[reader].pinpad_modify = pcsc_pinpad_modify; reader_table[reader].is_t0 = 1; reader_table[reader].pinpad_varlen_supported = 0; reader_table[reader].require_get_status = 1; reader_table[reader].pcsc.verify_ioctl = 0; reader_table[reader].pcsc.modify_ioctl = 0; reader_table[reader].pcsc.pinmin = -1; reader_table[reader].pcsc.pinmax = -1; reader_table[reader].pcsc.current_state = PCSC_STATE_UNAWARE; return reader; } static void dump_reader_status (int slot) { if (!opt.verbose) return; if (reader_table[slot].dump_status_reader) reader_table[slot].dump_status_reader (slot); if (reader_table[slot].atrlen) { log_info ("slot %d: ATR=", slot); log_printhex (reader_table[slot].atr, reader_table[slot].atrlen, ""); } } static const char * host_sw_string (long err) { switch (err) { case 0: return "okay"; case SW_HOST_OUT_OF_CORE: return "out of core"; case SW_HOST_INV_VALUE: return "invalid value"; case SW_HOST_NO_DRIVER: return "no driver"; case SW_HOST_NOT_SUPPORTED: return "not supported"; case SW_HOST_LOCKING_FAILED: return "locking failed"; case SW_HOST_BUSY: return "busy"; case SW_HOST_NO_CARD: return "no card"; case SW_HOST_CARD_INACTIVE: return "card inactive"; case SW_HOST_CARD_IO_ERROR: return "card I/O error"; case SW_HOST_GENERAL_ERROR: return "general error"; case SW_HOST_NO_READER: return "no reader"; case SW_HOST_ABORTED: return "aborted"; case SW_HOST_NO_PINPAD: return "no pinpad"; case SW_HOST_ALREADY_CONNECTED: return "already connected"; case SW_HOST_CANCELLED: return "cancelled"; case SW_HOST_USB_OTHER: return "USB general error"; case SW_HOST_USB_IO: return "USB I/O error"; case SW_HOST_USB_ACCESS: return "USB permission denied"; case SW_HOST_USB_NO_DEVICE:return "USB no device"; case SW_HOST_USB_BUSY: return "USB busy"; case SW_HOST_USB_TIMEOUT: return "USB timeout"; case SW_HOST_USB_OVERFLOW: return "USB overflow"; default: return "unknown host status error"; } } const char * apdu_strerror (int rc) { switch (rc) { case SW_EOF_REACHED : return "eof reached"; case SW_TERM_STATE : return "termination state"; case SW_EEPROM_FAILURE : return "eeprom failure"; case SW_ACK_TIMEOUT : return "ACK timeout"; case SW_WRONG_LENGTH : return "wrong length"; case SW_SM_NOT_SUP : return "secure messaging not supported"; case SW_CC_NOT_SUP : return "command chaining not supported"; case SW_FILE_STRUCT : return "command can't be used for file structure."; case SW_CHV_WRONG : return "CHV wrong"; case SW_CHV_BLOCKED : return "CHV blocked"; case SW_REF_DATA_INV : return "referenced data invalidated"; case SW_USE_CONDITIONS : return "use conditions not satisfied"; case SW_NO_CURRENT_EF : return "no current EF selected"; case SW_BAD_PARAMETER : return "bad parameter"; case SW_NOT_SUPPORTED : return "not supported"; case SW_FILE_NOT_FOUND : return "file not found"; case SW_RECORD_NOT_FOUND:return "record not found"; case SW_NOT_ENOUGH_MEMORY: return "not enough memory space in the file"; case SW_INCONSISTENT_LC: return "Lc inconsistent with TLV structure"; case SW_INCORRECT_P0_P1: return "incorrect parameters P0,P1"; case SW_BAD_LC : return "Lc inconsistent with P0,P1"; case SW_REF_NOT_FOUND : return "reference not found"; case SW_BAD_P0_P1 : return "bad P0,P1"; case SW_EXACT_LENGTH : return "exact length"; case SW_INS_NOT_SUP : return "instruction not supported"; case SW_CLA_NOT_SUP : return "class not supported"; case SW_SUCCESS : return "success"; default: if ((rc & ~0x00ff) == SW_MORE_DATA) return "more data available"; if ( (rc & 0x10000) ) return host_sw_string (rc); return "unknown status error"; } } /* PC/SC Interface */ static const char * pcsc_error_string (long err) { const char *s; if (!err) return "okay"; if ((err & 0x80100000) != 0x80100000) return "invalid PC/SC error code"; err &= 0xffff; switch (err) { case 0x0002: s = "cancelled"; break; case 0x000e: s = "can't dispose"; break; case 0x0008: s = "insufficient buffer"; break; case 0x0015: s = "invalid ATR"; break; case 0x0003: s = "invalid handle"; break; case 0x0004: s = "invalid parameter"; break; case 0x0005: s = "invalid target"; break; case 0x0011: s = "invalid value"; break; case 0x0006: s = "no memory"; break; case 0x0013: s = "comm error"; break; case 0x0001: s = "internal error"; break; case 0x0014: s = "unknown error"; break; case 0x0007: s = "waited too long"; break; case 0x0009: s = "unknown reader"; break; case 0x000a: s = "timeout"; break; case 0x000b: s = "sharing violation"; break; case 0x000c: s = "no smartcard"; break; case 0x000d: s = "unknown card"; break; case 0x000f: s = "proto mismatch"; break; case 0x0010: s = "not ready"; break; case 0x0012: s = "system cancelled"; break; case 0x0016: s = "not transacted"; break; case 0x0017: s = "reader unavailable"; break; case 0x0065: s = "unsupported card"; break; case 0x0066: s = "unresponsive card"; break; case 0x0067: s = "unpowered card"; break; case 0x0068: s = "reset card"; break; case 0x0069: s = "removed card"; break; case 0x006a: s = "inserted card"; break; case 0x001f: s = "unsupported feature"; break; case 0x0019: s = "PCI too small"; break; case 0x001a: s = "reader unsupported"; break; case 0x001b: s = "duplicate reader"; break; case 0x001c: s = "card unsupported"; break; case 0x001d: s = "no service"; break; case 0x001e: s = "service stopped"; break; default: s = "unknown PC/SC error code"; break; } return s; } /* Map PC/SC error codes to our special host status words. */ static int pcsc_error_to_sw (long ec) { int rc; switch ( PCSC_ERR_MASK (ec) ) { case 0: rc = 0; break; case PCSC_E_CANCELLED: rc = SW_HOST_CANCELLED; break; case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break; case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; case PCSC_E_NO_SERVICE: case PCSC_E_SERVICE_STOPPED: case PCSC_E_UNKNOWN_READER: rc = SW_HOST_NO_READER; break; case PCSC_E_NO_READERS_AVAILABLE:rc = SW_HOST_NO_READER; break; case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break; case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break; case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break; case PCSC_E_INVALID_TARGET: case PCSC_E_INVALID_VALUE: case PCSC_E_INVALID_HANDLE: case PCSC_E_INVALID_PARAMETER: case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break; default: rc = SW_HOST_GENERAL_ERROR; break; } return rc; } static void dump_pcsc_reader_status (int slot) { if (reader_table[slot].pcsc.card) { log_info ("reader slot %d: active protocol:", slot); if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T0)) log_printf (" T0"); else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) log_printf (" T1"); else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_RAW)) log_printf (" raw"); log_printf ("\n"); } else log_info ("reader slot %d: not connected\n", slot); } static int pcsc_get_status (int slot, unsigned int *status, int on_wire) { long err; struct pcsc_readerstate_s rdrstates[1]; (void)on_wire; memset (rdrstates, 0, sizeof *rdrstates); rdrstates[0].reader = reader_table[slot].rdrname; rdrstates[0].current_state = reader_table[slot].pcsc.current_state; err = pcsc_get_status_change (pcsc.context, 0, rdrstates, 1); if (err == PCSC_E_TIMEOUT) err = 0; /* Timeout is no error here. */ if (err) { log_error ("pcsc_get_status_change failed: %s (0x%lx)\n", pcsc_error_string (err), err); return pcsc_error_to_sw (err); } if ((rdrstates[0].event_state & PCSC_STATE_CHANGED)) reader_table[slot].pcsc.current_state = (rdrstates[0].event_state & ~PCSC_STATE_CHANGED); if (DBG_READER) log_debug ("pcsc_get_status_change: %s%s%s%s%s%s%s%s%s%s\n", (rdrstates[0].event_state & PCSC_STATE_IGNORE)? " ignore":"", (rdrstates[0].event_state & PCSC_STATE_CHANGED)? " changed":"", (rdrstates[0].event_state & PCSC_STATE_UNKNOWN)? " unknown":"", (rdrstates[0].event_state & PCSC_STATE_UNAVAILABLE)?" unavail":"", (rdrstates[0].event_state & PCSC_STATE_EMPTY)? " empty":"", (rdrstates[0].event_state & PCSC_STATE_PRESENT)? " present":"", (rdrstates[0].event_state & PCSC_STATE_ATRMATCH)? " atr":"", (rdrstates[0].event_state & PCSC_STATE_EXCLUSIVE)? " excl":"", (rdrstates[0].event_state & PCSC_STATE_INUSE)? " inuse":"", (rdrstates[0].event_state & PCSC_STATE_MUTE)? " mute":"" ); *status = 0; if ( (reader_table[slot].pcsc.current_state & PCSC_STATE_PRESENT) ) { *status |= APDU_CARD_PRESENT; if ( !(reader_table[slot].pcsc.current_state & PCSC_STATE_MUTE) ) *status |= APDU_CARD_ACTIVE; } #ifndef HAVE_W32_SYSTEM /* We indicate a useful card if it is not in use by another application. This is because we only use exclusive access mode. */ if ( (*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE) && (opt.pcsc_shared || !(reader_table[slot].pcsc.current_state & PCSC_STATE_INUSE))) *status |= APDU_CARD_USABLE; #else /* Some winscard drivers may set EXCLUSIVE and INUSE at the same time when we are the only user (SCM SCR335) under Windows. */ if ((*status & (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) == (APDU_CARD_PRESENT|APDU_CARD_ACTIVE)) *status |= APDU_CARD_USABLE; #endif if (!on_wire && (rdrstates[0].event_state & PCSC_STATE_CHANGED)) /* Event like sleep/resume occurs, which requires RESET. */ return SW_HOST_NO_READER; else return 0; } /* Send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be stored at BUFLEN. Returns: A status word. */ static int pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { long err; struct pcsc_io_request_s send_pci; pcsc_dword_t recv_len; (void)pininfo; if (!reader_table[slot].atrlen && (err = reset_pcsc_reader (slot))) return err; if (DBG_CARD_IO) log_printhex (apdu, apdulen, " PCSC_data:"); if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) send_pci.protocol = PCSC_PROTOCOL_T1; else send_pci.protocol = PCSC_PROTOCOL_T0; send_pci.pci_len = sizeof send_pci; recv_len = *buflen; err = pcsc_transmit (reader_table[slot].pcsc.card, &send_pci, apdu, apdulen, NULL, buffer, &recv_len); *buflen = recv_len; if (err) log_error ("pcsc_transmit failed: %s (0x%lx)\n", pcsc_error_string (err), err); /* Handle fatal errors which require shutdown of reader. */ if (err == PCSC_E_NOT_TRANSACTED || err == PCSC_W_RESET_CARD || err == PCSC_W_REMOVED_CARD) { reader_table[slot].pcsc.current_state = PCSC_STATE_UNAWARE; scd_kick_the_loop (); } return pcsc_error_to_sw (err); } /* Do some control with the value of IOCTL_CODE to the card inserted to SLOT. Input buffer is specified by CNTLBUF of length LEN. Output buffer is specified by BUFFER of length *BUFLEN, and the actual output size will be stored at BUFLEN. Returns: A status word. This routine is used for PIN pad input support. */ static int control_pcsc (int slot, pcsc_dword_t ioctl_code, const unsigned char *cntlbuf, size_t len, unsigned char *buffer, pcsc_dword_t *buflen) { long err; err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, cntlbuf, len, buffer, buflen? *buflen:0, buflen); if (err) { log_error ("pcsc_control failed: %s (0x%lx)\n", pcsc_error_string (err), err); return pcsc_error_to_sw (err); } return 0; } static int close_pcsc_reader (int slot) { (void)slot; if (--pcsc.count == 0 && npth_mutex_trylock (&reader_table_lock) == 0) { int i; pcsc_release_context (pcsc.context); pcsc.context = 0; for (i = 0; i < MAX_READER; i++) pcsc.rdrname[i] = NULL; npth_mutex_unlock (&reader_table_lock); } return 0; } /* Connect a PC/SC card. */ static int connect_pcsc_card (int slot) { long err; - assert (slot >= 0 && slot < MAX_READER); + log_assert (slot >= 0 && slot < MAX_READER); if (reader_table[slot].pcsc.card) return SW_HOST_ALREADY_CONNECTED; reader_table[slot].atrlen = 0; reader_table[slot].is_t0 = 0; err = pcsc_connect (pcsc.context, reader_table[slot].rdrname, opt.pcsc_shared? PCSC_SHARE_SHARED:PCSC_SHARE_EXCLUSIVE, PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, &reader_table[slot].pcsc.card, &reader_table[slot].pcsc.protocol); if (err) { reader_table[slot].pcsc.card = 0; if (err != PCSC_E_NO_SMARTCARD) log_error ("pcsc_connect failed: %s (0x%lx)\n", pcsc_error_string (err), err); } else { char reader[250]; pcsc_dword_t readerlen, atrlen; pcsc_dword_t card_state, card_protocol; pcsc_vendor_specific_init (slot); atrlen = DIM (reader_table[0].atr); readerlen = sizeof reader - 1; err = pcsc_status (reader_table[slot].pcsc.card, reader, &readerlen, &card_state, &card_protocol, reader_table[slot].atr, &atrlen); if (err) log_error ("pcsc_status failed: %s (0x%lx) %lu\n", pcsc_error_string (err), err, (long unsigned int)readerlen); else { if (atrlen > DIM (reader_table[0].atr)) log_bug ("ATR returned by pcsc_status is too large\n"); reader_table[slot].atrlen = atrlen; reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); } } dump_reader_status (slot); return pcsc_error_to_sw (err); } static int disconnect_pcsc_card (int slot) { long err; - assert (slot >= 0 && slot < MAX_READER); + log_assert (slot >= 0 && slot < MAX_READER); if (!reader_table[slot].pcsc.card) return 0; err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD); if (err) { log_error ("pcsc_disconnect failed: %s (0x%lx)\n", pcsc_error_string (err), err); return SW_HOST_CARD_IO_ERROR; } reader_table[slot].pcsc.card = 0; return 0; } /* Send an PC/SC reset command and return a status word on error or 0 on success. */ static int reset_pcsc_reader (int slot) { int sw; sw = disconnect_pcsc_card (slot); if (!sw) sw = connect_pcsc_card (slot); return sw; } /* Examine reader specific parameters and initialize. This is mostly for pinpad input. Called at opening the connection to the reader. */ static int pcsc_vendor_specific_init (int slot) { unsigned char buf[256]; pcsc_dword_t len; int sw; int vendor = 0; int product = 0; pcsc_dword_t get_tlv_ioctl = (pcsc_dword_t)-1; unsigned char *p; len = sizeof (buf); sw = control_pcsc (slot, CM_IOCTL_GET_FEATURE_REQUEST, NULL, 0, buf, &len); if (sw) { log_error ("pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: %d\n", sw); return SW_NOT_SUPPORTED; } else { p = buf; while (p < buf + len) { unsigned char code = *p++; int l = *p++; unsigned int v = 0; if (l == 1) v = p[0]; else if (l == 2) v = buf16_to_uint (p); else if (l == 4) v = buf32_to_uint (p); if (code == FEATURE_VERIFY_PIN_DIRECT) reader_table[slot].pcsc.verify_ioctl = v; else if (code == FEATURE_MODIFY_PIN_DIRECT) reader_table[slot].pcsc.modify_ioctl = v; else if (code == FEATURE_GET_TLV_PROPERTIES) get_tlv_ioctl = v; if (DBG_CARD_IO) log_debug ("feature: code=%02X, len=%d, v=%02X\n", code, l, v); p += l; } } if (get_tlv_ioctl == (pcsc_dword_t)-1) { /* * For system which doesn't support GET_TLV_PROPERTIES, * we put some heuristics here. */ if (reader_table[slot].rdrname) { if (strstr (reader_table[slot].rdrname, "SPRx32")) { const unsigned char cmd[] = { '\x80', '\x02', '\x00' }; sw = control_pcsc (slot, CM_IOCTL_VENDOR_IFD_EXCHANGE, cmd, sizeof (cmd), NULL, 0); /* Even though it's control at IFD level (request to the * reader, not card), it returns an error when card is * not active. Just ignore the error. */ if (sw) log_debug ("Ignore control_pcsc failure.\n"); reader_table[slot].pinpad_varlen_supported = 1; } else if (strstr (reader_table[slot].rdrname, "ST-2xxx")) { reader_table[slot].pcsc.pinmax = 15; reader_table[slot].pinpad_varlen_supported = 1; } else if (strstr (reader_table[slot].rdrname, "cyberJack") || strstr (reader_table[slot].rdrname, "DIGIPASS") || strstr (reader_table[slot].rdrname, "Gnuk") || strstr (reader_table[slot].rdrname, "KAAN") || strstr (reader_table[slot].rdrname, "Trustica")) reader_table[slot].pinpad_varlen_supported = 1; } return 0; } len = sizeof (buf); sw = control_pcsc (slot, get_tlv_ioctl, NULL, 0, buf, &len); if (sw) { log_error ("pcsc_vendor_specific_init: GET_TLV_IOCTL failed: %d\n", sw); return SW_NOT_SUPPORTED; } p = buf; while (p < buf + len) { unsigned char tag = *p++; int l = *p++; unsigned int v = 0; /* Umm... here is little endian, while the encoding above is big. */ if (l == 1) v = p[0]; else if (l == 2) v = (((unsigned int)p[1] << 8) | p[0]); else if (l == 4) v = (((unsigned int)p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]); if (tag == PCSCv2_PART10_PROPERTY_bMinPINSize) reader_table[slot].pcsc.pinmin = v; else if (tag == PCSCv2_PART10_PROPERTY_bMaxPINSize) reader_table[slot].pcsc.pinmax = v; else if (tag == PCSCv2_PART10_PROPERTY_wIdVendor) vendor = v; else if (tag == PCSCv2_PART10_PROPERTY_wIdProduct) product = v; if (DBG_CARD_IO) log_debug ("TLV properties: tag=%02X, len=%d, v=%08X\n", tag, l, v); p += l; } if (vendor == VENDOR_VEGA && product == VEGA_ALPHA) { /* * Please read the comment of ccid_vendor_specific_init in * ccid-driver.c. */ const unsigned char cmd[] = { '\xb5', '\x01', '\x00', '\x03', '\x00' }; sw = control_pcsc (slot, CM_IOCTL_VENDOR_IFD_EXCHANGE, cmd, sizeof (cmd), NULL, 0); if (sw) return SW_NOT_SUPPORTED; } else if (vendor == VENDOR_SCM && product == SCM_SPR532) { const unsigned char cmd[] = { '\x80', '\x02', '\x00' }; sw = control_pcsc (slot, CM_IOCTL_VENDOR_IFD_EXCHANGE, cmd, sizeof (cmd), NULL, 0); /* Even though it's control at IFD level (request to the * reader, not card), it returns an error when card is * not active. Just ignore the error. */ if (sw) log_debug ("Ignore control_pcsc failure.\n"); reader_table[slot].pinpad_varlen_supported = 1; } else if (vendor == VENDOR_CHERRY) { /* Cherry ST-2xxx (product == 0x003e) supports TPDU level * exchange. Other products which only support short APDU level * exchange only work with shorter keys like RSA 1024. */ reader_table[slot].pcsc.pinmax = 15; reader_table[slot].pinpad_varlen_supported = 1; } else if (vendor == VENDOR_REINER /* Tested with Reiner cyberJack GO */ || vendor == VENDOR_VASCO /* Tested with Vasco DIGIPASS 920 */ || vendor == VENDOR_FSIJ /* Tested with FSIJ Gnuk Token */ || vendor == VENDOR_KAAN /* Tested with KAAN Advanced??? */ || (vendor == VENDOR_NXP && product == CRYPTOUCAN) /* Tested with Trustica Cryptoucan */) reader_table[slot].pinpad_varlen_supported = 1; return 0; } static int pcsc_init (void) { static int pcsc_api_loaded; long err; /* Lets try the PC/SC API */ if (!pcsc_api_loaded) { void *handle; handle = dlopen (opt.pcsc_driver, RTLD_LAZY); if (!handle) { log_error ("apdu_open_reader: failed to open driver '%s': %s\n", opt.pcsc_driver, dlerror ()); return -1; } pcsc_establish_context = dlsym (handle, "SCardEstablishContext"); pcsc_release_context = dlsym (handle, "SCardReleaseContext"); pcsc_list_readers = dlsym (handle, "SCardListReaders"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_list_readers) pcsc_list_readers = dlsym (handle, "SCardListReadersA"); #endif pcsc_get_status_change = dlsym (handle, "SCardGetStatusChange"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_get_status_change) pcsc_get_status_change = dlsym (handle, "SCardGetStatusChangeA"); #endif pcsc_connect = dlsym (handle, "SCardConnect"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_connect) pcsc_connect = dlsym (handle, "SCardConnectA"); #endif pcsc_reconnect = dlsym (handle, "SCardReconnect"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_reconnect) pcsc_reconnect = dlsym (handle, "SCardReconnectA"); #endif pcsc_disconnect = dlsym (handle, "SCardDisconnect"); pcsc_status = dlsym (handle, "SCardStatus"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_status) pcsc_status = dlsym (handle, "SCardStatusA"); #endif pcsc_begin_transaction = dlsym (handle, "SCardBeginTransaction"); pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); pcsc_control = dlsym (handle, "SCardControl"); if (!pcsc_establish_context || !pcsc_release_context || !pcsc_list_readers || !pcsc_get_status_change || !pcsc_connect || !pcsc_reconnect || !pcsc_disconnect || !pcsc_status || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit || !pcsc_control /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, !!pcsc_get_status_change, !!pcsc_connect, !!pcsc_reconnect, !!pcsc_disconnect, !!pcsc_status, !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, !!pcsc_set_timeout, !!pcsc_control ); dlclose (handle); return -1; } pcsc_api_loaded = 1; } err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, &pcsc.context); if (err) { log_error ("pcsc_establish_context failed: %s (0x%lx)\n", pcsc_error_string (err), err); return -1; } return 0; } /* Open the PC/SC reader. Returns -1 on error or a slot number for the reader. */ static int open_pcsc_reader (const char *rdrname) { int slot; slot = new_reader_slot (); if (slot == -1) return -1; reader_table[slot].rdrname = xtrystrdup (rdrname); if (!reader_table[slot].rdrname) { log_error ("error allocating memory for reader name\n"); close_pcsc_reader (0); reader_table[slot].used = 0; unlock_slot (slot); return -1; } reader_table[slot].pcsc.card = 0; reader_table[slot].atrlen = 0; reader_table[slot].connect_card = connect_pcsc_card; reader_table[slot].disconnect_card = disconnect_pcsc_card; reader_table[slot].close_reader = close_pcsc_reader; reader_table[slot].reset_reader = reset_pcsc_reader; reader_table[slot].get_status_reader = pcsc_get_status; reader_table[slot].send_apdu_reader = pcsc_send_apdu; reader_table[slot].dump_status_reader = dump_pcsc_reader_status; pcsc.count++; dump_reader_status (slot); unlock_slot (slot); return slot; } /* Check whether the reader supports the ISO command code COMMAND on the pinpad. Return 0 on success. */ static int check_pcsc_pinpad (int slot, int command, pininfo_t *pininfo) { int r; if (reader_table[slot].pcsc.pinmin >= 0) pininfo->minlen = reader_table[slot].pcsc.pinmin; if (reader_table[slot].pcsc.pinmax >= 0) pininfo->maxlen = reader_table[slot].pcsc.pinmax; if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) pininfo->maxlen = 15; if ((command == ISO7816_VERIFY && reader_table[slot].pcsc.verify_ioctl != 0) || (command == ISO7816_CHANGE_REFERENCE_DATA && reader_table[slot].pcsc.modify_ioctl != 0)) r = 0; /* Success */ else r = SW_NOT_SUPPORTED; if (DBG_CARD_IO) log_debug ("check_pcsc_pinpad: command=%02X, r=%d\n", (unsigned int)command, r); if (reader_table[slot].pinpad_varlen_supported) pininfo->fixedlen = 0; return r; } #define PIN_VERIFY_STRUCTURE_SIZE 24 static int pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; unsigned char *pin_verify; int len = PIN_VERIFY_STRUCTURE_SIZE + pininfo->fixedlen; /* * The result buffer is only expected to have two-byte result on * return. However, some implementation uses this buffer for lower * layer too and it assumes that there is enough space for lower * layer communication. Such an implementation fails for TPDU * readers with "insufficient buffer", as it needs header and * trailer. Six is the number for header + result + trailer (TPDU). */ unsigned char result[6]; pcsc_dword_t resultlen = 6; if (!reader_table[slot].atrlen && (sw = reset_pcsc_reader (slot))) return sw; if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; pin_verify = xtrymalloc (len); if (!pin_verify) return SW_HOST_OUT_OF_CORE; pin_verify[0] = 0x00; /* bTimeOut */ pin_verify[1] = 0x00; /* bTimeOut2 */ pin_verify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ pin_verify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_verify[4] = 0x00; /* bmPINLengthFormat */ pin_verify[5] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_verify[6] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_verify[7] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) pin_verify[7] |= 0x01; /* Max size reached. */ pin_verify[8] = 0x01; /* bNumberMessage: One message */ pin_verify[9] = 0x09; /* wLangId: 0x0409: US English */ pin_verify[10] = 0x04; /* wLangId: 0x0409: US English */ pin_verify[11] = 0x00; /* bMsgIndex */ pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[14] = pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_verify[15] = pininfo->fixedlen + 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */ pin_verify[19] = class; /* abData[0] */ pin_verify[20] = ins; /* abData[1] */ pin_verify[21] = p0; /* abData[2] */ pin_verify[22] = p1; /* abData[3] */ pin_verify[23] = pininfo->fixedlen; /* abData[4] */ if (pininfo->fixedlen) memset (&pin_verify[24], 0xff, pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", class, ins, p0, p1, len, pininfo->maxlen); sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, pin_verify, len, result, &resultlen); xfree (pin_verify); if (sw || resultlen < 2) { log_error ("control_pcsc failed: %d\n", sw); return sw? sw: SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; if (DBG_CARD_IO) log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); return sw; } #define PIN_MODIFY_STRUCTURE_SIZE 29 static int pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { int sw; unsigned char *pin_modify; int len = PIN_MODIFY_STRUCTURE_SIZE + 2 * pininfo->fixedlen; unsigned char result[6]; /* See the comment at pinpad_verify. */ pcsc_dword_t resultlen = 6; if (!reader_table[slot].atrlen && (sw = reset_pcsc_reader (slot))) return sw; if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return SW_NOT_SUPPORTED; pin_modify = xtrymalloc (len); if (!pin_modify) return SW_HOST_OUT_OF_CORE; pin_modify[0] = 0x00; /* bTimeOut */ pin_modify[1] = 0x00; /* bTimeOut2 */ pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ pin_modify[3] = pininfo->fixedlen; /* bmPINBlockString */ pin_modify[4] = 0x00; /* bmPINLengthFormat */ pin_modify[5] = 0x00; /* bInsertionOffsetOld */ pin_modify[6] = pininfo->fixedlen; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_modify[9] = (p0 == 0 ? 0x03 : 0x01); /* bConfirmPIN * 0x00: new PIN once * 0x01: new PIN twice (confirmation) * 0x02: old PIN and new PIN once * 0x03: old PIN and new PIN twice (confirmation) */ pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) pin_modify[10] |= 0x01; /* Max size reached. */ pin_modify[11] = 0x03; /* bNumberMessage: Three messages */ pin_modify[12] = 0x09; /* wLangId: 0x0409: US English */ pin_modify[13] = 0x04; /* wLangId: 0x0409: US English */ pin_modify[14] = 0x00; /* bMsgIndex1 */ pin_modify[15] = 0x01; /* bMsgIndex2 */ pin_modify[16] = 0x02; /* bMsgIndex3 */ pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[19] = 2 * pininfo->fixedlen + 0x05; /* bTeoPrologue[2] */ pin_modify[20] = 2 * pininfo->fixedlen + 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */ pin_modify[24] = class; /* abData[0] */ pin_modify[25] = ins; /* abData[1] */ pin_modify[26] = p0; /* abData[2] */ pin_modify[27] = p1; /* abData[3] */ pin_modify[28] = 2 * pininfo->fixedlen; /* abData[4] */ if (pininfo->fixedlen) memset (&pin_modify[29], 0xff, 2 * pininfo->fixedlen); if (DBG_CARD_IO) log_debug ("send secure: c=%02X i=%02X p1=%02X p2=%02X len=%d pinmax=%d\n", class, ins, p0, p1, len, (int)pininfo->maxlen); sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, pin_modify, len, result, &resultlen); xfree (pin_modify); if (sw || resultlen < 2) { log_error ("control_pcsc failed: %d\n", sw); return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; if (DBG_CARD_IO) log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); return sw; } #ifdef HAVE_LIBUSB /* Internal CCID driver interface. */ static void dump_ccid_reader_status (int slot) { log_info ("reader slot %d: using ccid driver\n", slot); } static int close_ccid_reader (int slot) { ccid_close_reader (reader_table[slot].ccid.handle); reader_table[slot].ccid.handle = NULL; return 0; } static int reset_ccid_reader (int slot) { int err; reader_table_t slotp = reader_table + slot; unsigned char atr[33]; size_t atrlen; err = ccid_get_atr (slotp->ccid.handle, atr, sizeof atr, &atrlen); if (err) return err; /* If the reset was successful, update the ATR. */ - assert (sizeof slotp->atr >= sizeof atr); + log_assert (sizeof slotp->atr >= sizeof atr); slotp->atrlen = atrlen; memcpy (slotp->atr, atr, atrlen); dump_reader_status (slot); return 0; } static int set_progress_cb_ccid_reader (int slot, gcry_handler_progress_t cb, void *cb_arg) { reader_table_t slotp = reader_table + slot; return ccid_set_progress_cb (slotp->ccid.handle, cb, cb_arg); } static int set_prompt_cb_ccid_reader (int slot, void (*cb) (void *, int ), void *cb_arg) { reader_table_t slotp = reader_table + slot; return ccid_set_prompt_cb (slotp->ccid.handle, cb, cb_arg); } static int get_status_ccid (int slot, unsigned int *status, int on_wire) { int rc; int bits; rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits, on_wire); if (rc) return rc; if (bits == 0) *status = (APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE); else if (bits == 1) *status = APDU_CARD_PRESENT; else *status = 0; return 0; } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be set to BUFLEN. Returns: Internal CCID driver error code. */ static int send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { long err; size_t maxbuflen; /* If we don't have an ATR, we need to reset the reader first. */ if (!reader_table[slot].atrlen && (err = reset_ccid_reader (slot))) return err; if (DBG_CARD_IO) log_printhex (apdu, apdulen, " raw apdu:"); maxbuflen = *buflen; if (pininfo) err = ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, apdulen, pininfo, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, apdu, apdulen, buffer, maxbuflen, buflen); if (err) log_error ("ccid_transceive failed: (0x%lx)\n", err); return err; } /* Check whether the CCID reader supports the ISO command code COMMAND on the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int check_ccid_pinpad (int slot, int command, pininfo_t *pininfo) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, pininfo, NULL, 0, NULL); } static int ccid_pinpad_operation (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { unsigned char apdu[4]; int err, sw; unsigned char result[2]; size_t resultlen = 2; apdu[0] = class; apdu[1] = ins; apdu[2] = p0; apdu[3] = p1; err = ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, pininfo, result, 2, &resultlen); if (err) return err; if (resultlen < 2) return SW_HOST_INCOMPLETE_CARD_RESPONSE; sw = (result[resultlen-2] << 8) | result[resultlen-1]; return sw; } /* Open the reader and try to read an ATR. */ static int open_ccid_reader (struct dev_list *dl, int *r_cciderr) { int err; int slot; int require_get_status; reader_table_t slotp; *r_cciderr = 0; slot = new_reader_slot (); if (slot == -1) return -1; slotp = reader_table + slot; err = ccid_open_reader (dl->portstr, dl->idx, dl->table, &slotp->ccid.handle, &slotp->rdrname); if (!err) { err = ccid_get_atr (slotp->ccid.handle, slotp->atr, sizeof slotp->atr, &slotp->atrlen); if (err) { ccid_close_reader (slotp->ccid.handle); slotp->ccid.handle = NULL; } } if (err) { slotp->used = 0; unlock_slot (slot); *r_cciderr = err; return -1; } require_get_status = ccid_require_get_status (slotp->ccid.handle); reader_table[slot].close_reader = close_ccid_reader; reader_table[slot].reset_reader = reset_ccid_reader; reader_table[slot].get_status_reader = get_status_ccid; reader_table[slot].send_apdu_reader = send_apdu_ccid; reader_table[slot].check_pinpad = check_ccid_pinpad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader; reader_table[slot].set_prompt_cb = set_prompt_cb_ccid_reader; reader_table[slot].pinpad_verify = ccid_pinpad_operation; reader_table[slot].pinpad_modify = ccid_pinpad_operation; /* Our CCID reader code does not support T=0 at all, thus reset the flag. */ reader_table[slot].is_t0 = 0; reader_table[slot].require_get_status = require_get_status; dump_reader_status (slot); unlock_slot (slot); return slot; } #endif /* HAVE_LIBUSB */ #ifdef USE_G10CODE_RAPDU /* The Remote APDU Interface. This uses the Remote APDU protocol to contact a reader. The port number is actually an index into the list of ports as returned via the protocol. */ static int rapdu_status_to_sw (int status) { int rc; switch (status) { case RAPDU_STATUS_SUCCESS: rc = 0; break; case RAPDU_STATUS_INVCMD: case RAPDU_STATUS_INVPROT: case RAPDU_STATUS_INVSEQ: case RAPDU_STATUS_INVCOOKIE: case RAPDU_STATUS_INVREADER: rc = SW_HOST_INV_VALUE; break; case RAPDU_STATUS_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; case RAPDU_STATUS_CARDIO: rc = SW_HOST_CARD_IO_ERROR; break; case RAPDU_STATUS_NOCARD: rc = SW_HOST_NO_CARD; break; case RAPDU_STATUS_CARDCHG: rc = SW_HOST_NO_CARD; break; case RAPDU_STATUS_BUSY: rc = SW_HOST_BUSY; break; case RAPDU_STATUS_NEEDRESET: rc = SW_HOST_CARD_INACTIVE; break; default: rc = SW_HOST_GENERAL_ERROR; break; } return rc; } static int close_rapdu_reader (int slot) { rapdu_release (reader_table[slot].rapdu.handle); return 0; } static int reset_rapdu_reader (int slot) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; slotp = reader_table + slot; err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET); if (err) { log_error ("sending rapdu command RESET failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command RESET failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } if (msg->datalen > DIM (slotp->atr)) { log_error ("ATR returned by the RAPDU layer is too large\n"); rapdu_msg_release (msg); return SW_HOST_INV_VALUE; } slotp->atrlen = msg->datalen; memcpy (slotp->atr, msg->data, msg->datalen); rapdu_msg_release (msg); return 0; } static int my_rapdu_get_status (int slot, unsigned int *status, int on_wire) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; int oldslot; (void)on_wire; slotp = reader_table + slot; oldslot = rapdu_set_reader (slotp->rapdu.handle, slot); err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_STATUS); rapdu_set_reader (slotp->rapdu.handle, oldslot); if (err) { log_error ("sending rapdu command GET_STATUS failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command GET_STATUS failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } *status = msg->data[0]; rapdu_msg_release (msg); return 0; } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be set to BUFLEN. Returns: APDU error code. */ static int my_rapdu_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; size_t maxlen = *buflen; slotp = reader_table + slot; *buflen = 0; if (DBG_CARD_IO) log_printhex (apdu, apdulen, " APDU_data:"); if (apdulen < 4) { log_error ("rapdu_send_apdu: APDU is too short\n"); return SW_HOST_INV_VALUE; } err = rapdu_send_apdu (slotp->rapdu.handle, apdu, apdulen); if (err) { log_error ("sending rapdu command APDU failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command APDU failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } if (msg->datalen > maxlen) { log_error ("rapdu response apdu too large\n"); rapdu_msg_release (msg); return SW_HOST_INV_VALUE; } *buflen = msg->datalen; memcpy (buffer, msg->data, msg->datalen); rapdu_msg_release (msg); return 0; } static int open_rapdu_reader (int portno, const unsigned char *cookie, size_t length, int (*readfnc) (void *opaque, void *buffer, size_t size), void *readfnc_value, int (*writefnc) (void *opaque, const void *buffer, size_t size), void *writefnc_value, void (*closefnc) (void *opaque), void *closefnc_value) { int err; int slot; reader_table_t slotp; rapdu_msg_t msg = NULL; slot = new_reader_slot (); if (slot == -1) return -1; slotp = reader_table + slot; slotp->rapdu.handle = rapdu_new (); if (!slotp->rapdu.handle) { slotp->used = 0; unlock_slot (slot); return -1; } rapdu_set_reader (slotp->rapdu.handle, portno); rapdu_set_iofunc (slotp->rapdu.handle, readfnc, readfnc_value, writefnc, writefnc_value, closefnc, closefnc_value); rapdu_set_cookie (slotp->rapdu.handle, cookie, length); /* First try to get the current ATR, but if the card is inactive issue a reset instead. */ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_ATR); if (err == RAPDU_STATUS_NEEDRESET) err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET); if (err) { log_info ("sending rapdu command GET_ATR/RESET failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); goto failure; } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_info ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); goto failure; } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { log_info ("rapdu command GET ATR failed: %s\n", rapdu_strerror (msg->cmd)); goto failure; } if (msg->datalen > DIM (slotp->atr)) { log_error ("ATR returned by the RAPDU layer is too large\n"); goto failure; } slotp->atrlen = msg->datalen; memcpy (slotp->atr, msg->data, msg->datalen); reader_table[slot].close_reader = close_rapdu_reader; reader_table[slot].reset_reader = reset_rapdu_reader; reader_table[slot].get_status_reader = my_rapdu_get_status; reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; reader_table[slot].check_pinpad = NULL; reader_table[slot].dump_status_reader = NULL; reader_table[slot].pinpad_verify = NULL; reader_table[slot].pinpad_modify = NULL; dump_reader_status (slot); rapdu_msg_release (msg); unlock_slot (slot); return slot; failure: rapdu_msg_release (msg); rapdu_release (slotp->rapdu.handle); slotp->used = 0; unlock_slot (slot); return -1; } #endif /*USE_G10CODE_RAPDU*/ /* Driver Access */ gpg_error_t apdu_dev_list_start (const char *portstr, struct dev_list **l_p) { struct dev_list *dl = xtrymalloc (sizeof (struct dev_list)); gpg_error_t err; *l_p = NULL; if (!dl) return gpg_error_from_syserror (); dl->table = NULL; dl->portstr = portstr; dl->idx = 0; dl->idx_max = 0; npth_mutex_lock (&reader_table_lock); #ifdef HAVE_LIBUSB if (!opt.disable_ccid) { err = ccid_dev_scan (&dl->idx_max, &dl->table); if (err) { npth_mutex_unlock (&reader_table_lock); return err; } if (dl->idx_max == 0) { if (DBG_READER) log_debug ("leave: apdu_open_reader => slot=-1 (no ccid)\n"); xfree (dl); npth_mutex_unlock (&reader_table_lock); return gpg_error (GPG_ERR_ENODEV); } } else #endif { /* PC/SC readers. */ long r; pcsc_dword_t nreader; char *p = NULL; if (!pcsc.context) if (pcsc_init () < 0) { npth_mutex_unlock (&reader_table_lock); return gpg_error (GPG_ERR_NO_SERVICE); } r = pcsc_list_readers (pcsc.context, NULL, NULL, &nreader); if (!r) { p = xtrymalloc (nreader); if (!p) { err = gpg_error_from_syserror (); log_error ("error allocating memory for reader list\n"); close_pcsc_reader (0); npth_mutex_unlock (&reader_table_lock); return err; } r = pcsc_list_readers (pcsc.context, NULL, p, &nreader); } if (r) { log_error ("pcsc_list_readers failed: %s (0x%lx)\n", pcsc_error_string (r), r); xfree (p); close_pcsc_reader (0); npth_mutex_unlock (&reader_table_lock); return iso7816_map_sw (pcsc_error_to_sw (r)); } dl->table = p; dl->idx_max = 0; while (nreader > 0) { size_t n; if (!*p) break; for (n = 0; n < nreader; n++) if (!p[n]) break; if (n >= nreader) { log_error ("invalid response from pcsc_list_readers\n"); break; } log_info ("detected reader '%s'\n", p); pcsc.rdrname[dl->idx_max] = p; nreader -= n + 1; p += n + 1; dl->idx_max++; if (dl->idx_max > MAX_READER) { log_error ("too many readers from pcsc_list_readers\n"); dl->idx_max--; break; } } } *l_p = dl; return 0; } void apdu_dev_list_finish (struct dev_list *dl) { #ifdef HAVE_LIBUSB if (!opt.disable_ccid) { if (dl->table) ccid_dev_scan_finish (dl->table, dl->idx_max); } else #endif { /* PC/SC readers. */ int i; xfree (dl->table); for (i = 0; i < MAX_READER; i++) pcsc.rdrname[i] = NULL; if (pcsc.count == 0) { pcsc_release_context (pcsc.context); pcsc.context = 0; } } xfree (dl); npth_mutex_unlock (&reader_table_lock); } int apdu_open_reader (struct dev_list *dl) { int slot; int readerno; if (!dl->table) return -1; /* See whether we want to use the reader ID string or a reader number. A readerno of -1 indicates that the reader ID string is to be used. */ if (dl->portstr && strchr (dl->portstr, ':')) readerno = -1; /* We want to use the readerid. */ else if (dl->portstr) { readerno = atoi (dl->portstr); if (readerno < 0 || readerno >= dl->idx_max) return -1; dl->idx = readerno; dl->portstr = NULL; } else readerno = 0; /* Default. */ #ifdef HAVE_LIBUSB if (!opt.disable_ccid) { /* CCID readers. */ int cciderr; if (readerno > 0) { /* Use single, the specific reader. */ slot = open_ccid_reader (dl, &cciderr); /* And stick the reader and no scan. */ dl->idx = dl->idx_max; return slot; } while (dl->idx < dl->idx_max) { unsigned int bai = ccid_get_BAI (dl->idx, dl->table); if (DBG_READER) log_debug ("apdu_open_reader: BAI=%x\n", bai); /* Check identity by BAI against already opened HANDLEs. */ for (slot = 0; slot < MAX_READER; slot++) if (reader_table[slot].used && reader_table[slot].ccid.handle && ccid_compare_BAI (reader_table[slot].ccid.handle, bai)) break; if (slot == MAX_READER) { /* Found a new device. */ if (DBG_READER) log_debug ("apdu_open_reader: new device=%x\n", bai); slot = open_ccid_reader (dl, &cciderr); dl->idx++; if (slot >= 0) return slot; else { /* Skip this reader. */ log_error ("ccid open error: skip\n"); if (cciderr == CCID_DRIVER_ERR_USB_ACCESS) log_info ("check permission of USB device at" " Bus %03d Device %03d\n", ((bai >> 16) & 0xff), ((bai >> 8) & 0xff)); continue; } } else dl->idx++; } /* Not found. */ slot = -1; } else #endif { /* PC/SC readers. */ if (readerno > 0) { /* Use single, the specific reader. */ slot = open_pcsc_reader (pcsc.rdrname[readerno]); /* And stick the reader and no scan. */ dl->idx = dl->idx_max; return slot; } while (dl->idx < dl->idx_max) { const char *rdrname = pcsc.rdrname[dl->idx]; if (DBG_READER) log_debug ("apdu_open_reader: %s\n", rdrname); /* Check the identity of reader against already opened one. */ for (slot = 0; slot < MAX_READER; slot++) if (reader_table[slot].used && !strcmp (reader_table[slot].rdrname, rdrname)) break; if (slot == MAX_READER) { /* Found a new device. */ if (DBG_READER) log_debug ("apdu_open_reader: new device=%s\n", rdrname); /* When reader string is specified, check if it is the one. */ if (readerno < 0 && strcmp (rdrname, dl->portstr) != 0) continue; slot = open_pcsc_reader (rdrname); dl->idx++; if (slot >= 0) return slot; else { /* Skip this reader. */ log_error ("pcsc open error: skip\n"); continue; } } else dl->idx++; } /* Not found. */ slot = -1; } return slot; } /* Open an remote reader and return an internal slot number or -1 on error. This function is an alternative to apdu_open_reader and used with remote readers only. Note that the supplied CLOSEFNC will only be called once and the slot will not be valid afther this. If PORTSTR is NULL we default to the first available port. */ int apdu_open_remote_reader (const char *portstr, const unsigned char *cookie, size_t length, int (*readfnc) (void *opaque, void *buffer, size_t size), void *readfnc_value, int (*writefnc) (void *opaque, const void *buffer, size_t size), void *writefnc_value, void (*closefnc) (void *opaque), void *closefnc_value) { #ifdef USE_G10CODE_RAPDU return open_rapdu_reader (portstr? atoi (portstr) : 0, cookie, length, readfnc, readfnc_value, writefnc, writefnc_value, closefnc, closefnc_value); #else (void)portstr; (void)cookie; (void)length; (void)readfnc; (void)readfnc_value; (void)writefnc; (void)writefnc_value; (void)closefnc; (void)closefnc_value; #ifdef _WIN32 errno = ENOENT; #else errno = ENOSYS; #endif return -1; #endif } int apdu_close_reader (int slot) { int sw; if (DBG_READER) log_debug ("enter: apdu_close_reader: slot=%d\n", slot); if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) { if (DBG_READER) log_debug ("leave: apdu_close_reader => SW_HOST_NO_DRIVER\n"); return SW_HOST_NO_DRIVER; } sw = apdu_disconnect (slot); if (sw) { /* * When the reader/token was removed it might come here. * It should go through to call CLOSE_READER even if we got an error. */ if (DBG_READER) log_debug ("apdu_close_reader => 0x%x (apdu_disconnect)\n", sw); } if (reader_table[slot].close_reader) { sw = reader_table[slot].close_reader (slot); reader_table[slot].used = 0; if (DBG_READER) log_debug ("leave: apdu_close_reader => 0x%x (close_reader)\n", sw); return sw; } xfree (reader_table[slot].rdrname); reader_table[slot].rdrname = NULL; reader_table[slot].used = 0; if (DBG_READER) log_debug ("leave: apdu_close_reader => SW_HOST_NOT_SUPPORTED\n"); return SW_HOST_NOT_SUPPORTED; } /* Function suitable for a cleanup function to close all reader. It should not be used if the reader will be opened again. The reason for implementing this to properly close USB devices so that they will startup the next time without error. */ void apdu_prepare_exit (void) { static int sentinel; int slot; if (!sentinel) { sentinel = 1; npth_mutex_lock (&reader_table_lock); for (slot = 0; slot < MAX_READER; slot++) if (reader_table[slot].used) { apdu_disconnect (slot); if (reader_table[slot].close_reader) reader_table[slot].close_reader (slot); xfree (reader_table[slot].rdrname); reader_table[slot].rdrname = NULL; reader_table[slot].used = 0; } npth_mutex_unlock (&reader_table_lock); sentinel = 0; } } /* Enumerate all readers and return information on whether this reader is in use. The caller should start with SLOT set to 0 and increment it with each call until an error is returned. */ int apdu_enum_reader (int slot, int *used) { if (slot < 0 || slot >= MAX_READER) return SW_HOST_NO_DRIVER; *used = reader_table[slot].used; return 0; } /* Connect a card. This is used to power up the card and make sure that an ATR is available. Depending on the reader backend it may return an error for an inactive card or if no card is available. Return -1 on error. Return 1 if reader requires get_status to watch card removal. Return 0 if it's a token (always with a card), or it supports INTERRUPT endpoint to watch card removal. */ int apdu_connect (int slot) { int sw = 0; unsigned int status = 0; if (DBG_READER) log_debug ("enter: apdu_connect: slot=%d\n", slot); if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) { if (DBG_READER) log_debug ("leave: apdu_connect => SW_HOST_NO_DRIVER\n"); return -1; } /* Only if the access method provides a connect function we use it. If not, we expect that the card has been implicitly connected by apdu_open_reader. */ if (reader_table[slot].connect_card) { sw = lock_slot (slot); if (!sw) { sw = reader_table[slot].connect_card (slot); unlock_slot (slot); } } /* We need to call apdu_get_status_internal, so that the last-status machinery gets setup properly even if a card is inserted while scdaemon is fired up and apdu_get_status has not yet been called. Without that we would force a reset of the card with the next call to apdu_get_status. */ if (!sw) sw = apdu_get_status_internal (slot, 1, &status, 1); if (sw) ; else if (!(status & APDU_CARD_PRESENT)) sw = SW_HOST_NO_CARD; else if ((status & APDU_CARD_PRESENT) && !(status & APDU_CARD_ACTIVE)) sw = SW_HOST_CARD_INACTIVE; if (sw == SW_HOST_CARD_INACTIVE) { /* Try power it up again. */ sw = apdu_reset (slot); } if (DBG_READER) log_debug ("leave: apdu_connect => sw=0x%x\n", sw); if (sw) return -1; return reader_table[slot].require_get_status; } int apdu_disconnect (int slot) { int sw; if (DBG_READER) log_debug ("enter: apdu_disconnect: slot=%d\n", slot); if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) { if (DBG_READER) log_debug ("leave: apdu_disconnect => SW_HOST_NO_DRIVER\n"); return SW_HOST_NO_DRIVER; } if (reader_table[slot].disconnect_card) { sw = lock_slot (slot); if (!sw) { sw = reader_table[slot].disconnect_card (slot); unlock_slot (slot); } } else sw = 0; if (DBG_READER) log_debug ("leave: apdu_disconnect => sw=0x%x\n", sw); return sw; } /* Set the progress callback of SLOT to CB and its args to CB_ARG. If CB is NULL the progress callback is removed. */ int apdu_set_progress_cb (int slot, gcry_handler_progress_t cb, void *cb_arg) { int sw; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].set_progress_cb) { sw = lock_slot (slot); if (!sw) { sw = reader_table[slot].set_progress_cb (slot, cb, cb_arg); unlock_slot (slot); } } else sw = 0; return sw; } int apdu_set_prompt_cb (int slot, void (*cb) (void *, int), void *cb_arg) { int sw; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].set_prompt_cb) { sw = lock_slot (slot); if (!sw) { sw = reader_table[slot].set_prompt_cb (slot, cb, cb_arg); unlock_slot (slot); } } else sw = 0; return sw; } /* Do a reset for the card in reader at SLOT. */ int apdu_reset (int slot) { int sw; if (DBG_READER) log_debug ("enter: apdu_reset: slot=%d\n", slot); if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) { if (DBG_READER) log_debug ("leave: apdu_reset => SW_HOST_NO_DRIVER\n"); return SW_HOST_NO_DRIVER; } if ((sw = lock_slot (slot))) { if (DBG_READER) log_debug ("leave: apdu_reset => sw=0x%x (lock_slot)\n", sw); return sw; } if (reader_table[slot].reset_reader) sw = reader_table[slot].reset_reader (slot); unlock_slot (slot); if (DBG_READER) log_debug ("leave: apdu_reset => sw=0x%x\n", sw); return sw; } /* Return the ATR or NULL if none is available. On success the length of the ATR is stored at ATRLEN. The caller must free the returned value. */ unsigned char * apdu_get_atr (int slot, size_t *atrlen) { unsigned char *buf; if (DBG_READER) log_debug ("enter: apdu_get_atr: slot=%d\n", slot); if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) { if (DBG_READER) log_debug ("leave: apdu_get_atr => NULL (bad slot)\n"); return NULL; } if (!reader_table[slot].atrlen) { if (DBG_READER) log_debug ("leave: apdu_get_atr => NULL (no ATR)\n"); return NULL; } buf = xtrymalloc (reader_table[slot].atrlen); if (!buf) { if (DBG_READER) log_debug ("leave: apdu_get_atr => NULL (out of core)\n"); return NULL; } memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen); *atrlen = reader_table[slot].atrlen; if (DBG_READER) log_debug ("leave: apdu_get_atr => atrlen=%zu\n", *atrlen); return buf; } /* Retrieve the status for SLOT. The function does only wait for the card to become available if HANG is set to true. On success the bits in STATUS will be set to APDU_CARD_USABLE (bit 0) = card present and usable APDU_CARD_PRESENT (bit 1) = card present APDU_CARD_ACTIVE (bit 2) = card active (bit 3) = card access locked [not yet implemented] For most applications, testing bit 0 is sufficient. */ static int apdu_get_status_internal (int slot, int hang, unsigned int *status, int on_wire) { int sw; unsigned int s = 0; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if ((sw = hang? lock_slot (slot) : trylock_slot (slot))) return sw; if (reader_table[slot].get_status_reader) sw = reader_table[slot].get_status_reader (slot, &s, on_wire); unlock_slot (slot); if (sw) { if (on_wire) reader_table[slot].atrlen = 0; s = 0; } if (status) *status = s; return sw; } /* See above for a description. */ int apdu_get_status (int slot, int hang, unsigned int *status) { int sw; if (DBG_READER) log_debug ("enter: apdu_get_status: slot=%d hang=%d\n", slot, hang); sw = apdu_get_status_internal (slot, hang, status, 0); if (DBG_READER) { if (status) log_debug ("leave: apdu_get_status => sw=0x%x status=%u\n", sw, *status); else log_debug ("leave: apdu_get_status => sw=0x%x\n", sw); } return sw; } /* Check whether the reader supports the ISO command code COMMAND on the pinpad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int apdu_check_pinpad (int slot, int command, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (opt.enable_pinpad_varlen) pininfo->fixedlen = 0; if (reader_table[slot].check_pinpad) { int sw; if ((sw = lock_slot (slot))) return sw; sw = reader_table[slot].check_pinpad (slot, command, pininfo); unlock_slot (slot); return sw; } else return SW_HOST_NOT_SUPPORTED; } int apdu_pinpad_verify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].pinpad_verify) { int sw; if ((sw = lock_slot (slot))) return sw; sw = reader_table[slot].pinpad_verify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; } else return SW_HOST_NOT_SUPPORTED; } int apdu_pinpad_modify (int slot, int class, int ins, int p0, int p1, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].pinpad_modify) { int sw; if ((sw = lock_slot (slot))) return sw; sw = reader_table[slot].pinpad_modify (slot, class, ins, p0, p1, pininfo); unlock_slot (slot); return sw; } else return SW_HOST_NOT_SUPPORTED; } /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].send_apdu_reader) return reader_table[slot].send_apdu_reader (slot, apdu, apdulen, buffer, buflen, pininfo); else return SW_HOST_NOT_SUPPORTED; } /* Core APDU transceiver function. Parameters are described at apdu_send_le with the exception of PININFO which indicates pinpad related operations if not NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used according to these values: n < 0 := Use command chaining with the data part limited to -n in each chunk. If -1 is used a default value is used. n == 0 := No extended mode or command chaining. n == 1 := Use extended length for input and output without a length limit. n > 1 := Use extended length with up to N bytes. */ static int send_le (int slot, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen, pininfo_t *pininfo, int extended_mode) { #define SHORT_RESULT_BUFFER_SIZE 258 /* We allocate 8 extra bytes as a safety margin towards a driver bug. */ unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; unsigned char *result_buffer = NULL; size_t result_buffer_size; unsigned char *result; size_t resultlen; unsigned char short_apdu_buffer[5+256+1]; unsigned char *apdu_buffer = NULL; size_t apdu_buffer_size; unsigned char *apdu; size_t apdulen; int sw; long rc; /* We need a long here due to PC/SC. */ int did_exact_length_hack = 0; int use_chaining = 0; int use_extended_length = 0; int lc_chunk; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (DBG_CARD_IO) log_debug ("send apdu: c=%02X i=%02X p1=%02X p2=%02X lc=%d le=%d em=%d\n", class, ins, p0, p1, lc, le, extended_mode); if (lc != -1 && (lc > 255 || lc < 0)) { /* Data does not fit into an APDU. What we do now depends on the EXTENDED_MODE parameter. */ if (!extended_mode) return SW_WRONG_LENGTH; /* No way to send such an APDU. */ else if (extended_mode > 0) use_extended_length = 1; else if (extended_mode < 0) { /* Send APDU using chaining mode. */ if (lc > 16384) return SW_WRONG_LENGTH; /* Sanity check. */ if ((class&0xf0) != 0) return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */ use_chaining = extended_mode == -1? 255 : -extended_mode; use_chaining &= 0xff; } else return SW_HOST_INV_VALUE; } else if (lc == -1 && extended_mode > 0) use_extended_length = 1; if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0)) { /* Expected Data does not fit into an APDU. What we do now depends on the EXTENDED_MODE parameter. Note that a check for command chaining does not make sense because we are looking at Le. */ if (!extended_mode) return SW_WRONG_LENGTH; /* No way to send such an APDU. */ else if (use_extended_length) ; /* We are already using extended length. */ else if (extended_mode > 0) use_extended_length = 1; else return SW_HOST_INV_VALUE; } if ((!data && lc != -1) || (data && lc == -1)) return SW_HOST_INV_VALUE; if (use_extended_length) { if (reader_table[slot].is_t0) return SW_HOST_NOT_SUPPORTED; /* Space for: cls/ins/p1/p2+Z+2_byte_Lc+Lc+2_byte_Le. */ apdu_buffer_size = 4 + 1 + (lc >= 0? (2+lc):0) + 2; apdu_buffer = xtrymalloc (apdu_buffer_size + 10); if (!apdu_buffer) return SW_HOST_OUT_OF_CORE; apdu = apdu_buffer; } else { apdu_buffer_size = sizeof short_apdu_buffer; apdu = short_apdu_buffer; } if (use_extended_length && (le > 256 || le < 0)) { /* Two more bytes are needed for status bytes. */ result_buffer_size = le < 0? 4096 : (le + 2); result_buffer = xtrymalloc (result_buffer_size); if (!result_buffer) { xfree (apdu_buffer); return SW_HOST_OUT_OF_CORE; } result = result_buffer; } else { result_buffer_size = SHORT_RESULT_BUFFER_SIZE; result = short_result_buffer; } #undef SHORT_RESULT_BUFFER_SIZE if ((sw = lock_slot (slot))) { xfree (apdu_buffer); xfree (result_buffer); return sw; } do { if (use_extended_length) { use_chaining = 0; apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = ins; apdu[apdulen++] = p0; apdu[apdulen++] = p1; if (lc > 0) { apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((lc >> 8) & 0xff); apdu[apdulen++] = (lc & 0xff); memcpy (apdu+apdulen, data, lc); data += lc; apdulen += lc; } if (le != -1) { if (lc <= 0) apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((le >> 8) & 0xff); apdu[apdulen++] = (le & 0xff); } } else { apdulen = 0; apdu[apdulen] = class; if (use_chaining && lc > 255) { apdu[apdulen] |= 0x10; - assert (use_chaining < 256); + log_assert (use_chaining < 256); lc_chunk = use_chaining; lc -= use_chaining; } else { use_chaining = 0; lc_chunk = lc; } apdulen++; apdu[apdulen++] = ins; apdu[apdulen++] = p0; apdu[apdulen++] = p1; if (lc_chunk != -1) { apdu[apdulen++] = lc_chunk; memcpy (apdu+apdulen, data, lc_chunk); data += lc_chunk; apdulen += lc_chunk; /* T=0 does not allow the use of Lc together with Le; thus disable Le in this case. */ if (reader_table[slot].is_t0) le = -1; } if (le != -1 && !use_chaining) apdu[apdulen++] = le; /* Truncation is okay (0 means 256). */ } exact_length_hack: /* As a safeguard don't pass any garbage to the driver. */ - assert (apdulen <= apdu_buffer_size); + log_assert (apdulen <= apdu_buffer_size); memset (apdu+apdulen, 0, apdu_buffer_size - apdulen); resultlen = result_buffer_size; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo); if (rc || resultlen < 2) { log_info ("apdu_send_simple(%d) failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); xfree (apdu_buffer); xfree (result_buffer); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; if (!use_extended_length && !did_exact_length_hack && SW_EXACT_LENGTH_P (sw)) { apdu[apdulen-1] = (sw & 0x00ff); did_exact_length_hack = 1; goto exact_length_hack; } } while (use_chaining && sw == SW_SUCCESS); if (apdu_buffer) { xfree (apdu_buffer); apdu_buffer = NULL; } /* Store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) { log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA)) { if (all_zero_p (result, resultlen)) log_debug (" dump: [all zero]\n"); else log_printhex (result, resultlen, " dump:"); } } if (sw == SW_SUCCESS || sw == SW_EOF_REACHED) { if (retbuf) { *retbuf = xtrymalloc (resultlen? resultlen : 1); if (!*retbuf) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } *retbuflen = resultlen; memcpy (*retbuf, result, resultlen); } } else if ((sw & 0xff00) == SW_MORE_DATA) { unsigned char *p = NULL, *tmp; size_t bufsize = 4096; /* It is likely that we need to return much more data, so we start off with a large buffer. */ if (retbuf) { *retbuf = p = xtrymalloc (bufsize); if (!*retbuf) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } - assert (resultlen < bufsize); + log_assert (resultlen < bufsize); memcpy (p, result, resultlen); p += resultlen; } do { int len = (sw & 0x00ff); if (DBG_CARD_IO) log_debug ("apdu_send_simple(%d): %d more bytes available\n", slot, len); apdu_buffer_size = sizeof short_apdu_buffer; apdu = short_apdu_buffer; apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = 0xC0; apdu[apdulen++] = 0; apdu[apdulen++] = 0; apdu[apdulen++] = len; - assert (apdulen <= apdu_buffer_size); + log_assert (apdulen <= apdu_buffer_size); memset (apdu+apdulen, 0, apdu_buffer_size - apdulen); resultlen = result_buffer_size; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); if (rc || resultlen < 2) { log_error ("apdu_send_simple(%d) for get response failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); xfree (result_buffer); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; resultlen -= 2; if (DBG_CARD_IO) { log_debug (" more: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA)) { if (all_zero_p (result, resultlen)) log_debug ( " dump: [all zero]\n"); else log_printhex (result, resultlen, " dump:"); } } if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS || sw == SW_EOF_REACHED ) { if (retbuf && resultlen) { if (p - *retbuf + resultlen > bufsize) { bufsize += resultlen > 4096? resultlen: 4096; tmp = xtryrealloc (*retbuf, bufsize); if (!tmp) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } p = tmp + (p - *retbuf); *retbuf = tmp; } memcpy (p, result, resultlen); p += resultlen; } } else log_info ("apdu_send_simple(%d) " "got unexpected status %04X from get response\n", slot, sw); } while ((sw & 0xff00) == SW_MORE_DATA); if (retbuf) { *retbuflen = p - *retbuf; tmp = xtryrealloc (*retbuf, *retbuflen); if (tmp) *retbuf = tmp; } } unlock_slot (slot); xfree (result_buffer); if (DBG_CARD_IO && retbuf && sw == SW_SUCCESS) { if (all_zero_p (*retbuf, *retbuflen)) log_debug (" dump: [all zero]\n"); else log_printhex (*retbuf, *retbuflen, " dump:"); } return sw; } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA, LE. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used; see send_le for details. The return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of that data will be put into *RETBUFLEN. The caller is responsible for releasing the buffer even in case of errors. */ int apdu_send_le(int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen) { return send_le (slot, class, ins, p0, p1, lc, data, le, retbuf, retbuflen, NULL, extended_mode); } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used; see send_le for details. The return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of that data will be put into *RETBUFLEN. The caller is responsible for releasing the buffer even in case of errors. */ int apdu_send (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data, unsigned char **retbuf, size_t *retbuflen) { return send_le (slot, class, ins, p0, p1, lc, data, 256, retbuf, retbuflen, NULL, extended_mode); } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. If EXTENDED_MODE is not 0 command chaining or extended length will be used; see send_le for details. The return value is the status word or -1 for an invalid SLOT or other non card related error. No data will be returned. */ int apdu_send_simple (int slot, int extended_mode, int class, int ins, int p0, int p1, int lc, const char *data) { return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL, extended_mode); } /* This is a more generic version of the apdu sending routine. It * takes an already formatted APDU in APDUDATA or length APDUDATALEN * and returns with an APDU including the status word. With * HANDLE_MORE set to true this function will handle the MORE DATA * status and return all APDUs concatenated with one status word at * the end. If EXTENDED_LENGTH is != 0 extended lengths are allowed * with a max. result data length of EXTENDED_LENGTH bytes. The * function does not return a regular status word but 0 on success. * If the slot is locked, the function returns immediately with an * error. * * Out of historical reasons the function returns 0 on success and * outs the status word at the end of the result to be able to get the * status word in the case of a not provided RETBUF, R_SW can be used * to store the SW. But note that R_SW qill only be set if the * function returns 0. */ int apdu_send_direct (int slot, size_t extended_length, const unsigned char *apdudata, size_t apdudatalen, int handle_more, unsigned int *r_sw, unsigned char **retbuf, size_t *retbuflen) { #define SHORT_RESULT_BUFFER_SIZE 258 unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; unsigned char *result_buffer = NULL; size_t result_buffer_size; unsigned char *result; size_t resultlen; unsigned char short_apdu_buffer[5+256+10]; unsigned char *apdu_buffer = NULL; unsigned char *apdu; size_t apdulen; int sw; long rc; /* we need a long here due to PC/SC. */ int class; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (apdudatalen > 65535) return SW_HOST_INV_VALUE; if (apdudatalen > sizeof short_apdu_buffer - 5) { apdu_buffer = xtrymalloc (apdudatalen + 5); if (!apdu_buffer) return SW_HOST_OUT_OF_CORE; apdu = apdu_buffer; } else { apdu = short_apdu_buffer; } apdulen = apdudatalen; memcpy (apdu, apdudata, apdudatalen); class = apdulen? *apdu : 0; if (extended_length >= 256 && extended_length <= 65536) { result_buffer_size = extended_length; result_buffer = xtrymalloc (result_buffer_size + 10); if (!result_buffer) { xfree (apdu_buffer); return SW_HOST_OUT_OF_CORE; } result = result_buffer; } else { result_buffer_size = SHORT_RESULT_BUFFER_SIZE; result = short_result_buffer; } #undef SHORT_RESULT_BUFFER_SIZE if ((sw = lock_slot (slot))) { xfree (apdu_buffer); xfree (result_buffer); return sw; } resultlen = result_buffer_size; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); xfree (apdu_buffer); apdu_buffer = NULL; if (rc || resultlen < 2) { log_error ("apdu_send_direct(%d) failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); xfree (result_buffer); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; /* Store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) { log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA)) log_printhex (result, resultlen, " dump: "); } if (handle_more && (sw & 0xff00) == SW_MORE_DATA) { unsigned char *p = NULL, *tmp; size_t bufsize = 4096; /* It is likely that we need to return much more data, so we start off with a large buffer. */ if (retbuf) { *retbuf = p = xtrymalloc (bufsize + 2); if (!*retbuf) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } - assert (resultlen < bufsize); + log_assert (resultlen < bufsize); memcpy (p, result, resultlen); p += resultlen; } do { int len = (sw & 0x00ff); if (DBG_CARD_IO) log_debug ("apdu_send_direct(%d): %d more bytes available\n", slot, len); apdu = short_apdu_buffer; apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = 0xC0; apdu[apdulen++] = 0; apdu[apdulen++] = 0; apdu[apdulen++] = len; memset (apdu+apdulen, 0, sizeof (short_apdu_buffer) - apdulen); resultlen = result_buffer_size; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); if (rc || resultlen < 2) { log_error ("apdu_send_direct(%d) for get response failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); xfree (result_buffer); return rc ? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; resultlen -= 2; if (DBG_CARD_IO) { log_debug (" more: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA)) log_printhex (result, resultlen, " dump: "); } if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS || sw == SW_EOF_REACHED ) { if (retbuf && resultlen) { if (p - *retbuf + resultlen > bufsize) { bufsize += resultlen > 4096? resultlen: 4096; tmp = xtryrealloc (*retbuf, bufsize + 2); if (!tmp) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } p = tmp + (p - *retbuf); *retbuf = tmp; } memcpy (p, result, resultlen); p += resultlen; } } else log_info ("apdu_send_direct(%d) " "got unexpected status %04X from get response\n", slot, sw); } while ((sw & 0xff00) == SW_MORE_DATA); if (retbuf) { *retbuflen = p - *retbuf; tmp = xtryrealloc (*retbuf, *retbuflen + 2); if (tmp) *retbuf = tmp; } } else { if (retbuf) { *retbuf = xtrymalloc ((resultlen? resultlen : 1)+2); if (!*retbuf) { unlock_slot (slot); xfree (result_buffer); return SW_HOST_OUT_OF_CORE; } *retbuflen = resultlen; memcpy (*retbuf, result, resultlen); } } unlock_slot (slot); xfree (result_buffer); /* Append the status word. Note that we reserved the two extra bytes while allocating the buffer. */ if (retbuf) { (*retbuf)[(*retbuflen)++] = (sw >> 8); (*retbuf)[(*retbuflen)++] = sw; } if (r_sw) *r_sw = sw; if (DBG_CARD_IO && retbuf) log_printhex (*retbuf, *retbuflen, " dump: "); return 0; } const char * apdu_get_reader_name (int slot) { return reader_table[slot].rdrname; } gpg_error_t apdu_init (void) { #ifdef USE_NPTH gpg_error_t err; int i; pcsc.count = 0; pcsc.context = 0; for (i = 0; i < MAX_READER; i++) pcsc.rdrname[i] = NULL; if (npth_mutex_init (&reader_table_lock, NULL)) goto leave; for (i = 0; i < MAX_READER; i++) if (npth_mutex_init (&reader_table[i].lock, NULL)) goto leave; /* All done well. */ return 0; leave: err = gpg_error_from_syserror (); log_error ("apdu: error initializing mutex: %s\n", gpg_strerror (err)); return err; #endif /*USE_NPTH*/ return 0; } diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 84d4b2aa7..990de3405 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -1,579 +1,578 @@ /* app-dinsig.c - The DINSIG (DIN V 66291-1) card application. * Copyright (C) 2002, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* The German signature law and its bylaw (SigG and SigV) is currently used with an interface specification described in DIN V 66291-1. The AID to be used is: 'D27600006601'. The file IDs for certificates utilize the generic format: Cxyz C being the hex digit 'C' (12). x being the service indicator: '0' := SigG conform digital signature. '1' := entity authentication. '2' := key encipherment. '3' := data encipherment. '4' := key agreement. other values are reserved for future use. y being the security environment number using '0' for cards not supporting a SE number. z being the certificate type: '0' := C.CH (base certificate of card holder) or C.ICC. '1' .. '7' := C.CH (business or professional certificate of card holder. '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA). 'E' := C.RCA (self certified certificate of the Root-CA). 'F' := reserved. The file IDs used by default are: '1F00' EF.SSD (security service descriptor). [o,o] '2F02' EF.GDO (global data objects) [m,m] 'A000' EF.PROT (signature log). Cyclic file with 20 records of 53 byte. Read and update after user authentication. [o,o] 'B000' EF.PK.RCA.DS (public keys of Root-CA). Size is 512b or size of keys. [m (unless a 'C00E' is present),m] 'B001' EF.PK.CA.DS (public keys of CAs). Size is 512b or size of keys. [o,o] 'C00n' EF.C.CH.DS (digital signature certificate of card holder) with n := 0 .. 7. Size is 2k or size of cert. Read and update allowed after user authentication. [m,m] 'C00m' EF.C.CA.DS (digital signature certificate of CA) with m := 8 .. E. Size is 1k or size of cert. Read always allowed, update after user authentication. [o,o] 'C100' EF.C.ICC.AUT (AUT certificate of ICC) [o,m] 'C108' EF.C.CA.AUT (AUT certificate of CA) [o,m] 'D000' EF.DM (display message) [-,m] The letters in brackets indicate optional or mandatory files: The first for card terminals under full control and the second for "business" card terminals. */ #include #include #include #include #include -#include #include #include "scdaemon.h" #include "../common/i18n.h" #include "iso7816.h" #include "../common/tlv.h" static gpg_error_t do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) { gpg_error_t err; char ct_buf[100], id_buf[100]; char hexkeygrip[41]; size_t len, certoff; unsigned char *der; size_t derlen; ksba_cert_t cert; int fid; (void)flags; /* Return the certificate of the card holder. */ fid = 0xC000; len = app_help_read_length_of_cert (app_get_slot (app), fid, &certoff); if (!len) return 0; /* Card has not been personalized. */ sprintf (ct_buf, "%d", 101); sprintf (id_buf, "DINSIG.%04X", fid); send_status_info (ctrl, "CERTINFO", ct_buf, strlen (ct_buf), id_buf, strlen (id_buf), NULL, (size_t)0); /* Now we need to read the certificate, so that we can get the public key out of it. */ err = iso7816_read_binary (app_get_slot (app), certoff, len-certoff, &der, &derlen); if (err) { log_info ("error reading entire certificate from FID 0x%04X: %s\n", fid, gpg_strerror (err)); return 0; } err = ksba_cert_new (&cert); if (err) { xfree (der); return err; } err = ksba_cert_init_from_mem (cert, der, derlen); xfree (der); der = NULL; if (err) { log_error ("failed to parse the certificate at FID 0x%04X: %s\n", fid, gpg_strerror (err)); ksba_cert_release (cert); return err; } err = app_help_get_keygrip_string (cert, hexkeygrip, NULL, NULL); if (err) { log_error ("failed to calculate the keygrip for FID 0x%04X\n", fid); ksba_cert_release (cert); return gpg_error (GPG_ERR_CARD); } ksba_cert_release (cert); sprintf (id_buf, "DINSIG.%04X", fid); send_status_info (ctrl, "KEYPAIRINFO", hexkeygrip, 40, id_buf, strlen (id_buf), NULL, (size_t)0); return 0; } /* Read the certificate with id CERTID (as returned by learn_status in the CERTINFO status lines) and return it in the freshly allocated buffer put into CERT and the length of the certificate put into CERTLEN. FIXME: This needs some cleanups and caching with do_learn_status. */ static gpg_error_t do_readcert (app_t app, const char *certid, unsigned char **cert, size_t *certlen) { int fid; gpg_error_t err; unsigned char *buffer; const unsigned char *p; size_t buflen, n; int class, tag, constructed, ndef; size_t totobjlen, objlen, hdrlen; int rootca = 0; *cert = NULL; *certlen = 0; if (strncmp (certid, "DINSIG.", 7) ) return gpg_error (GPG_ERR_INV_ID); certid += 7; if (!hexdigitp (certid) || !hexdigitp (certid+1) || !hexdigitp (certid+2) || !hexdigitp (certid+3) || certid[4]) return gpg_error (GPG_ERR_INV_ID); fid = xtoi_4 (certid); if (fid != 0xC000 ) return gpg_error (GPG_ERR_NOT_FOUND); /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ err = iso7816_select_file (app_get_slot (app), fid, 0); if (err) { log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); return err; } err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen); if (err) { log_error ("error reading certificate from FID 0x%04X: %s\n", fid, gpg_strerror (err)); return err; } if (!buflen || *buffer == 0xff) { log_info ("no certificate contained in FID 0x%04X\n", fid); err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } /* Now figure something out about the object. */ p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if ( class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed ) ; else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed ) rootca = 1; else return gpg_error (GPG_ERR_INV_OBJ); totobjlen = objlen + hdrlen; - assert (totobjlen <= buflen); + log_assert (totobjlen <= buflen); err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if (rootca) ; else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed) { const unsigned char *save_p; /* The certificate seems to be contained in a userCertificate container. Skip this and assume the following sequence is the certificate. */ if (n < objlen) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } p += objlen; n -= objlen; save_p = p; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) ) return gpg_error (GPG_ERR_INV_OBJ); totobjlen = objlen + hdrlen; - assert (save_p + totobjlen <= buffer + buflen); + log_assert (save_p + totobjlen <= buffer + buflen); memmove (buffer, save_p, totobjlen); } *cert = buffer; buffer = NULL; *certlen = totobjlen; leave: xfree (buffer); return err; } /* Verify the PIN if required. */ static gpg_error_t verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { const char *s; int rc; pininfo_t pininfo; if ( app->did_chv1 && !app->force_chv1 ) return 0; /* No need to verify it again. */ memset (&pininfo, 0, sizeof pininfo); pininfo.fixedlen = -1; pininfo.minlen = 6; pininfo.maxlen = 8; if (!opt.disable_pinpad && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, _("||Please enter your PIN at the reader's pinpad"), NULL); if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } rc = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } else /* No Pinpad. */ { char *pinvalue; rc = pincb (pincb_arg, "PIN", &pinvalue); if (rc) { log_info ("PIN callback returned error: %s\n", gpg_strerror (rc)); return rc; } /* We require the PIN to be at least 6 and at max 8 bytes. According to the specs, this should all be ASCII. */ for (s=pinvalue; digitp (s); s++) ; if (*s) { log_error ("Non-numeric digits found in PIN\n"); xfree (pinvalue); return gpg_error (GPG_ERR_BAD_PIN); } if (strlen (pinvalue) < pininfo.minlen) { log_error ("PIN is too short; minimum length is %d\n", pininfo.minlen); xfree (pinvalue); return gpg_error (GPG_ERR_BAD_PIN); } else if (strlen (pinvalue) > pininfo.maxlen) { log_error ("PIN is too large; maximum length is %d\n", pininfo.maxlen); xfree (pinvalue); return gpg_error (GPG_ERR_BAD_PIN); } rc = iso7816_verify (app_get_slot (app), 0x81, pinvalue, strlen (pinvalue)); if (gpg_err_code (rc) == GPG_ERR_INV_VALUE) { /* We assume that ISO 9564-1 encoding is used and we failed because the first nibble we passed was 3 and not 2. DIN says something about looking up such an encoding in the SSD but I was not able to find any tag relevant to this. */ char paddedpin[8]; int i, ndigits; for (ndigits=0, s=pinvalue; *s; ndigits++, s++) ; i = 0; paddedpin[i++] = 0x20 | (ndigits & 0x0f); for (s=pinvalue; i < sizeof paddedpin && *s && s[1]; s = s+2 ) paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f)); if (i < sizeof paddedpin && *s) paddedpin[i++] = (((*s - '0') << 4) | 0x0f); while (i < sizeof paddedpin) paddedpin[i++] = 0xff; rc = iso7816_verify (app_get_slot (app), 0x81, paddedpin, sizeof paddedpin); } xfree (pinvalue); } if (rc) { log_error ("verify PIN failed\n"); return rc; } app->did_chv1 = 1; return 0; } /* Create the signature and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; that callback should return the PIN in an allocated buffer and store that in the 3rd argument. */ static gpg_error_t do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { static unsigned char sha1_prefix[15] = /* Object ID is 1.3.14.3.2.26 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; static unsigned char sha256_prefix[19] = /* OID is 2.16.840.1.101.3.4.2.1 */ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; int rc; int fid; unsigned char data[19+32]; /* Must be large enough for a SHA-256 digest + the largest OID _prefix above. */ int datalen; (void)ctrl; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (indatalen != 20 && indatalen != 16 && indatalen != 32 && indatalen != (15+20) && indatalen != (19+32)) return gpg_error (GPG_ERR_INV_VALUE); /* Check that the provided ID is valid. This is not really needed but we do it to enforce correct usage by the caller. */ if (strncmp (keyidstr, "DINSIG.", 7) ) return gpg_error (GPG_ERR_INV_ID); keyidstr += 7; if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1) || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3) || keyidstr[4]) return gpg_error (GPG_ERR_INV_ID); fid = xtoi_4 (keyidstr); if (fid != 0xC000) return gpg_error (GPG_ERR_NOT_FOUND); /* Prepare the DER object from INDATA. */ datalen = 35; if (indatalen == 15+20) { /* Alright, the caller was so kind to send us an already prepared DER object. Check that it is what we want and that it matches the hash algorithm. */ if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha1_prefix, 15)) ; else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata, rmd160_prefix,15)) ; else return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); memcpy (data, indata, indatalen); } else if (indatalen == 19+32) { /* Alright, the caller was so kind to send us an already prepared DER object. Check that it is what we want and that it matches the hash algorithm. */ datalen = indatalen; if (hashalgo == GCRY_MD_SHA256 && !memcmp (indata, sha256_prefix, 19)) ; else if (hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha256_prefix, 19)) { /* Fixme: This is a kludge. A better solution is not to use SHA1 as default but use an autodetection. However this needs changes in all app-*.c */ datalen = indatalen; } else return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); memcpy (data, indata, indatalen); } else { int len = 15; if (hashalgo == GCRY_MD_SHA1) memcpy (data, sha1_prefix, len); else if (hashalgo == GCRY_MD_RMD160) memcpy (data, rmd160_prefix, len); else if (hashalgo == GCRY_MD_SHA256) { len = 19; datalen = len + indatalen; memcpy (data, sha256_prefix, len); } else return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); memcpy (data+len, indata, indatalen); } rc = verify_pin (app, pincb, pincb_arg); if (!rc) rc = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0, outdata, outdatalen); return rc; } #if 0 #warning test function - works but may brick your card /* Handle the PASSWD command. CHVNOSTR is currently ignored; we always use VHV0. RESET_MODE is not yet implemented. */ static gpg_error_t do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; char *pinvalue; const char *oldpin; size_t oldpinlen; if ((flags & APP_CHANGE_FLAG_RESET)) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); if ((flags & APP_CHANGE_FLAG_NULLPIN)) { /* With the nullpin flag, we do not verify the PIN - it would fail if the Nullpin is still set. */ oldpin = "\0\0\0\0\0"; oldpinlen = 6; } else { err = verify_pin (app, pincb, pincb_arg); if (err) return err; oldpin = NULL; oldpinlen = 0; } /* TRANSLATORS: Do not translate the "|*|" prefixes but keep it at the start of the string. We need this elsewhere to get some infos on the string. */ err = pincb (pincb_arg, _("|N|Initial New PIN"), &pinvalue); if (err) { log_error (_("error getting new PIN: %s\n"), gpg_strerror (err)); return err; } err = iso7816_change_reference_data (app_get_slot (app), 0x81, oldpin, oldpinlen, pinvalue, strlen (pinvalue)); xfree (pinvalue); return err; } #endif /*0*/ /* Select the DINSIG application on the card in SLOT. This function must be used before any other DINSIG application functions. */ gpg_error_t app_select_dinsig (app_t app) { static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 }; int slot = app_get_slot (app); int rc; rc = iso7816_select_application (slot, aid, sizeof aid, 0); if (!rc) { app->apptype = APPTYPE_DINSIG; app->fnc.prep_reselect = NULL; app->fnc.reselect = NULL; app->fnc.learn_status = do_learn_status; app->fnc.readcert = do_readcert; app->fnc.getattr = NULL; app->fnc.setattr = NULL; app->fnc.genkey = NULL; app->fnc.sign = do_sign; app->fnc.auth = NULL; app->fnc.decipher = NULL; app->fnc.change_pin = NULL /*do_change_pin*/; app->fnc.check_pin = NULL; app->force_chv1 = 1; } return rc; } diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c index f76febe05..befe6c804 100644 --- a/scd/app-geldkarte.c +++ b/scd/app-geldkarte.c @@ -1,410 +1,409 @@ /* app-geldkarte.c - The German Geldkarte application * Copyright (C) 2004 g10 Code GmbH * Copyright (C) 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* This is a read-only application to quickly dump information of a German Geldkarte (debit card for small amounts). We only support newer Geldkarte (with the AID DF_BOERSE_NEU) issued since 2000 or even earlier. */ #include #include #include #include #include -#include #include #include #include "scdaemon.h" #include "../common/i18n.h" #include "iso7816.h" #include "../common/tlv.h" /* Object with application (i.e. Geldkarte) specific data. */ struct app_local_s { char kblz[2+1+4+1]; const char *banktype; char *cardno; char expires[7+1]; char validfrom[10+1]; char *country; char currency[3+1]; unsigned int currency_mult100; unsigned char chipid; unsigned char osvers; int balance; int maxamount; int maxamount1; }; /* Deconstructor. */ static void do_deinit (app_t app) { if (app && app->app_local) { xfree (app->app_local->cardno); xfree (app->app_local->country); xfree (app->app_local); app->app_local = NULL; } } static gpg_error_t send_one_string (ctrl_t ctrl, const char *name, const char *string) { if (!name || !string) return 0; send_status_info (ctrl, name, string, strlen (string), NULL, 0); return 0; } /* Implement the GETATTR command. This is similar to the LEARN command but returns just one value via the status interface. */ static gpg_error_t do_getattr (app_t app, ctrl_t ctrl, const char *name) { gpg_error_t err; struct app_local_s *ld = app->app_local; char numbuf[100]; if (!strcmp (name, "X-KBLZ")) err = send_one_string (ctrl, name, ld->kblz); else if (!strcmp (name, "X-BANKINFO")) err = send_one_string (ctrl, name, ld->banktype); else if (!strcmp (name, "X-CARDNO")) err = send_one_string (ctrl, name, ld->cardno); else if (!strcmp (name, "X-EXPIRES")) err = send_one_string (ctrl, name, ld->expires); else if (!strcmp (name, "X-VALIDFROM")) err = send_one_string (ctrl, name, ld->validfrom); else if (!strcmp (name, "X-COUNTRY")) err = send_one_string (ctrl, name, ld->country); else if (!strcmp (name, "X-CURRENCY")) err = send_one_string (ctrl, name, ld->currency); else if (!strcmp (name, "X-ZKACHIPID")) { snprintf (numbuf, sizeof numbuf, "0x%02X", ld->chipid); err = send_one_string (ctrl, name, numbuf); } else if (!strcmp (name, "X-OSVERSION")) { snprintf (numbuf, sizeof numbuf, "0x%02X", ld->osvers); err = send_one_string (ctrl, name, numbuf); } else if (!strcmp (name, "X-BALANCE")) { snprintf (numbuf, sizeof numbuf, "%.2f", (double)ld->balance / 100 * ld->currency_mult100); err = send_one_string (ctrl, name, numbuf); } else if (!strcmp (name, "X-MAXAMOUNT")) { snprintf (numbuf, sizeof numbuf, "%.2f", (double)ld->maxamount / 100 * ld->currency_mult100); err = send_one_string (ctrl, name, numbuf); } else if (!strcmp (name, "X-MAXAMOUNT1")) { snprintf (numbuf, sizeof numbuf, "%.2f", (double)ld->maxamount1 / 100 * ld->currency_mult100); err = send_one_string (ctrl, name, numbuf); } else err = gpg_error (GPG_ERR_INV_NAME); return err; } static gpg_error_t do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) { static const char *names[] = { "X-KBLZ", "X-BANKINFO", "X-CARDNO", "X-EXPIRES", "X-VALIDFROM", "X-COUNTRY", "X-CURRENCY", "X-ZKACHIPID", "X-OSVERSION", "X-BALANCE", "X-MAXAMOUNT", "X-MAXAMOUNT1", NULL }; gpg_error_t err = 0; int idx; (void)flags; for (idx=0; names[idx] && !err; idx++) err = do_getattr (app, ctrl, names[idx]); return err; } static char * copy_bcd (const unsigned char *string, size_t length) { const unsigned char *s; size_t n; size_t needed; char *buffer, *dst; if (!length) return xtrystrdup (""); /* Skip leading zeroes. */ for (; length && !*string; length--, string++) ; s = string; n = length; needed = 0; for (; n ; n--, s++) { if (!needed && !(*s & 0xf0)) ; /* Skip the leading zero in the first nibble. */ else { if ( ((*s >> 4) & 0x0f) > 9 ) { errno = EINVAL; return NULL; } needed++; } if ( n == 1 && (*s & 0x0f) > 9 ) ; /* Ignore the last digit if it has the sign. */ else { needed++; if ( (*s & 0x0f) > 9 ) { errno = EINVAL; return NULL; } } } if (!needed) /* If it is all zero, print a "0". */ needed++; buffer = dst = xtrymalloc (needed+1); if (!buffer) return NULL; s = string; n = length; needed = 0; for (; n ; n--, s++) { if (!needed && !(*s & 0xf0)) ; /* Skip the leading zero in the first nibble. */ else { *dst++ = '0' + ((*s >> 4) & 0x0f); needed++; } if ( n == 1 && (*s & 0x0f) > 9 ) ; /* Ignore the last digit if it has the sign. */ else { *dst++ = '0' + (*s & 0x0f); needed++; } } if (!needed) *dst++ = '0'; *dst = 0; return buffer; } /* Convert the BCD number at STRING of LENGTH into an integer and store that at RESULT. Return 0 on success. */ static gpg_error_t bcd_to_int (const unsigned char *string, size_t length, int *result) { char *tmp; tmp = copy_bcd (string, length); if (!tmp) return gpg_error (GPG_ERR_BAD_DATA); *result = strtol (tmp, NULL, 10); xfree (tmp); return 0; } /* Select the Geldkarte application. */ gpg_error_t app_select_geldkarte (app_t app) { static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 }; gpg_error_t err; int slot = app_get_slot (app); unsigned char *result = NULL; size_t resultlen; struct app_local_s *ld; const char *banktype; err = iso7816_select_application (slot, aid, sizeof aid, 0); if (err) goto leave; /* Read the first record of EF_ID (SFI=0x17). We require this record to be at least 24 bytes with the first byte 0x67 and a correct filler byte. */ err = iso7816_read_record (slot, 1, 1, ((0x17 << 3)|4), &result, &resultlen); if (err) goto leave; /* Oops - not a Geldkarte. */ if (resultlen < 24 || *result != 0x67 || result[22]) { err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } /* The short Bankleitzahl consists of 3 bytes at offset 1. */ switch (result[1]) { case 0x21: banktype = "Oeffentlich-rechtliche oder private Bank"; break; case 0x22: banktype = "Privat- oder Geschaeftsbank"; break; case 0x25: banktype = "Sparkasse"; break; case 0x26: case 0x29: banktype = "Genossenschaftsbank"; break; default: err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; /* Probably not a Geldkarte. */ } app->apptype = APPTYPE_GELDKARTE; app->fnc.deinit = do_deinit; app->fnc.prep_reselect = NULL; app->fnc.reselect = NULL; /* If we don't have a serialno yet construct it from the EF_ID. */ if (!app->card->serialno) { app->card->serialno = xtrymalloc (10); if (!app->card->serialno) { err = gpg_error_from_syserror (); goto leave; } memcpy (app->card->serialno, result, 10); app->card->serialnolen = 10; err = app_munge_serialno (app->card); if (err) goto leave; } app->app_local = ld = xtrycalloc (1, sizeof *app->app_local); if (!app->app_local) { err = gpg_err_code_from_syserror (); goto leave; } snprintf (ld->kblz, sizeof ld->kblz, "%02X-%02X%02X", result[1], result[2], result[3]); ld->banktype = banktype; ld->cardno = copy_bcd (result+4, 5); if (!ld->cardno) { err = gpg_err_code_from_syserror (); goto leave; } snprintf (ld->expires, sizeof ld->expires, "20%02X-%02X", result[10], result[11]); snprintf (ld->validfrom, sizeof ld->validfrom, "20%02X-%02X-%02X", result[12], result[13], result[14]); ld->country = copy_bcd (result+15, 2); if (!ld->country) { err = gpg_err_code_from_syserror (); goto leave; } snprintf (ld->currency, sizeof ld->currency, "%c%c%c", isascii (result[17])? result[17]:' ', isascii (result[18])? result[18]:' ', isascii (result[19])? result[19]:' '); ld->currency_mult100 = (result[20] == 0x01? 1: result[20] == 0x02? 10: result[20] == 0x04? 100: result[20] == 0x08? 1000: result[20] == 0x10? 10000: result[20] == 0x20? 100000:0); ld->chipid = result[21]; ld->osvers = result[23]; /* Read the first record of EF_BETRAG (SFI=0x18). */ xfree (result); err = iso7816_read_record (slot, 1, 1, ((0x18 << 3)|4), &result, &resultlen); if (err) goto leave; /* It does not make sense to continue. */ if (resultlen < 12) { err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } err = bcd_to_int (result+0, 3, &ld->balance); if (!err) err = bcd_to_int (result+3, 3, &ld->maxamount); if (!err) err = bcd_to_int (result+6, 3, &ld->maxamount1); /* The next 3 bytes are the maximum amount chargable without using a MAC. This is usually 0. */ if (err) goto leave; /* Setup the rest of the methods. */ app->fnc.learn_status = do_learn_status; app->fnc.getattr = do_getattr; leave: xfree (result); if (err) do_deinit (app); return err; } diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 6fe13354c..5508ec68e 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1,6338 +1,6337 @@ /* app-openpgp.c - The OpenPGP card application. * Copyright (C) 2003-2005, 2007-2009, * 2013-2015 Free Software Foundation, Inc. * Copyright (C) 2003-2005, 2007-2009, 2013-2015, 2020 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* Some notes: CHV means Card Holder Verification and is nothing else than a PIN or password. That term seems to have been used originally with GSM cards. Version v2 of the specs changes the term to the clearer term PW for password. We use the terms here interchangeable because we do not want to change existing strings i18n wise. Version 2 of the specs also drops the separate PW2 which was required in v1 due to ISO requirements. It is now possible to have one physical PW but two reference to it so that they can be individually be verified (e.g. to implement a forced verification for one key). Thus you will noticed the use of PW2 with the verify command but not with change_reference_data because the latter operates directly on the physical PW. The Reset Code (RC) as implemented by v2 cards uses the same error counter as the PW2 of v1 cards. By default no RC is set and thus that error counter is set to 0. After setting the RC the error counter will be initialized to 3. */ #include #include #include #include #include #include -#include #include #include "scdaemon.h" #include "../common/util.h" #include "../common/i18n.h" #include "iso7816.h" #include "../common/tlv.h" #include "../common/host2net.h" #include "../common/openpgpdefs.h" #define KDF_DATA_LENGTH_MIN 90 #define KDF_DATA_LENGTH_MAX 110 /* The AID of this application. */ static char const openpgp_aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 }; /* A table describing the DOs of the card. */ static struct { int tag; int constructed; int get_from; /* Constructed DO with this DO or 0 for direct access. */ unsigned int binary:1; unsigned int dont_cache:1; unsigned int flush_on_error:1; unsigned int get_immediate_in_v11:1; /* Enable a hack to bypass the cache of this data object if it is used in 1.1 and later versions of the card. This does not work with composite DO and is currently only useful for the CHV status bytes. */ unsigned int try_extlen:2; /* Large object; try to use an extended length APDU when !=0. The size is determined by extcap.max_certlen when == 1, and by extcap.max_special_do when == 2. */ char *desc; } data_objects[] = { { 0x005E, 0, 0, 1, 0, 0, 0, 2, "Login Data" }, { 0x5F50, 0, 0, 0, 0, 0, 0, 2, "URL" }, { 0x5F52, 0, 0, 1, 0, 0, 0, 0, "Historical Bytes" }, { 0x0065, 1, 0, 1, 0, 0, 0, 0, "Cardholder Related Data"}, { 0x005B, 0, 0x65, 0, 0, 0, 0, 0, "Name" }, { 0x5F2D, 0, 0x65, 0, 0, 0, 0, 0, "Language preferences" }, { 0x5F35, 0, 0x65, 0, 0, 0, 0, 0, "Salutation" }, { 0x006E, 1, 0, 1, 0, 0, 0, 0, "Application Related Data" }, { 0x004F, 0, 0x6E, 1, 0, 0, 0, 0, "AID" }, { 0x0073, 1, 0, 1, 0, 0, 0, 0, "Discretionary Data Objects" }, { 0x0047, 0, 0x6E, 1, 1, 0, 0, 0, "Card Capabilities" }, { 0x00C0, 0, 0x6E, 1, 1, 0, 0, 0, "Extended Card Capabilities" }, { 0x00C1, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Signature" }, { 0x00C2, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Decryption" }, { 0x00C3, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Authentication" }, { 0x00C4, 0, 0x6E, 1, 0, 1, 1, 0, "CHV Status Bytes" }, { 0x00C5, 0, 0x6E, 1, 0, 0, 0, 0, "Fingerprints" }, { 0x00C6, 0, 0x6E, 1, 0, 0, 0, 0, "CA Fingerprints" }, { 0x00CD, 0, 0x6E, 1, 0, 0, 0, 0, "Generation time" }, { 0x007A, 1, 0, 1, 0, 0, 0, 0, "Security Support Template" }, { 0x0093, 0, 0x7A, 1, 1, 0, 0, 0, "Digital Signature Counter" }, { 0x0101, 0, 0, 0, 0, 0, 0, 2, "Private DO 1"}, { 0x0102, 0, 0, 0, 0, 0, 0, 2, "Private DO 2"}, { 0x0103, 0, 0, 0, 0, 0, 0, 2, "Private DO 3"}, { 0x0104, 0, 0, 0, 0, 0, 0, 2, "Private DO 4"}, { 0x7F21, 1, 0, 1, 0, 0, 0, 1, "Cardholder certificate"}, /* V3.0 */ { 0x7F74, 0, 0x6E, 1, 0, 0, 0, 0, "General Feature Management"}, { 0x00D5, 0, 0, 1, 0, 0, 0, 0, "AES key data"}, { 0x00D6, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Signature"}, { 0x00D7, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Decryption"}, { 0x00D8, 0, 0x6E, 1, 0, 0, 0, 0, "UIF for Authentication"}, { 0x00F9, 0, 0, 1, 0, 0, 0, 0, "KDF data object"}, { 0x00FA, 0, 0, 1, 0, 0, 0, 2, "Algorithm Information"}, { 0 } }; /* Type of keys. */ typedef enum { KEY_TYPE_ECC, KEY_TYPE_RSA, } key_type_t; /* The format of RSA private keys. */ typedef enum { RSA_UNKNOWN_FMT, RSA_STD, RSA_STD_N, RSA_CRT, RSA_CRT_N } rsa_key_format_t; /* One cache item for DOs. */ struct cache_s { struct cache_s *next; int tag; size_t length; unsigned char data[1]; }; /* Object with application (i.e. OpenPGP card) specific data. */ struct app_local_s { /* A linked list with cached DOs. */ struct cache_s *cache; /* Keep track of the public keys. */ struct { int read_done; /* True if we have at least tried to read them. */ unsigned char *key; /* This is a malloced buffer with a canonical encoded S-expression encoding a public key. Might be NULL if key is not available. */ size_t keylen; /* The length of the above S-expression. This is usually only required for cross checks because the length of an S-expression is implicitly available. */ unsigned char keygrip_str[41]; /* The keygrip, null terminated */ } pk[3]; unsigned char status_indicator; /* The card status indicator. */ unsigned int manufacturer:16; /* Manufacturer ID from the s/n. */ /* Keep track of the ISO card capabilities. */ struct { unsigned int cmd_chaining:1; /* Command chaining is supported. */ unsigned int ext_lc_le:1; /* Extended Lc and Le are supported. */ } cardcap; /* Keep track of extended card capabilities. */ struct { unsigned int is_v2:1; /* Compatible to v2 or later. */ unsigned int is_v3:1; /* Comatible to v3 or later. */ unsigned int has_button:1; /* Has confirmation button or not. */ unsigned int sm_supported:1; /* Secure Messaging is supported. */ unsigned int get_challenge:1; unsigned int key_import:1; unsigned int change_force_chv:1; unsigned int private_dos:1; unsigned int algo_attr_change:1; /* Algorithm attributes changeable. */ unsigned int has_decrypt:1; /* Support symmetric decryption. */ unsigned int kdf_do:1; /* Support KDF DO. */ unsigned int sm_algo:2; /* Symmetric crypto algo for SM. */ unsigned int pin_blk2:1; /* PIN block 2 format supported. */ unsigned int mse:1; /* MSE command supported. */ unsigned int max_certlen:16; /* Maximum size of DO 7F21. */ unsigned int max_get_challenge:16; /* Maximum size for get_challenge. */ unsigned int max_special_do:16; /* Maximum size for special DOs. */ } extcap; /* Flags used to control the application. */ struct { unsigned int no_sync:1; /* Do not sync CHV1 and CHV2 */ unsigned int def_chv2:1; /* Use 123456 for CHV2. */ } flags; /* Flags used to override certain behavior. */ struct { unsigned int cache_6e:1; } override; /* Keep track on whether we cache a certain PIN so that we get it * from the cache only if we know we cached it. This inhibits the * use of the same cache entry for a card plugged in and out without * gpg-agent having noticed that due to a bug. */ struct { unsigned int maybe_chv1:1; unsigned int maybe_chv2:1; unsigned int maybe_chv3:1; } pincache; /* Pinpad request specified on card. */ struct { unsigned int disabled:1; /* No pinpad use because of KDF DO. */ unsigned int specified:1; int fixedlen_user; int fixedlen_admin; } pinpad; struct { key_type_t key_type; const char *keyalgo; /* Algorithm in standard string format. */ union { struct { unsigned int n_bits; /* Size of the modulus in bits. The rest of this strucuire is only valid if this is not 0. */ unsigned int e_bits; /* Size of the public exponent in bits. */ rsa_key_format_t format; } rsa; struct { const char *curve; int algo; unsigned int flags; } ecc; }; } keyattr[3]; }; #define ECC_FLAG_DJB_TWEAK (1 << 0) #define ECC_FLAG_PUBKEY (1 << 1) /***** Local prototypes *****/ static unsigned long convert_sig_counter_value (const unsigned char *value, size_t valuelen); static unsigned long get_sig_counter (app_t app); static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen); static const char *get_algorithm_attribute_string (const unsigned char *buffer, size_t buflen); static void parse_algorithm_attribute (app_t app, int keyno); static gpg_error_t change_keyattr_from_string (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const char *keyref, const char *keyalgo, const void *value, size_t valuelen); /* Return the OpenPGP card manufacturer name. */ static const char * get_manufacturer (unsigned int no) { /* Note: Make sure that there is no colon or linefeed in the string. */ switch (no) { case 0x0001: return "PPC Card Systems"; case 0x0002: return "Prism"; case 0x0003: return "OpenFortress"; case 0x0004: return "Wewid"; case 0x0005: return "ZeitControl"; case 0x0006: return "Yubico"; case 0x0007: return "OpenKMS"; case 0x0008: return "LogoEmail"; case 0x0009: return "Fidesmo"; case 0x000A: return "VivoKey"; case 0x000B: return "Feitian Technologies"; case 0x000D: return "Dangerous Things"; case 0x000E: return "Excelsecu"; case 0x002A: return "Magrathea"; case 0x0042: return "GnuPG e.V."; case 0x1337: return "Warsaw Hackerspace"; case 0x2342: return "warpzone"; /* hackerspace Muenster. */ case 0x4354: return "Confidential Technologies"; /* cotech.de */ case 0x5443: return "TIF-IT e.V."; case 0x63AF: return "Trustica"; case 0xBA53: return "c-base e.V."; case 0xBD0E: return "Paranoidlabs"; case 0xF517: return "FSIJ"; case 0xF5EC: return "F-Secure"; /* 0x0000 and 0xFFFF are defined as test cards per spec, * 0xFF00 to 0xFFFE are assigned for use with randomly created * serial numbers. */ case 0x0000: case 0xffff: return "test card"; default: return (no & 0xff00) == 0xff00? "unmanaged S/N range":"unknown"; } } /* Deconstructor. */ static void do_deinit (app_t app) { if (app && app->app_local) { struct cache_s *c, *c2; int i; for (c = app->app_local->cache; c; c = c2) { c2 = c->next; xfree (c); } for (i=0; i < DIM (app->app_local->pk); i++) { xfree (app->app_local->pk[i].key); app->app_local->pk[i].read_done = 0; } xfree (app->app_local); app->app_local = NULL; } } /* This is a helper to do a wipememory followed by a free. In general * we do not need this if the buffer has been allocated in secure * memory. However at some places we can't make that sure and thus we * better to an extra wipe here. */ static void wipe_and_free (void *p, size_t len) { if (p) { if (len) wipememory (p, len); xfree (p); } } /* Similar to wipe_and_free but assumes P is eitehr NULL or a proper * string. */ static void wipe_and_free_string (char *p) { if (p) { wipememory (p, strlen (p)); xfree (p); } } /* Wrapper around iso7816_get_data which first tries to get the data from the cache. With GET_IMMEDIATE passed as true, the cache is bypassed. With TRY_EXTLEN extended lengths APDUs are use if supported by the card. */ static gpg_error_t get_cached_data (app_t app, int tag, unsigned char **result, size_t *resultlen, int get_immediate, int try_extlen) { gpg_error_t err; int i; unsigned char *p; size_t len; struct cache_s *c; int exmode; *result = NULL; *resultlen = 0; if (tag == 0x6E && app->app_local->override.cache_6e) get_immediate = 0; if (!get_immediate) { for (c=app->app_local->cache; c; c = c->next) if (c->tag == tag) { if(c->length) { p = xtrymalloc (c->length); if (!p) return gpg_error (gpg_err_code_from_errno (errno)); memcpy (p, c->data, c->length); *result = p; } *resultlen = c->length; return 0; } } if (try_extlen && app->app_local->cardcap.ext_lc_le) { if (try_extlen == 1) exmode = app->app_local->extcap.max_certlen; else if (try_extlen == 2 && app->app_local->extcap.is_v3) exmode = app->app_local->extcap.max_special_do; else exmode = 0; } else exmode = 0; err = iso7816_get_data (app_get_slot (app), exmode, tag, &p, &len); if (err) return err; if (len) *result = p; *resultlen = len; /* Check whether we should cache this object. */ if (get_immediate) return 0; for (i=0; data_objects[i].tag; i++) if (data_objects[i].tag == tag) { if (data_objects[i].dont_cache) return 0; break; } /* Okay, cache it. */ for (c=app->app_local->cache; c; c = c->next) - assert (c->tag != tag); + log_assert (c->tag != tag); c = xtrymalloc (sizeof *c + len); if (c) { if (len) memcpy (c->data, p, len); else xfree (p); c->length = len; c->tag = tag; c->next = app->app_local->cache; app->app_local->cache = c; } return 0; } /* Remove DO at TAG from the cache. */ static void flush_cache_item (app_t app, int tag) { struct cache_s *c, *cprev; int i; if (!app->app_local) return; for (c=app->app_local->cache, cprev=NULL; c ; cprev=c, c = c->next) if (c->tag == tag) { if (cprev) cprev->next = c->next; else app->app_local->cache = c->next; xfree (c); for (c=app->app_local->cache; c ; c = c->next) { - assert (c->tag != tag); /* Oops: duplicated entry. */ + log_assert (c->tag != tag); /* Oops: duplicated entry. */ } return; } /* Try again if we have an outer tag. */ for (i=0; data_objects[i].tag; i++) if (data_objects[i].tag == tag && data_objects[i].get_from && data_objects[i].get_from != tag) flush_cache_item (app, data_objects[i].get_from); } /* Flush all entries from the cache which might be out of sync after an error. */ static void flush_cache_after_error (app_t app) { int i; for (i=0; data_objects[i].tag; i++) if (data_objects[i].flush_on_error) flush_cache_item (app, data_objects[i].tag); } /* Flush the entire cache. */ static void flush_cache (app_t app) { if (app && app->app_local) { struct cache_s *c, *c2; for (c = app->app_local->cache; c; c = c2) { c2 = c->next; xfree (c); } app->app_local->cache = NULL; } } /* Get the DO identified by TAG from the card in SLOT and return a buffer with its content in RESULT and NBYTES. The return value is NULL if not found or a pointer which must be used to release the buffer holding value. */ static void * get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes, int *r_rc) { int rc, i; unsigned char *buffer; size_t buflen; unsigned char *value; size_t valuelen; int dummyrc; int exmode; if (!r_rc) r_rc = &dummyrc; *result = NULL; *nbytes = 0; *r_rc = 0; for (i=0; data_objects[i].tag && data_objects[i].tag != tag; i++) ; if (app->appversion > 0x0100 && data_objects[i].get_immediate_in_v11) { exmode = 0; rc = iso7816_get_data (app_get_slot (app), exmode, tag, &buffer, &buflen); if (rc) { *r_rc = rc; return NULL; } *result = buffer; *nbytes = buflen; return buffer; } value = NULL; rc = -1; if (data_objects[i].tag && data_objects[i].get_from) { rc = get_cached_data (app, data_objects[i].get_from, &buffer, &buflen, (data_objects[i].dont_cache || data_objects[i].get_immediate_in_v11), data_objects[i].try_extlen); if (!rc) { const unsigned char *s; s = find_tlv_unchecked (buffer, buflen, tag, &valuelen); if (!s) value = NULL; /* not found */ else if (valuelen > buflen - (s - buffer)) { log_error ("warning: constructed DO too short\n"); value = NULL; xfree (buffer); buffer = NULL; } else value = buffer + (s - buffer); } } if (!value) /* Not in a constructed DO, try simple. */ { rc = get_cached_data (app, tag, &buffer, &buflen, (data_objects[i].dont_cache || data_objects[i].get_immediate_in_v11), data_objects[i].try_extlen); if (!rc) { value = buffer; valuelen = buflen; } } if (!rc) { *nbytes = valuelen; *result = value; return buffer; } *r_rc = rc; return NULL; } static void dump_all_do (int slot) { int rc, i, j; unsigned char *buffer; size_t buflen; for (i=0; data_objects[i].tag; i++) { if (data_objects[i].get_from) continue; /* We don't try extended length APDU because such large DO would be pretty useless in a log file. */ rc = iso7816_get_data (slot, 0, data_objects[i].tag, &buffer, &buflen); if (gpg_err_code (rc) == GPG_ERR_NO_OBJ) ; else if (rc) log_info ("DO '%s' not available: %s\n", data_objects[i].desc, gpg_strerror (rc)); else { if (data_objects[i].binary) { log_info ("DO '%s': ", data_objects[i].desc); log_printhex (buffer, buflen, ""); } else log_info ("DO '%s': '%.*s'\n", data_objects[i].desc, (int)buflen, buffer); /* FIXME: sanitize */ if (data_objects[i].constructed) { for (j=0; data_objects[j].tag; j++) { const unsigned char *value; size_t valuelen; if (j==i || data_objects[i].tag != data_objects[j].get_from) continue; value = find_tlv_unchecked (buffer, buflen, data_objects[j].tag, &valuelen); if (!value) ; /* not found */ else if (valuelen > buflen - (value - buffer)) log_error ("warning: constructed DO too short\n"); else { if (data_objects[j].binary) { log_info ("DO '%s': ", data_objects[j].desc); if (valuelen > 200) log_info ("[%u]\n", (unsigned int)valuelen); else log_printhex (value, valuelen, ""); } else log_info ("DO '%s': '%.*s'\n", data_objects[j].desc, (int)valuelen, value); /* FIXME: sanitize */ } } } } xfree (buffer); buffer = NULL; } } /* Count the number of bits, assuming the A represents an unsigned big integer of length LEN bytes. */ static unsigned int count_bits (const unsigned char *a, size_t len) { unsigned int n = len * 8; int i; for (; len && !*a; len--, a++, n -=8) ; if (len) { for (i=7; i && !(*a & (1< Where FLAGS is a plain hexadecimal number representing flag values. The lsb is here the rightmost bit. Defined flags bits are: Bit 0 = CHV1 and CHV2 are not synchronized Bit 1 = CHV2 has been set to the default PIN of "123456" (this implies that bit 0 is also set). P= Where PINPAD_REQUEST is in the format of: or ,. N for user PIN, M for admin PIN. If M is missing it means M=N. 0 means to force not to use pinpad. */ static void parse_login_data (app_t app) { unsigned char *buffer, *p; size_t buflen, len; void *relptr; /* Set defaults. */ app->app_local->flags.no_sync = 0; app->app_local->flags.def_chv2 = 0; app->app_local->pinpad.specified = 0; app->app_local->pinpad.fixedlen_user = -1; app->app_local->pinpad.fixedlen_admin = -1; /* Read the DO. */ relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL); if (!relptr) return; /* Ooops. */ for (; buflen; buflen--, buffer++) if (*buffer == '\n') break; if (buflen < 2 || buffer[1] != '\x14') { xfree (relptr); return; /* No control sequences. */ } buflen--; buffer++; do { buflen--; buffer++; if (buflen > 1 && *buffer == 'F' && buffer[1] == '=') { /* Flags control sequence found. */ int lastdig = 0; /* For now we are only interested in the last digit, so skip any leading digits but bail out on invalid characters. */ for (p=buffer+2, len = buflen-2; len && hexdigitp (p); p++, len--) lastdig = xtoi_1 (p); buffer = p; buflen = len; if (len && !(*p == '\n' || *p == '\x18')) goto next; /* Invalid characters in field. */ app->app_local->flags.no_sync = !!(lastdig & 1); app->app_local->flags.def_chv2 = (lastdig & 3) == 3; } else if (buflen > 1 && *buffer == 'P' && buffer[1] == '=') { /* Pinpad request control sequence found. */ buffer += 2; buflen -= 2; if (buflen) { if (digitp (buffer)) { char *q; int n, m; n = strtol (buffer, &q, 10); if (q >= (char *)buffer + buflen || *q == '\x18' || *q == '\n') m = n; else { if (*q++ != ',' || !digitp (q)) goto next; m = strtol (q, &q, 10); } if (buflen < ((unsigned char *)q - buffer)) break; buflen -= ((unsigned char *)q - buffer); buffer = q; if (buflen && !(*buffer == '\n' || *buffer == '\x18')) goto next; app->app_local->pinpad.specified = 1; app->app_local->pinpad.fixedlen_user = n; app->app_local->pinpad.fixedlen_admin = m; } } } next: /* Skip to FS (0x18) or LF (\n). */ for (; buflen && *buffer != '\x18' && *buffer != '\n'; buflen--) buffer++; } while (buflen && *buffer != '\n'); xfree (relptr); } #define MAX_ARGS_STORE_FPR 3 /* Note, that FPR must be at least 20 bytes. */ static gpg_error_t store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, int algo, ...) { unsigned int n, nbits; unsigned char *buffer, *p; int tag, tag2; int rc; const unsigned char *m[MAX_ARGS_STORE_FPR]; size_t mlen[MAX_ARGS_STORE_FPR]; va_list ap; int argc; int i; n = 6; /* key packet version, 4-byte timestamps, and algorithm */ if (algo == PUBKEY_ALGO_ECDH) argc = 3; else argc = 2; va_start (ap, algo); for (i = 0; i < argc; i++) { m[i] = va_arg (ap, const unsigned char *); mlen[i] = va_arg (ap, size_t); if (algo == PUBKEY_ALGO_RSA || i == 1) n += 2; n += mlen[i]; } va_end (ap); p = buffer = xtrymalloc (3 + n); if (!buffer) return gpg_error_from_syserror (); *p++ = 0x99; /* ctb */ *p++ = n >> 8; /* 2 byte length header */ *p++ = n; *p++ = 4; /* key packet version */ *p++ = timestamp >> 24; *p++ = timestamp >> 16; *p++ = timestamp >> 8; *p++ = timestamp; *p++ = algo; for (i = 0; i < argc; i++) { if (algo == PUBKEY_ALGO_RSA) { nbits = count_bits (m[i], mlen[i]); *p++ = nbits >> 8; *p++ = nbits; } else if (i == 1) { nbits = count_sos_bits (m[i], mlen[i]); *p++ = nbits >> 8; *p++ = nbits; } memcpy (p, m[i], mlen[i]); p += mlen[i]; } gcry_md_hash_buffer (GCRY_MD_SHA1, fpr, buffer, n+3); xfree (buffer); tag = (app->appversion > 0x0007? 0xC7 : 0xC6) + keynumber; flush_cache_item (app, 0xC5); tag2 = 0xCE + keynumber; flush_cache_item (app, 0xCD); rc = iso7816_put_data (app_get_slot (app), 0, tag, fpr, 20); if (rc) log_error (_("failed to store the fingerprint: %s\n"),gpg_strerror (rc)); if (!rc && app->appversion > 0x0100) { unsigned char buf[4]; buf[0] = timestamp >> 24; buf[1] = timestamp >> 16; buf[2] = timestamp >> 8; buf[3] = timestamp; rc = iso7816_put_data (app_get_slot (app), 0, tag2, buf, 4); if (rc) log_error (_("failed to store the creation date: %s\n"), gpg_strerror (rc)); } return rc; } static void send_fpr_if_not_null (ctrl_t ctrl, const char *keyword, int number, const unsigned char *fpr) { int i; char buf[41]; char numbuf[25]; for (i=0; i < 20 && !fpr[i]; i++) ; if (i==20) return; /* All zero. */ bin2hex (fpr, 20, buf); if (number == -1) *numbuf = 0; /* Don't print the key number */ else sprintf (numbuf, "%d", number); send_status_info (ctrl, keyword, numbuf, (size_t)strlen(numbuf), buf, (size_t)strlen (buf), NULL, 0); } static void send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword, int number, const unsigned char *stamp) { char numbuf1[50], numbuf2[50]; unsigned long value; value = buf32_to_ulong (stamp); if (!value) return; sprintf (numbuf1, "%d", number); sprintf (numbuf2, "%lu", value); send_status_info (ctrl, keyword, numbuf1, (size_t)strlen(numbuf1), numbuf2, (size_t)strlen(numbuf2), NULL, 0); } static void send_key_data (ctrl_t ctrl, const char *name, const unsigned char *a, size_t alen) { char *buffer, *buf; size_t buflen; buffer = buf = bin2hex (a, alen, NULL); if (!buffer) { log_error ("memory allocation error in send_key_data\n"); return; } buflen = strlen (buffer); /* 768 is the hexified size for the modulus of an 3072 bit key. We use extra chunks to transmit larger data (i.e for 4096 bit). */ for ( ;buflen > 768; buflen -= 768, buf += 768) send_status_info (ctrl, "KEY-DATA", "-", 1, buf, 768, NULL, 0); send_status_info (ctrl, "KEY-DATA", name, (size_t)strlen(name), buf, buflen, NULL, 0); xfree (buffer); } static void send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) { char buffer[200]; log_assert (keyno >=0 && keyno < DIM(app->app_local->keyattr)); /* Note that the code in gpg-card supports prefixing the key number * with "OPENPGP." but older code does not yet support this. There * is also a discrepancy with the algorithm numbers: We should use * the gcrypt numbers but the current code assumes OpenPGP numbers. */ if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) snprintf (buffer, sizeof buffer, "%d 1 rsa%u %u %d", keyno+1, app->app_local->keyattr[keyno].rsa.n_bits, app->app_local->keyattr[keyno].rsa.e_bits, app->app_local->keyattr[keyno].rsa.format); else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) { snprintf (buffer, sizeof buffer, "%d %d %s", keyno+1, app->app_local->keyattr[keyno].ecc.algo, app->app_local->keyattr[keyno].ecc.curve); } else snprintf (buffer, sizeof buffer, "%d 0 0 UNKNOWN", keyno+1); send_status_direct (ctrl, keyword, buffer); } #define RSA_SMALL_SIZE_KEY 1952 #define RSA_SMALL_SIZE_OP 2048 static int determine_rsa_response (app_t app, int keyno) { int size; size = 2 + 3 /* header */ + 4 /* tag+len */ + (app->app_local->keyattr[keyno].rsa.n_bits+7)/8 + 2 /* tag+len */ + (app->app_local->keyattr[keyno].rsa.e_bits+7)/8; return size; } /* Implement the GETATTR command. This is similar to the LEARN command but returns just one value via the status interface. */ static gpg_error_t do_getattr (app_t app, ctrl_t ctrl, const char *name) { static struct { const char *name; int tag; int special; } table[] = { { "DISP-NAME", 0x005B }, { "LOGIN-DATA", 0x005E }, { "DISP-LANG", 0x5F2D }, { "DISP-SEX", 0x5F35 }, { "PUBKEY-URL", 0x5F50 }, { "KEY-FPR", 0x00C5, 3 }, { "KEY-TIME", 0x00CD, 4 }, { "KEY-ATTR", 0x0000, -5 }, { "CA-FPR", 0x00C6, 3 }, { "CHV-STATUS", 0x00C4, 1 }, { "SIG-COUNTER", 0x0093, 2 }, { "SERIALNO", 0x004F, -1 }, { "AID", 0x004F }, { "EXTCAP", 0x0000, -2 }, { "PRIVATE-DO-1", 0x0101 }, { "PRIVATE-DO-2", 0x0102 }, { "PRIVATE-DO-3", 0x0103 }, { "PRIVATE-DO-4", 0x0104 }, { "$AUTHKEYID", 0x0000, -3 }, { "$ENCRKEYID", 0x0000, -6 }, { "$SIGNKEYID", 0x0000, -7 }, { "$DISPSERIALNO",0x0000, -4 }, { "UIF-1", 0x00D6, 0 }, { "UIF-2", 0x00D7, 0 }, { "UIF-3", 0x00D8, 0 }, { "KDF", 0x00F9, 5 }, { "MANUFACTURER", 0x0000, -8 }, { "UIF", 0x0000, -9 }, /* Shortcut for all UIF */ { "KEY-STATUS", 0x00DE, 6 }, { "KEY-ATTR-INFO", 0x00FA, 7 }, { NULL, 0 } }; int idx, i, rc; void *relptr; unsigned char *value; size_t valuelen; for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++) ; if (!table[idx].name) return gpg_error (GPG_ERR_INV_NAME); if (table[idx].special == -1) { /* The serial number is very special. We can't use the AID DO (0x4f) because this is the serialno per specs with the correct appversion. We might however use a serialno with the version set to 0.0 and that is what we need to return. */ char *serial = app_get_serialno (app); if (serial) { send_status_direct (ctrl, "SERIALNO", serial); xfree (serial); } return 0; } if (table[idx].special == -2) { char tmp[110]; /* Noet that with v3 cards mcl3 is used for all certificates. */ snprintf (tmp, sizeof tmp, "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d " "sm=%d si=%u dec=%d bt=%d kdf=%d", app->app_local->extcap.get_challenge, app->app_local->extcap.key_import, app->app_local->extcap.change_force_chv, app->app_local->extcap.private_dos, app->app_local->extcap.max_certlen, app->app_local->extcap.algo_attr_change, (app->app_local->extcap.sm_supported ? (app->app_local->extcap.sm_algo == 0? CIPHER_ALGO_3DES : (app->app_local->extcap.sm_algo == 1? CIPHER_ALGO_AES : CIPHER_ALGO_AES256)) : 0), app->app_local->status_indicator, app->app_local->extcap.has_decrypt, app->app_local->extcap.has_button, app->app_local->extcap.kdf_do); send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0); return 0; } if (table[idx].special == -3) { char const tmp[] = "OPENPGP.3"; send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0); return 0; } if (table[idx].special == -4) { char *serial; if ((serial = app_get_dispserialno (app, 0))) { send_status_info (ctrl, table[idx].name, serial, strlen (serial), NULL, 0); xfree (serial); return 0; } return gpg_error (GPG_ERR_INV_NAME); } if (table[idx].special == -5) { for (i=0; i < 3; i++) send_key_attr (ctrl, app, table[idx].name, i); return 0; } if (table[idx].special == -6) { char const tmp[] = "OPENPGP.2"; send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0); return 0; } if (table[idx].special == -7) { char const tmp[] = "OPENPGP.1"; send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0); return 0; } if (table[idx].special == -8) { return send_status_printf (ctrl, table[idx].name, "%u %s", app->app_local->manufacturer, get_manufacturer (app->app_local->manufacturer)); } if (table[idx].special == -9) { rc = do_getattr (app, ctrl, "UIF-1"); if (!rc) rc = do_getattr (app, ctrl, "UIF-2"); if (!rc) rc = do_getattr (app, ctrl, "UIF-3"); return rc; } relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &rc); if (relptr) { if (table[idx].special == 1) { char numbuf[7*23]; for (i=0,*numbuf=0; i < valuelen && i < 7; i++) sprintf (numbuf+strlen (numbuf), " %d", value[i]); send_status_info (ctrl, table[idx].name, numbuf, strlen (numbuf), NULL, 0); } else if (table[idx].special == 2) { char numbuf[50]; sprintf (numbuf, "%lu", convert_sig_counter_value (value, valuelen)); send_status_info (ctrl, table[idx].name, numbuf, strlen (numbuf), NULL, 0); } else if (table[idx].special == 3) { if (valuelen >= 60) for (i=0; i < 3; i++) send_fpr_if_not_null (ctrl, table[idx].name, i+1, value+i*20); } else if (table[idx].special == 4) { if (valuelen >= 12) for (i=0; i < 3; i++) send_fprtime_if_not_null (ctrl, table[idx].name, i+1, value+i*4); } else if (table[idx].special == 5) { if ((valuelen == KDF_DATA_LENGTH_MIN || valuelen == KDF_DATA_LENGTH_MAX) && (value[2] == 0x03)) app->app_local->pinpad.disabled = 1; else app->app_local->pinpad.disabled = 0; send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0); } else if (table[idx].special == 6) { for (i=0,rc=0; !rc && i+1 < valuelen; i += 2) rc = send_status_printf (ctrl, table[idx].name, "OPENPGP.%u %u", value[i], value[i+1]); if (gpg_err_code (rc) == GPG_ERR_NO_OBJ) rc = gpg_error (GPG_ERR_NOT_SUPPORTED); } else if (table[idx].special == 7) { const unsigned char *p = value; int tag; size_t len; if (valuelen < 2) return gpg_error (GPG_ERR_INV_OBJ); tag = p[0]; len = p[1]; /* Does it comes tag+len at the head? */ if (tag == 0x00FA) { p += 2; if (len == 0x81) { if (valuelen < 3) return gpg_error (GPG_ERR_INV_OBJ); len = *p++; } else if (len == 0x82) { if (valuelen < 4) return gpg_error (GPG_ERR_INV_OBJ); len = *p++; len = (len << 8) | *p++; } valuelen -= (p - value); value = (unsigned char *)p; if (valuelen != len) { if (opt.verbose) log_info ("Yubikey bug: length %zu != %zu", valuelen, len); if (APP_CARD(app)->cardtype != CARDTYPE_YUBIKEY) return gpg_error (GPG_ERR_INV_OBJ); } } for (; p < value + valuelen; p += len) { const char *key_algo_str; int keyrefno; if (p + 2 > value + valuelen) break; tag = *p++; len = *p++; if (tag < 0xc1) continue; if (tag == 0xda) keyrefno = 0x81; else keyrefno = tag - 0xc1 + 1; if (p + len > value + valuelen) break; key_algo_str = get_algorithm_attribute_string (p, len); send_status_printf (ctrl, table[idx].name, "OPENPGP.%u %s", keyrefno, key_algo_str); } } else send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0); xfree (relptr); } else { if (table[idx].special == 5) app->app_local->pinpad.disabled = 0; } return rc; } /* Return the DISP-NAME without any padding characters. Caller must * free the result. If not found or empty NULL is returned. */ static char * get_disp_name (app_t app) { int rc; void *relptr; unsigned char *value; size_t valuelen; char *string; char *p, *given; char *result; relptr = get_one_do (app, 0x005B, &value, &valuelen, &rc); if (!relptr) return NULL; string = xtrymalloc (valuelen + 1); if (!string) { xfree (relptr); return NULL; } memcpy (string, value, valuelen); string[valuelen] = 0; xfree (relptr); /* Swap surname and given name. */ given = strstr (string, "<<"); for (p = string; *p; p++) if (*p == '<') *p = ' '; if (given && given[2]) { *given = 0; given += 2; result = strconcat (given, " ", string, NULL); } else { result = string; string = NULL; } xfree (string); return result; } /* Return the number of remaining tries for the standard or the admin * pw. Returns -1 on card error. */ static int get_remaining_tries (app_t app, int adminpw) { void *relptr; unsigned char *value; size_t valuelen; int remaining; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) { log_error (_("error retrieving CHV status from card\n")); xfree (relptr); return -1; } remaining = value[adminpw? 6 : 4]; xfree (relptr); return remaining; } /* Retrieve the fingerprint from the card inserted in SLOT and write the according hex representation to FPR. Caller must have provide a buffer at FPR of least 41 bytes. Returns 0 on success or an error code. */ static gpg_error_t retrieve_fpr_from_card (app_t app, int keyno, char *fpr) { gpg_error_t err = 0; void *relptr; unsigned char *value; size_t valuelen; - assert (keyno >=0 && keyno <= 2); + log_assert (keyno >=0 && keyno <= 2); relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL); if (relptr && valuelen >= 60) bin2hex (value+keyno*20, 20, fpr); else err = gpg_error (GPG_ERR_NOT_FOUND); xfree (relptr); return err; } /* Retrieve the creation time of the fingerprint for key KEYNO from * the card inserted in the slot of APP and store it at R_FPRTIME. * Returns 0 on success or an error code. */ static gpg_error_t retrieve_fprtime_from_card (app_t app, int keyno, u32 *r_fprtime) { gpg_error_t err = 0; void *relptr; unsigned char *value; size_t valuelen; u32 fprtime; log_assert (keyno >=0 && keyno <= 2); relptr = get_one_do (app, 0x00CD, &value, &valuelen, NULL); if (relptr && valuelen >= 4*(keyno+1)) { fprtime = buf32_to_u32 (value + 4*keyno); if (!fprtime) err = gpg_error (GPG_ERR_NOT_FOUND); else *r_fprtime = fprtime; } else err = gpg_error (GPG_ERR_NOT_FOUND); xfree (relptr); return err; } /* Retrieve the public key material for the RSA key, whose fingerprint is FPR, from gpg output, which can be read through the stream FP. The RSA modulus will be stored at the address of M and MLEN, the public exponent at E and ELEN. Returns zero on success, an error code on failure. Caller must release the allocated buffers at M and E if the function returns success. */ static gpg_error_t retrieve_key_material (FILE *fp, const char *hexkeyid, const unsigned char **m, size_t *mlen, const unsigned char **e, size_t *elen) { gcry_error_t err = 0; char *line = NULL; /* read_line() buffer. */ size_t line_size = 0; /* Helper for for read_line. */ int found_key = 0; /* Helper to find a matching key. */ unsigned char *m_new = NULL; unsigned char *e_new = NULL; size_t m_new_n = 0; size_t e_new_n = 0; /* Loop over all records until we have found the subkey corresponding to the fingerprint. Inm general the first record should be the pub record, but we don't rely on that. Given that we only need to look at one key, it is sufficient to compare the keyid so that we don't need to look at "fpr" records. */ for (;;) { char *p; char *fields[6] = { NULL, NULL, NULL, NULL, NULL, NULL }; int nfields; size_t max_length; gcry_mpi_t mpi; int i; max_length = 4096; i = read_line (fp, &line, &line_size, &max_length); if (!i) break; /* EOF. */ if (i < 0) { err = gpg_error_from_syserror (); goto leave; /* Error. */ } if (!max_length) { err = gpg_error (GPG_ERR_TRUNCATED); goto leave; /* Line truncated - we better stop processing. */ } /* Parse the line into fields. */ for (nfields=0, p=line; p && nfields < DIM (fields); nfields++) { fields[nfields] = p; p = strchr (p, ':'); if (p) *(p++) = 0; } if (!nfields) continue; /* No fields at all - skip line. */ if (!found_key) { if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") ) && nfields > 4 && !strcmp (fields[4], hexkeyid)) found_key = 1; continue; } if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") ) break; /* Next key - stop. */ if ( strcmp (fields[0], "pkd") ) continue; /* Not a key data record. */ if ( nfields < 4 || (i = atoi (fields[1])) < 0 || i > 1 || (!i && m_new) || (i && e_new)) { err = gpg_error (GPG_ERR_GENERAL); goto leave; /* Error: Invalid key data record or not an RSA key. */ } err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL); if (err) mpi = NULL; else if (!i) err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &m_new, &m_new_n, mpi); else err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &e_new, &e_new_n, mpi); gcry_mpi_release (mpi); if (err) goto leave; } if (m_new && e_new) { *m = m_new; *mlen = m_new_n; m_new = NULL; *e = e_new; *elen = e_new_n; e_new = NULL; } else err = gpg_error (GPG_ERR_GENERAL); leave: xfree (m_new); xfree (e_new); xfree (line); return err; } static gpg_error_t rsa_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno, const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp) { gpg_error_t err; const unsigned char *m, *e; size_t mlen, elen; unsigned char *mbuf = NULL, *ebuf = NULL; m = find_tlv (data, datalen, 0x0081, &mlen); if (!m) { log_error (_("response does not contain the RSA modulus\n")); return gpg_error (GPG_ERR_CARD); } e = find_tlv (data, datalen, 0x0082, &elen); if (!e) { log_error (_("response does not contain the RSA public exponent\n")); return gpg_error (GPG_ERR_CARD); } if (ctrl) { send_key_data (ctrl, "n", m, mlen); send_key_data (ctrl, "e", e, elen); } for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */ ; for (; elen && !*e; elen--, e++) /* strip leading zeroes */ ; if (ctrl) { unsigned char fprbuf[20]; err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA, m, mlen, e, elen); if (err) return err; send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf); } mbuf = xtrymalloc (mlen + 1); if (!mbuf) { err = gpg_error_from_syserror (); goto leave; } /* Prepend numbers with a 0 if needed. */ if (mlen && (*m & 0x80)) { *mbuf = 0; memcpy (mbuf+1, m, mlen); mlen++; } else memcpy (mbuf, m, mlen); ebuf = xtrymalloc (elen + 1); if (!ebuf) { err = gpg_error_from_syserror (); goto leave; } /* Prepend numbers with a 0 if needed. */ if (elen && (*e & 0x80)) { *ebuf = 0; memcpy (ebuf+1, e, elen); elen++; } else memcpy (ebuf, e, elen); err = gcry_sexp_build (r_sexp, NULL, "(public-key(rsa(n%b)(e%b)))", (int)mlen, mbuf, (int)elen, ebuf); leave: xfree (mbuf); xfree (ebuf); return err; } /* Determine KDF hash algorithm and KEK encryption algorithm by CURVE. */ static const unsigned char* ecdh_params (const char *curve) { unsigned int nbits; openpgp_curve_to_oid (curve, &nbits, NULL); /* See RFC-6637 for those constants. 0x03: Number of bytes 0x01: Version for this parameter format KEK digest algorithm KEK cipher algorithm */ if (nbits <= 256) return (const unsigned char*)"\x03\x01\x08\x07"; else if (nbits <= 384) return (const unsigned char*)"\x03\x01\x09\x09"; else return (const unsigned char*)"\x03\x01\x0a\x09"; } static gpg_error_t ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno, const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp) { gpg_error_t err; unsigned char *qbuf = NULL; const unsigned char *ecc_q; size_t ecc_q_len; gcry_mpi_t oid = NULL; int n; const char *curve; const char *oidstr; const unsigned char *oidbuf; size_t oid_len; int algo; const char *format; ecc_q = find_tlv (data, datalen, 0x0086, &ecc_q_len); if (!ecc_q) { log_error (_("response does not contain the EC public key\n")); return gpg_error (GPG_ERR_CARD); } curve = app->app_local->keyattr[keyno].ecc.curve; oidstr = openpgp_curve_to_oid (curve, NULL, NULL); err = openpgp_oid_from_str (oidstr, &oid); if (err) return err; oidbuf = gcry_mpi_get_opaque (oid, &n); if (!oidbuf) { err = gpg_error_from_syserror (); goto leave; } oid_len = (n+7)/8; qbuf = xtrymalloc (ecc_q_len + 1); if (!qbuf) { err = gpg_error_from_syserror (); goto leave; } if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)) { /* Prepend 0x40 prefix. */ *qbuf = 0x40; memcpy (qbuf+1, ecc_q, ecc_q_len); ecc_q_len++; } else memcpy (qbuf, ecc_q, ecc_q_len); if (ctrl) { send_key_data (ctrl, "q", qbuf, ecc_q_len); send_key_data (ctrl, "curve", oidbuf, oid_len); } algo = app->app_local->keyattr[keyno].ecc.algo; if (keyno == 1) { if (ctrl) send_key_data (ctrl, "kdf/kek", ecdh_params (curve), (size_t)4); } if (ctrl) { unsigned char fprbuf[20]; err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len, qbuf, ecc_q_len, ecdh_params (curve), (size_t)4); if (err) goto leave; send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf); } if (!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)) format = "(public-key(ecc(curve%s)(q%b)))"; else if (keyno == 1) format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))"; else format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))"; err = gcry_sexp_build (r_sexp, NULL, format, app->app_local->keyattr[keyno].ecc.curve, (int)ecc_q_len, qbuf); leave: gcry_mpi_release (oid); xfree (qbuf); return err; } static gpg_error_t store_keygrip (app_t app, int keyno) { gpg_error_t err; unsigned char grip[20]; err = keygrip_from_canon_sexp (app->app_local->pk[keyno].key, app->app_local->pk[keyno].keylen, grip); if (err) return err; bin2hex (grip, 20, app->app_local->pk[keyno].keygrip_str); return 0; } /* Parse tag-length-value data for public key in BUFFER of BUFLEN length. Key of KEYNO in APP is updated with an S-expression of public key. When CTRL is not NULL, fingerprint is computed with CREATED_AT, and fingerprint is written to the card, and key data and fingerprint are send back to the client side. */ static gpg_error_t read_public_key (app_t app, ctrl_t ctrl, u32 created_at, int keyno, const unsigned char *buffer, size_t buflen) { gpg_error_t err; const unsigned char *data; size_t datalen; gcry_sexp_t s_pkey = NULL; data = find_tlv (buffer, buflen, 0x7F49, &datalen); if (!data) { log_error (_("response does not contain the public key data\n")); return gpg_error (GPG_ERR_CARD); } if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) err = rsa_read_pubkey (app, ctrl, created_at, keyno, data, datalen, &s_pkey); else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) err = ecc_read_pubkey (app, ctrl, created_at, keyno, data, datalen, &s_pkey); else err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); if (!err) { unsigned char *keybuf; size_t len; len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); keybuf = xtrymalloc (len); if (!data) { err = gpg_error_from_syserror (); gcry_sexp_release (s_pkey); return err; } gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); gcry_sexp_release (s_pkey); app->app_local->pk[keyno].key = keybuf; /* Decrement for trailing '\0' */ app->app_local->pk[keyno].keylen = len - 1; err = store_keygrip (app, keyno); } return err; } /* Get the public key for KEYNO and store it as an S-expression with the APP handle. On error that field gets cleared. If we already know about the public key we will just return. Note that this does not mean a key is available; this is solely indicated by the presence of the app->app_local->pk[KEYNO].key field. Note that GnuPG 1.x does not need this and it would be too time consuming to send it just for the fun of it. However, given that we use the same code in gpg 1.4, we can't use the gcry S-expression here but need to open encode it. */ static gpg_error_t get_public_key (app_t app, int keyno) { gpg_error_t err = 0; unsigned char *buffer; const unsigned char *m, *e; size_t buflen; size_t mlen = 0; size_t elen = 0; char *keybuf = NULL; gcry_sexp_t s_pkey; size_t len; if (keyno < 0 || keyno > 2) return gpg_error (GPG_ERR_INV_ID); /* Already cached? */ if (app->app_local->pk[keyno].read_done) return 0; xfree (app->app_local->pk[keyno].key); app->app_local->pk[keyno].key = NULL; app->app_local->pk[keyno].keylen = 0; m = e = NULL; /* (avoid cc warning) */ if (app->appversion > 0x0100) { int exmode, le_value; /* We may simply read the public key out of these cards. */ if (app->app_local->cardcap.ext_lc_le && app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA && app->app_local->keyattr[keyno].rsa.n_bits > RSA_SMALL_SIZE_KEY) { exmode = 1; /* Use extended length. */ le_value = determine_rsa_response (app, keyno); } else { exmode = 0; le_value = 256; /* Use legacy value. */ } err = iso7816_read_public_key (app_get_slot (app), exmode, (keyno == 0? "\xB6" : keyno == 1? "\xB8" : "\xA4"), 2, le_value, &buffer, &buflen); if (err) { /* Yubikey returns wrong code. Fix it up. */ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) err = gpg_error (GPG_ERR_NO_OBJ); /* Yubikey NEO (!CARDTYPE_YUBIKEY) also returns wrong code. Fix it up. */ else if (gpg_err_code (err) == GPG_ERR_CARD) err = gpg_error (GPG_ERR_NO_OBJ); log_error (_("reading public key failed: %s\n"), gpg_strerror (err)); goto leave; } err = read_public_key (app, NULL, 0U, keyno, buffer, buflen); } else { /* Due to a design problem in v1.0 cards we can't get the public key out of these cards without doing a verify on CHV3. Clearly that is not an option and thus we try to locate the key using an external helper. The helper we use here is gpg itself, which should know about the key in any case. */ char fpr[41]; char *hexkeyid; char *command = NULL; FILE *fp; int ret; buffer = NULL; /* We don't need buffer. */ err = retrieve_fpr_from_card (app, keyno, fpr); if (err) { log_error ("error while retrieving fpr from card: %s\n", gpg_strerror (err)); goto leave; } hexkeyid = fpr + 24; ret = gpgrt_asprintf (&command, "%s --list-keys --with-colons --with-key-data '%s'", gnupg_module_name (GNUPG_MODULE_NAME_GPG), fpr); if (ret < 0) { err = gpg_error_from_syserror (); goto leave; } fp = popen (command, "r"); xfree (command); if (!fp) { err = gpg_error_from_syserror (); log_error ("running gpg failed: %s\n", gpg_strerror (err)); goto leave; } err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen); pclose (fp); if (err) { log_error ("error while retrieving key material through pipe: %s\n", gpg_strerror (err)); goto leave; } err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))", (int)mlen, m, (int)elen, e); if (err) goto leave; len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); keybuf = xtrymalloc (len); if (!keybuf) { err = gpg_error_from_syserror (); gcry_sexp_release (s_pkey); goto leave; } gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); gcry_sexp_release (s_pkey); app->app_local->pk[keyno].key = (unsigned char*)keybuf; /* Decrement for trailing '\0' */ app->app_local->pk[keyno].keylen = len - 1; err = store_keygrip (app, keyno); } leave: /* Set a flag to indicate that we tried to read the key. */ if (!err) app->app_local->pk[keyno].read_done = 1; xfree (buffer); return err; } /* Send the KEYPAIRINFO back. KEY needs to be in the range [1,3]. This is used by the LEARN command. */ static gpg_error_t send_keypair_info (app_t app, ctrl_t ctrl, int key) { int keyno = key - 1; gpg_error_t err = 0; const char *usage; u32 fprtime; char *algostr = NULL; err = get_public_key (app, keyno); if (err) goto leave; - assert (keyno >= 0 && keyno <= 2); + log_assert (keyno >= 0 && keyno <= 2); if (!app->app_local->pk[keyno].key) goto leave; /* No such key - ignore. */ switch (keyno) { case 0: usage = "sc"; break; case 1: usage = "e"; break; case 2: usage = "sa"; break; default: usage = "-"; break; } if (retrieve_fprtime_from_card (app, keyno, &fprtime)) fprtime = 0; { gcry_sexp_t s_pkey; if (gcry_sexp_new (&s_pkey, app->app_local->pk[keyno].key, app->app_local->pk[keyno].keylen, 0)) algostr = xtrystrdup ("?"); else { algostr = pubkey_algo_string (s_pkey, NULL); gcry_sexp_release (s_pkey); } } if (!algostr) { err = gpg_error_from_syserror (); goto leave; } err = send_status_printf (ctrl, "KEYPAIRINFO", "%s OPENPGP.%d %s %lu %s", app->app_local->pk[keyno].keygrip_str, keyno+1, usage, (unsigned long)fprtime, algostr); leave: xfree (algostr); return err; } /* Handle the LEARN command for OpenPGP. */ static gpg_error_t do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) { gpg_error_t err = 0; (void)flags; err = do_getattr (app, ctrl, "EXTCAP"); if (!err) err = do_getattr (app, ctrl, "MANUFACTURER"); if (!err) err = do_getattr (app, ctrl, "DISP-NAME"); if (!err) err = do_getattr (app, ctrl, "DISP-LANG"); if (!err) err = do_getattr (app, ctrl, "DISP-SEX"); if (!err) err = do_getattr (app, ctrl, "PUBKEY-URL"); if (!err) err = do_getattr (app, ctrl, "LOGIN-DATA"); if (!err) err = do_getattr (app, ctrl, "KEY-FPR"); if (!err && app->appversion > 0x0100) err = do_getattr (app, ctrl, "KEY-TIME"); if (!err) err = do_getattr (app, ctrl, "CA-FPR"); if (!err) err = do_getattr (app, ctrl, "CHV-STATUS"); if (!err) err = do_getattr (app, ctrl, "SIG-COUNTER"); if (!err && app->app_local->extcap.kdf_do) { err = do_getattr (app, ctrl, "KDF"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; } if (!err && app->app_local->extcap.has_button) err = do_getattr (app, ctrl, "UIF"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err && app->app_local->extcap.private_dos) { if (!err) err = do_getattr (app, ctrl, "PRIVATE-DO-1"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err) err = do_getattr (app, ctrl, "PRIVATE-DO-2"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err && app->did_chv2) err = do_getattr (app, ctrl, "PRIVATE-DO-3"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err && app->did_chv3) err = do_getattr (app, ctrl, "PRIVATE-DO-4"); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; } if (!err) err = send_keypair_info (app, ctrl, 1); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err) err = send_keypair_info (app, ctrl, 2); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; if (!err) err = send_keypair_info (app, ctrl, 3); if (gpg_err_code (err) == GPG_ERR_NO_OBJ) err = 0; /* Note: We do not send the Cardholder Certificate, because that is relatively long and for OpenPGP applications not really needed. */ return err; } /* Handle the READKEY command for OpenPGP. On success a canonical encoded S-expression with the public key will get stored at PK and its length (for assertions) at PKLEN; the caller must release that buffer. On error PK and PKLEN are not changed and an error code is returned. */ static gpg_error_t do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, unsigned char **pk, size_t *pklen) { gpg_error_t err; int keyno; unsigned char *buf; if (strlen (keyid) == 40) { const unsigned char *keygrip_str; for (keyno = 0; keyno < 3; keyno++) { keygrip_str = app->app_local->pk[keyno].keygrip_str; if (!strncmp (keygrip_str, keyid, 40)) break; } if (keyno >= 3) return gpg_error (GPG_ERR_INV_ID); } else if (!ascii_strcasecmp (keyid, "OPENPGP.1")) keyno = 0; else if (!ascii_strcasecmp (keyid, "OPENPGP.2")) keyno = 1; else if (!ascii_strcasecmp (keyid, "OPENPGP.3")) keyno = 2; else return gpg_error (GPG_ERR_INV_ID); err = get_public_key (app, keyno); if (err) return err; buf = app->app_local->pk[keyno].key; if (!buf) return gpg_error (GPG_ERR_NO_PUBKEY); if ((flags & APP_READKEY_FLAG_INFO)) { err = send_keypair_info (app, ctrl, keyno+1); if (err) return err; } if (pk && pklen) { *pklen = app->app_local->pk[keyno].keylen; *pk = xtrymalloc (*pklen); if (!*pk) { err = gpg_error_from_syserror (); *pklen = 0; return err; } memcpy (*pk, buf, *pklen); } return 0; } /* Read the standard certificate of an OpenPGP v2 card. It is returned in a freshly allocated buffer with that address stored at CERT and the length of the certificate stored at CERTLEN. */ static gpg_error_t do_readcert (app_t app, const char *certid, unsigned char **cert, size_t *certlen) { gpg_error_t err; int occurrence = 0; *cert = NULL; *certlen = 0; if (!ascii_strcasecmp (certid, "OPENPGP.3")) ; else if (!ascii_strcasecmp (certid, "OPENPGP.2")) occurrence = 1; else if (!ascii_strcasecmp (certid, "OPENPGP.1")) occurrence = 2; else return gpg_error (GPG_ERR_INV_ID); if (!app->app_local->extcap.is_v3 && occurrence) return gpg_error (GPG_ERR_NOT_SUPPORTED); if (!app->app_local->extcap.is_v2) return gpg_error (GPG_ERR_NOT_FOUND); if (occurrence) { int exmode; err = iso7816_select_data (app_get_slot (app), occurrence, 0x7F21); if (!err) { if (app->app_local->cardcap.ext_lc_le) exmode = app->app_local->extcap.max_certlen; else exmode = 0; err = iso7816_get_data (app_get_slot (app), exmode, 0x7F21, cert, certlen); /* We reset the curDO even for an error. */ iso7816_select_data (app_get_slot (app), 0, 0x7F21); } if (err) err = gpg_error (GPG_ERR_NOT_FOUND); } else { unsigned char *buffer; size_t buflen; void *relptr; relptr = get_one_do (app, 0x7F21, &buffer, &buflen, NULL); if (!relptr) return gpg_error (GPG_ERR_NOT_FOUND); if (!buflen) err = gpg_error (GPG_ERR_NOT_FOUND); else if (!(*cert = xtrymalloc (buflen))) err = gpg_error_from_syserror (); else { memcpy (*cert, buffer, buflen); *certlen = buflen; err = 0; } xfree (relptr); } return err; } /* Decide if we use the pinpad of the reader for PIN input according to the user preference on the card, and the capability of the reader. This routine is only called when the reader has pinpad. Returns 0 if we use pinpad, 1 otherwise. */ static int check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin) { if (app->app_local->pinpad.disabled) return 1; if (app->app_local->pinpad.specified == 0) /* No preference on card. */ { if (pininfo->fixedlen == 0) /* Reader has varlen capability. */ return 0; /* Then, use pinpad. */ else /* * Reader has limited capability, and it may not match PIN of * the card. */ return 1; } if (admin_pin) pininfo->fixedlen = app->app_local->pinpad.fixedlen_admin; else pininfo->fixedlen = app->app_local->pinpad.fixedlen_user; if (pininfo->fixedlen == 0 /* User requests disable pinpad. */ || pininfo->fixedlen < pininfo->minlen || pininfo->fixedlen > pininfo->maxlen /* Reader doesn't have the capability to input a PIN which * length is FIXEDLEN. */) return 1; return 0; } /* Return a string with information about the card for use in a * prompt. Returns NULL on memory failure. */ static char * get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining) { char *serial, *disp_name, *rembuf, *tmpbuf, *result; serial = app_get_dispserialno (app, 0); if (!serial) return NULL; disp_name = get_disp_name (app); if (chvno == 1) { /* TRANSLATORS: Put a \x1f right before a colon. This can be * used by pinentry to nicely align the names and values. Keep * the %s at the start and end of the string. */ result = xtryasprintf (_("%s" "Number\x1f: %s%%0A" "Holder\x1f: %s%%0A" "Counter\x1f: %lu" "%s"), "\x1e", serial, disp_name? disp_name:"", sigcount, ""); } else { result = xtryasprintf (_("%s" "Number\x1f: %s%%0A" "Holder\x1f: %s" "%s"), "\x1e", serial, disp_name? disp_name:"", ""); } xfree (disp_name); xfree (serial); if (remaining != -1) { /* TRANSLATORS: This is the number of remaining attempts to * enter a PIN. Use %%0A (double-percent,0A) for a linefeed. */ rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining); if (!rembuf) { xfree (result); return NULL; } tmpbuf = strconcat (result, "%0A%0A", rembuf, NULL); xfree (rembuf); if (!tmpbuf) { xfree (result); return NULL; } xfree (result); result = tmpbuf; } return result; } /* Compute hash if KDF-DO is available. CHVNO must be 0 for reset * code, 1 or 2 for user pin and 3 for admin pin. PIN is the original * PIN as entered by the user. R_PINVALUE and r_PINLEN will receive a * newly allocated buffer with a possible modified pin. */ static gpg_error_t pin2hash_if_kdf (app_t app, int chvno, const char *pin, char **r_pinvalue, size_t *r_pinlen) { gpg_error_t err = 0; void *relptr = NULL; unsigned char *buffer; size_t pinlen, buflen; char *dek = NULL; size_t deklen = 32; *r_pinvalue = NULL; *r_pinlen = 0; pinlen = strlen (pin); if (app->app_local->extcap.kdf_do && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)) && buflen >= KDF_DATA_LENGTH_MIN && (buffer[2] == 0x03)) { const char *salt; unsigned long s2k_count; int salt_index; dek = xtrymalloc (deklen); if (!dek) { err = gpg_error_from_syserror (); goto leave; } s2k_count = (((unsigned int)buffer[8] << 24) | (buffer[9] << 16) | (buffer[10] << 8) | buffer[11]); if (buflen == KDF_DATA_LENGTH_MIN) salt_index =14; else if (buflen == KDF_DATA_LENGTH_MAX) salt_index = (chvno==3 ? 34 : (chvno==0 ? 24 : 14)); else { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } salt = &buffer[salt_index]; err = gcry_kdf_derive (pin, pinlen, GCRY_KDF_ITERSALTED_S2K, DIGEST_ALGO_SHA256, salt, 8, s2k_count, deklen, dek); if (!err) { *r_pinlen = deklen; *r_pinvalue = dek; dek = NULL; } } else { /* Just copy the PIN to a malloced buffer. */ *r_pinvalue = xtrymalloc_secure (pinlen + 1); if (!*r_pinvalue) { err = gpg_error_from_syserror (); goto leave; } strcpy (*r_pinvalue, pin); *r_pinlen = pinlen; } leave: xfree (dek); xfree (relptr); return err; } static const char * chvno_to_keyref (int chvno) { const char *keyref; switch (chvno) { case 1: keyref = "1"; break; case 2: keyref = "2"; break; case 3: keyref = "3"; break; default: keyref = NULL; break; } return keyref; } /* Helper to cache a PIN. If PIN is NULL the cache is cleared. */ static void cache_pin (app_t app, ctrl_t ctrl, int chvno, const char *pin) { const char *keyref; if (opt.pcsc_shared) return; keyref = chvno_to_keyref (chvno); if (!keyref) return; switch (APP_CARD(app)->cardtype) { case CARDTYPE_YUBIKEY: break; default: return; } pincache_put (ctrl, app_get_slot (app), "openpgp", keyref, pin, pin? strlen (pin):0); switch (chvno) { case 1: app->app_local->pincache.maybe_chv1 = !!pin; break; case 2: app->app_local->pincache.maybe_chv2 = !!pin; break; case 3: app->app_local->pincache.maybe_chv3 = !!pin; break; } } /* If the PIN cache is expected and really has a valid PIN return that * pin at R_PIN. Returns true if that is the case; otherwise * false. */ static int pin_from_cache (app_t app, ctrl_t ctrl, int chvno, char **r_pin) { const char *keyref = chvno_to_keyref (chvno); int maybe_cached; *r_pin = NULL; if (!keyref) return 0; switch (APP_CARD(app)->cardtype) { case CARDTYPE_YUBIKEY: break; default: return 0; } switch (chvno) { case 1: maybe_cached = app->app_local->pincache.maybe_chv1; break; case 2: maybe_cached = app->app_local->pincache.maybe_chv2; break; case 3: maybe_cached = app->app_local->pincache.maybe_chv3; break; default: maybe_cached = 0; break; } if (!maybe_cached) return 0; if (pincache_get (ctrl, app_get_slot (app), "openpgp", keyref, r_pin)) return 0; return 1; } /* Verify a CHV either using the pinentry or if possible by using a pinpad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only used with CHV1. PINVALUE is the address of a pointer which will receive a newly allocated block with the actual PIN (this is useful in case that PIN shall be used for another verify operation). The caller needs to free this value. If the function returns with success and NULL is stored at PINVALUE, the caller should take this as an indication that the pinpad has been used. */ static gpg_error_t verify_a_chv (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, int chvno, unsigned long sigcount, char **r_pinvalue, size_t *r_pinlen) { int rc = 0; char *prompt_buffer = NULL; const char *prompt; pininfo_t pininfo; int minlen = 6; int remaining; char *pin = NULL; log_assert (chvno == 1 || chvno == 2); *r_pinvalue = NULL; *r_pinlen = 0; remaining = get_remaining_tries (app, 0); if (remaining == -1) return gpg_error (GPG_ERR_CARD); if (chvno == 2 && app->app_local->flags.def_chv2) { /* Special case for def_chv2 mechanism. */ if (opt.verbose) log_info (_("using default PIN as %s\n"), "CHV2"); rc = iso7816_verify (app_get_slot (app), 0x82, "123456", 6); if (rc) { /* Verification of CHV2 with the default PIN failed, although the card pretends to have the default PIN set as CHV2. We better disable the def_chv2 flag now. */ log_info (_("failed to use default PIN as %s: %s" " - disabling further default use\n"), "CHV2", gpg_strerror (rc)); app->app_local->flags.def_chv2 = 0; } return rc; } memset (&pininfo, 0, sizeof pininfo); pininfo.fixedlen = -1; pininfo.minlen = minlen; { const char *firstline = _("||Please unlock the card"); char *infoblock = get_prompt_info (app, chvno, sigcount, remaining < 3? remaining : -1); prompt_buffer = strconcat (firstline, "%0A%0A", infoblock, NULL); if (prompt_buffer) prompt = prompt_buffer; else prompt = firstline; /* ENOMEM fallback. */ xfree (infoblock); } if (!opt.disable_pinpad && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) && !check_pinpad_request (app, &pininfo, 0)) { /* The reader supports the verify command through the pinpad. * In this case we do not utilize the PIN cache because by using * a pinpad the PIN can't have been cached. * Note that the pincb appends a text to the prompt telling the * user to use the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); prompt = NULL; xfree (prompt_buffer); prompt_buffer = NULL; if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } rc = iso7816_verify_kp (app_get_slot (app), 0x80+chvno, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } else { /* The reader has no pinpad or we don't want to use it. If we * have at least the standard 3 remaining tries we first try to * get the PIN from the cache. With less remaining tries it is * better to let the user know about failed attempts (which * might be due to a bug in the PIN cache handling). */ if (remaining >= 3 && pin_from_cache (app, ctrl, chvno, &pin)) rc = 0; else rc = pincb (pincb_arg, prompt, &pin); prompt = NULL; xfree (prompt_buffer); prompt_buffer = NULL; if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } if (strlen (pin) < minlen) { log_error (_("PIN for CHV%d is too short;" " minimum length is %d\n"), chvno, minlen); wipe_and_free_string (pin); return gpg_error (GPG_ERR_BAD_PIN); } rc = pin2hash_if_kdf (app, chvno, pin, r_pinvalue, r_pinlen); if (!rc) rc = iso7816_verify (app_get_slot (app), 0x80 + chvno, *r_pinvalue, *r_pinlen); if (!rc) cache_pin (app, ctrl, chvno, pin); } wipe_and_free_string (pin); if (rc) { log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc)); xfree (*r_pinvalue); *r_pinvalue = NULL; *r_pinlen = 0; flush_cache_after_error (app); } return rc; } /* Verify CHV2 if required. Depending on the configuration of the card CHV1 will also be verified. */ static gpg_error_t verify_chv2 (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { int rc; char *pinvalue; size_t pinlen; if (app->did_chv2) return 0; /* We already verified CHV2. */ if (app->app_local->pk[1].key || app->app_local->pk[2].key) { rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen); if (rc) return rc; app->did_chv2 = 1; if (!app->did_chv1 && !app->force_chv1 && pinvalue && !opt.pcsc_shared) { /* For convenience we verify CHV1 here too. We do this only if the card is not configured to require a verification before each CHV1 controlled operation (force_chv1) and if we are not using the pinpad (PINVALUE == NULL). */ rc = iso7816_verify (app_get_slot (app), 0x81, pinvalue, pinlen); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); if (rc) { log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc)); flush_cache_after_error (app); } else { app->did_chv1 = 1; /* Note that we are not able to cache the CHV 1 here because * it is possible that due to the use of a KDF-DO PINVALUE * has the hashed binary PIN of length PINLEN. */ } } } else { rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 1, 0, &pinvalue, &pinlen); if (rc) return rc; } wipe_and_free (pinvalue, pinlen); return rc; } /* Build the prompt to enter the Admin PIN. The prompt depends on the * current state of the card. If R_REMAINING is not NULL the * remaining tries are stored there. */ static gpg_error_t build_enter_admin_pin_prompt (app_t app, char **r_prompt, int *r_remaining) { int remaining; char *prompt; char *infoblock; *r_prompt = NULL; if (r_remaining) *r_remaining = 0; remaining = get_remaining_tries (app, 1); if (remaining == -1) return gpg_error (GPG_ERR_CARD); if (!remaining) { log_info (_("card is permanently locked!\n")); return gpg_error (GPG_ERR_BAD_PIN); } log_info (ngettext("%d Admin PIN attempt remaining before card" " is permanently locked\n", "%d Admin PIN attempts remaining before card" " is permanently locked\n", remaining), remaining); infoblock = get_prompt_info (app, 3, 0, remaining < 3? remaining : -1); /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at the start of the string. Use %0A (single percent) for a linefeed. */ prompt = strconcat (_("|A|Please enter the Admin PIN"), "%0A%0A", infoblock, NULL); xfree (infoblock); if (!prompt) return gpg_error_from_syserror (); *r_prompt = prompt; if (r_remaining) *r_remaining = remaining; return 0; } /* Verify CHV3 if required. */ static gpg_error_t verify_chv3 (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { int rc = 0; if (!opt.allow_admin) { log_info (_("access to admin commands is not configured\n")); return gpg_error (GPG_ERR_EACCES); } if (!app->did_chv3) { pininfo_t pininfo; int minlen = 8; char *prompt; int remaining; memset (&pininfo, 0, sizeof pininfo); pininfo.fixedlen = -1; pininfo.minlen = minlen; rc = build_enter_admin_pin_prompt (app, &prompt, &remaining); if (rc) return rc; if (!opt.disable_pinpad && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) && !check_pinpad_request (app, &pininfo, 1)) { /* The reader supports the verify command through the pinpad. */ rc = pincb (pincb_arg, prompt, NULL); xfree (prompt); prompt = NULL; if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } rc = iso7816_verify_kp (app_get_slot (app), 0x83, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } else { char *pin; char *pinvalue; size_t pinlen; if (remaining >= 3 && pin_from_cache (app, ctrl, 3, &pin)) rc = 0; else rc = pincb (pincb_arg, prompt, &pin); xfree (prompt); prompt = NULL; if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } if (strlen (pin) < minlen) { log_error (_("PIN for CHV%d is too short;" " minimum length is %d\n"), 3, minlen); wipe_and_free_string (pin); return gpg_error (GPG_ERR_BAD_PIN); } rc = pin2hash_if_kdf (app, 3, pin, &pinvalue, &pinlen); if (!rc) rc = iso7816_verify (app_get_slot (app), 0x83, pinvalue, pinlen); if (!rc) cache_pin (app, ctrl, 3, pin); wipe_and_free_string (pin); wipe_and_free (pinvalue, pinlen); } if (rc) { log_error (_("verify CHV%d failed: %s\n"), 3, gpg_strerror (rc)); flush_cache_after_error (app); return rc; } app->did_chv3 = 1; } return rc; } /* Handle the SETATTR operation. All arguments are already basically checked. */ static gpg_error_t do_setattr (app_t app, ctrl_t ctrl, const char *name, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *value, size_t valuelen) { gpg_error_t rc; int idx; static struct { const char *name; int tag; int flush_tag; /* The tag which needs to be flushed or 0. */ int need_chv; int special; unsigned int need_v2:1; unsigned int need_v3:1; } table[] = { { "DISP-NAME", 0x005B, 0, 3 }, { "LOGIN-DATA", 0x005E, 0, 3, 2 }, { "DISP-LANG", 0x5F2D, 0, 3 }, { "DISP-SEX", 0x5F35, 0, 3 }, { "PUBKEY-URL", 0x5F50, 0, 3 }, { "CHV-STATUS-1", 0x00C4, 0, 3, 1 }, { "CA-FPR-1", 0x00CA, 0x00C6, 3 }, { "CA-FPR-2", 0x00CB, 0x00C6, 3 }, { "CA-FPR-3", 0x00CC, 0x00C6, 3 }, { "PRIVATE-DO-1", 0x0101, 0, 2 }, { "PRIVATE-DO-2", 0x0102, 0, 3 }, { "PRIVATE-DO-3", 0x0103, 0, 2 }, { "PRIVATE-DO-4", 0x0104, 0, 3 }, { "CERT-1", 0x7F21, 0, 3,11, 1, 1 }, { "CERT-2", 0x7F21, 0, 3,12, 1, 1 }, { "CERT-3", 0x7F21, 0, 3, 0, 1 }, { "SM-KEY-ENC", 0x00D1, 0, 3, 0, 1 }, { "SM-KEY-MAC", 0x00D2, 0, 3, 0, 1 }, { "KEY-ATTR", 0, 0, 0, 3, 1 }, { "AESKEY", 0x00D5, 0, 3, 0, 1 }, { "UIF-1", 0x00D6, 0, 3, 5, 1 }, { "UIF-2", 0x00D7, 0, 3, 5, 1 }, { "UIF-3", 0x00D8, 0, 3, 5, 1 }, { "KDF", 0x00F9, 0, 0, 4, 1 }, { NULL, 0 } }; int exmode; for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++) ; if (!table[idx].name) return gpg_error (GPG_ERR_INV_NAME); if (table[idx].need_v2 && !app->app_local->extcap.is_v2) return gpg_error (GPG_ERR_NOT_SUPPORTED); if (table[idx].need_v3 && !app->app_local->extcap.is_v3) return gpg_error (GPG_ERR_NOT_SUPPORTED); if (table[idx].special == 5 && app->app_local->extcap.has_button == 0) return gpg_error (GPG_ERR_INV_OBJ); if (table[idx].special == 3) return change_keyattr_from_string (app, ctrl, pincb, pincb_arg, NULL, NULL, value, valuelen); switch (table[idx].need_chv) { case 2: rc = verify_chv2 (app, ctrl, pincb, pincb_arg); break; case 3: rc = verify_chv3 (app, ctrl, pincb, pincb_arg); break; default: rc = 0; } if (rc) return rc; /* Flush the cache before writing it, so that the next get operation will reread the data from the card and thus get synced in case of errors (e.g. data truncated by the card). */ flush_cache_item (app, table[idx].flush_tag? table[idx].flush_tag /* */ : table[idx].tag); if (app->app_local->cardcap.ext_lc_le && valuelen > 254) exmode = 1; /* Use extended length w/o a limit. */ else if (app->app_local->cardcap.cmd_chaining && valuelen > 254) exmode = -254; /* Command chaining with max. 254 bytes. */ else exmode = 0; if (table[idx].special == 4) { if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY || APP_CARD(app)->cardtype == CARDTYPE_GNUK) { rc = verify_chv3 (app, ctrl, pincb, pincb_arg); if (rc) return rc; if (valuelen == 3 && APP_CARD(app)->cardtype == CARDTYPE_GNUK) { value = NULL; valuelen = 0; } cache_pin (app, ctrl, 1, NULL); cache_pin (app, ctrl, 2, NULL); cache_pin (app, ctrl, 3, NULL); } else { char *oldpinvalue = NULL; char *buffer1 = NULL; size_t bufferlen1; const char *u, *a; size_t ulen, alen; if (valuelen == 3) { u = "123456"; a = "12345678"; ulen = 6; alen = 8; } else if (valuelen == KDF_DATA_LENGTH_MAX) { u = (const char *)value + 44; a = u + 34; ulen = alen = 32; } else return gpg_error (GPG_ERR_INV_OBJ); if (!pin_from_cache (app, ctrl, 3, &oldpinvalue)) { char *prompt; rc = build_enter_admin_pin_prompt (app, &prompt, NULL); if (rc) return rc; rc = pincb (pincb_arg, prompt, &oldpinvalue); if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); return rc; } } rc = pin2hash_if_kdf (app, 3, oldpinvalue, &buffer1, &bufferlen1); if (!rc) rc = iso7816_change_reference_data (app_get_slot (app), 0x83, buffer1, bufferlen1, a, alen); if (!rc) rc = iso7816_verify (app_get_slot (app), 0x83, a, alen); if (!rc) cache_pin (app, ctrl, 3, "12345678"); if (!rc) rc = iso7816_reset_retry_counter (app_get_slot (app), 0x81, u, ulen); if (!rc) cache_pin (app, ctrl, 1, "123456"); if (!rc) rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0); wipe_and_free (buffer1, bufferlen1); wipe_and_free_string (oldpinvalue); } /* Flush the cache again, because pin2hash_if_kdf uses the DO. */ flush_cache_item (app, 0x00F9); } if (table[idx].special == 11 || table[idx].special == 12) /* CERT-1 or -2 */ { rc = iso7816_select_data (app_get_slot (app), table[idx].special == 11? 2 : 1, table[idx].tag); if (!rc) { rc = iso7816_put_data (app_get_slot (app), exmode, table[idx].tag, value, valuelen); /* We better reset the curDO. */ iso7816_select_data (app_get_slot (app), 0, table[idx].tag); } } else /* Standard. */ rc = iso7816_put_data (app_get_slot (app), exmode, table[idx].tag, value, valuelen); if (rc) log_error ("failed to set '%s': %s\n", table[idx].name, gpg_strerror (rc)); if (table[idx].special == 1) app->force_chv1 = (valuelen && *value == 0); else if (table[idx].special == 2) parse_login_data (app); else if (table[idx].special == 4) { app->did_chv1 = 0; app->did_chv2 = 0; app->did_chv3 = 0; if ((valuelen == KDF_DATA_LENGTH_MIN || valuelen == KDF_DATA_LENGTH_MAX) && (value[2] == 0x03)) app->app_local->pinpad.disabled = 1; else app->app_local->pinpad.disabled = 0; } return rc; } /* Handle the WRITECERT command for OpenPGP. This writes the standard * certificate to the card; CERTID needs to be set to "OPENPGP.3". * PINCB and PINCB_ARG are the usual arguments for the pinentry * callback. */ static gpg_error_t do_writecert (app_t app, ctrl_t ctrl, const char *certidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *certdata, size_t certdatalen) { const char *name; if (!ascii_strcasecmp (certidstr, "OPENPGP.3")) name = "CERT-3"; else if (!ascii_strcasecmp (certidstr, "OPENPGP.2")) name = "CERT-2"; else if (!ascii_strcasecmp (certidstr, "OPENPGP.1")) name = "CERT-1"; else return gpg_error (GPG_ERR_INV_ID); if (!certdata || !certdatalen) return gpg_error (GPG_ERR_INV_ARG); if (!app->app_local->extcap.is_v2) return gpg_error (GPG_ERR_NOT_SUPPORTED); /* do_setattr checks that CERT-2 and CERT-1 requires a v3 card. */ if (certdatalen > app->app_local->extcap.max_certlen) return gpg_error (GPG_ERR_TOO_LARGE); return do_setattr (app, ctrl, name, pincb, pincb_arg, certdata, certdatalen); } static gpg_error_t clear_chv_status (app_t app, ctrl_t ctrl, int chvno) { unsigned char apdu[4]; gpg_error_t err; cache_pin (app, ctrl, chvno, NULL); if (!app->app_local->extcap.is_v2) return GPG_ERR_UNSUPPORTED_OPERATION; apdu[0] = 0x00; apdu[1] = ISO7816_VERIFY; apdu[2] = 0xff; apdu[3] = 0x80+chvno; err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, NULL, NULL, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_INV_VALUE) err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); return err; } if (chvno == 1) { apdu[3]++; err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, NULL, NULL, NULL); app->did_chv1 = app->did_chv2 = 0; } else if (chvno == 2) app->did_chv2 = 0; else if (chvno == 3) app->did_chv3 = 0; return err; } /* Handle the PASSWD command. The following combinations are possible: Flags CHVNO Vers. Description RESET 1 1 Verify CHV3 and set a new CHV1 and CHV2 RESET 1 2 Verify PW3 and set a new PW1. RESET 2 1 Verify CHV3 and set a new CHV1 and CHV2. RESET 2 2 Verify PW3 and set a new Reset Code. RESET 3 any Returns GPG_ERR_INV_ID. - 1 1 Verify CHV2 and set a new CHV1 and CHV2. - 1 2 Verify PW1 and set a new PW1. - 2 1 Verify CHV2 and set a new CHV1 and CHV2. - 2 2 Verify Reset Code and set a new PW1. - 3 any Verify CHV3/PW3 and set a new CHV3/PW3. The CHVNO can be prefixed with "OPENPGP.". */ static gpg_error_t do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { int rc = 0; int chvno; char *resetcode = NULL; char *oldpinvalue = NULL; char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; pininfo_t pininfo; int use_pinpad = 0; int minlen = 6; if (digitp (chvnostr)) chvno = atoi (chvnostr); else if (!ascii_strcasecmp (chvnostr, "OPENPGP.1")) chvno = 1; else if (!ascii_strcasecmp (chvnostr, "OPENPGP.2")) chvno = 2; else if (!ascii_strcasecmp (chvnostr, "OPENPGP.3")) chvno = 3; else return gpg_error (GPG_ERR_INV_ID); memset (&pininfo, 0, sizeof pininfo); pininfo.fixedlen = -1; pininfo.minlen = minlen; /* Better clear all the PIN caches first. */ cache_pin (app, ctrl, 1, NULL); cache_pin (app, ctrl, 2, NULL); cache_pin (app, ctrl, 3, NULL); if ((flags & APP_CHANGE_FLAG_CLEAR)) return clear_chv_status (app, ctrl, chvno); if (reset_mode && chvno == 3) { rc = gpg_error (GPG_ERR_INV_ID); goto leave; } if (!app->app_local->extcap.is_v2) { /* Version 1 cards. */ if (reset_mode || chvno == 3) { /* We always require that the PIN is entered. */ app->did_chv3 = 0; rc = verify_chv3 (app, ctrl, pincb, pincb_arg); if (rc) goto leave; } else if (chvno == 1 || chvno == 2) { /* On a v1.x card CHV1 and CVH2 should always have the same value, thus we enforce it here. */ int save_force = app->force_chv1; app->force_chv1 = 0; app->did_chv1 = 0; app->did_chv2 = 0; rc = verify_chv2 (app, ctrl, pincb, pincb_arg); app->force_chv1 = save_force; if (rc) goto leave; } else { rc = gpg_error (GPG_ERR_INV_ID); goto leave; } } else { /* Version 2 cards. */ if (!opt.disable_pinpad && !iso7816_check_pinpad (app_get_slot (app), ISO7816_CHANGE_REFERENCE_DATA, &pininfo) && !check_pinpad_request (app, &pininfo, chvno == 3)) use_pinpad = 1; if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ use_pinpad = 0; app->did_chv3 = 0; rc = verify_chv3 (app, ctrl, pincb, pincb_arg); if (rc) goto leave; if (chvno == 2) set_resetcode = 1; } else if (chvno == 1 || chvno == 3) { if (!use_pinpad) { char *promptbuf = NULL; const char *prompt; if (chvno == 3) { minlen = 8; rc = build_enter_admin_pin_prompt (app, &promptbuf, NULL); if (rc) goto leave; prompt = promptbuf; } else prompt = _("||Please enter the PIN"); rc = pincb (pincb_arg, prompt, &oldpinvalue); xfree (promptbuf); promptbuf = NULL; if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); goto leave; } if (strlen (oldpinvalue) < minlen) { log_info (_("PIN for CHV%d is too short;" " minimum length is %d\n"), chvno, minlen); rc = gpg_error (GPG_ERR_BAD_PIN); goto leave; } } } else if (chvno == 2) { /* There is no PW2 for v2 cards. We use this condition to allow a PW reset using the Reset Code. */ void *relptr; unsigned char *value; size_t valuelen; int remaining; use_pinpad = 0; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) { log_error (_("error retrieving CHV status from card\n")); xfree (relptr); rc = gpg_error (GPG_ERR_CARD); goto leave; } remaining = value[5]; xfree (relptr); if (!remaining) { log_error (_("Reset Code not or not anymore available\n")); rc = gpg_error (GPG_ERR_BAD_PIN); goto leave; } rc = pincb (pincb_arg, _("||Please enter the Reset Code for the card"), &resetcode); if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); goto leave; } if (strlen (resetcode) < minlen) { log_info (_("Reset Code is too short; minimum length is %d\n"), minlen); rc = gpg_error (GPG_ERR_BAD_PIN); goto leave; } } else { rc = gpg_error (GPG_ERR_INV_ID); goto leave; } } if (chvno == 3) app->did_chv3 = 0; else app->did_chv1 = app->did_chv2 = 0; if (!use_pinpad) { /* TRANSLATORS: Do not translate the "|*|" prefixes but keep it at the start of the string. We need this elsewhere to get some infos on the string. */ rc = pincb (pincb_arg, set_resetcode? _("|RN|New Reset Code") : chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), &pinvalue); if (rc || pinvalue == NULL) { log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); goto leave; } } if (resetcode) { char *result1 = NULL; char *result2 = NULL; char *buffer = NULL; size_t resultlen1, resultlen2=0, bufferlen=0; rc = pin2hash_if_kdf (app, 0, resetcode, &result1, &resultlen1); if (!rc) rc = pin2hash_if_kdf (app, 0, pinvalue, &result2, &resultlen2); if (!rc) { bufferlen = resultlen1 + resultlen2; buffer = xtrymalloc (bufferlen); if (!buffer) rc = gpg_error_from_syserror (); else { memcpy (buffer, result1, resultlen1); memcpy (buffer+resultlen1, result2, resultlen2); } } if (!rc) rc = iso7816_reset_retry_counter_with_rc (app_get_slot (app), 0x81, buffer, bufferlen); wipe_and_free (result1, resultlen1); wipe_and_free (result2, resultlen2); wipe_and_free (buffer, bufferlen); } else if (set_resetcode) { if (strlen (pinvalue) < 8) { log_error (_("Reset Code is too short; minimum length is %d\n"), 8); rc = gpg_error (GPG_ERR_BAD_PIN); } else { char *buffer = NULL; size_t bufferlen; rc = pin2hash_if_kdf (app, 0, pinvalue, &buffer, &bufferlen); if (!rc) rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, buffer, bufferlen); wipe_and_free (buffer, bufferlen); } } else if (reset_mode) { char *buffer = NULL; size_t bufferlen; rc = pin2hash_if_kdf (app, 1, pinvalue, &buffer, &bufferlen); if (!rc) rc = iso7816_reset_retry_counter (app_get_slot (app), 0x81, buffer, bufferlen); if (!rc && !app->app_local->extcap.is_v2) rc = iso7816_reset_retry_counter (app_get_slot (app), 0x82, buffer, bufferlen); wipe_and_free (buffer, bufferlen); } else if (!app->app_local->extcap.is_v2) { /* Version 1 cards. */ if (chvno == 1 || chvno == 2) { rc = iso7816_change_reference_data (app_get_slot (app), 0x81, NULL, 0, pinvalue, strlen (pinvalue)); if (!rc) rc = iso7816_change_reference_data (app_get_slot (app), 0x82, NULL, 0, pinvalue, strlen (pinvalue)); } else /* CHVNO == 3 */ { rc = iso7816_change_reference_data (app_get_slot (app), 0x80 + chvno, NULL, 0, pinvalue, strlen (pinvalue)); } } else { /* Version 2 cards. */ - assert (chvno == 1 || chvno == 3); + log_assert (chvno == 1 || chvno == 3); if (use_pinpad) { rc = pincb (pincb_arg, chvno == 3 ? _("||Please enter the Admin PIN and New Admin PIN") : _("||Please enter the PIN and New PIN"), NULL); if (rc) { log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc)); goto leave; } rc = iso7816_change_reference_data_kp (app_get_slot (app), 0x80 + chvno, 0, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else { char *buffer1 = NULL; char *buffer2 = NULL; size_t bufferlen1, bufferlen2 = 0; rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &buffer1, &bufferlen1); if (!rc) rc = pin2hash_if_kdf (app, chvno, pinvalue, &buffer2, &bufferlen2); if (!rc) rc = iso7816_change_reference_data (app_get_slot (app), 0x80 + chvno, buffer1, bufferlen1, buffer2, bufferlen2); wipe_and_free (buffer1, bufferlen1); wipe_and_free (buffer2, bufferlen2); } } wipe_and_free_string (pinvalue); if (rc) flush_cache_after_error (app); leave: wipe_and_free_string (resetcode); wipe_and_free_string (oldpinvalue); return rc; } /* Check whether a key already exists. KEYIDX is the index of the key (0..2). If FORCE is TRUE a diagnositic will be printed but no error returned if the key already exists. The flag GENERATING is only used to print correct messages. */ static gpg_error_t does_key_exist (app_t app, int keyidx, int generating, int force) { const unsigned char *fpr; unsigned char *buffer; size_t buflen, n; int i; - assert (keyidx >=0 && keyidx <= 2); + log_assert (keyidx >=0 && keyidx <= 2); if (iso7816_get_data (app_get_slot (app), 0, 0x006E, &buffer, &buflen)) { log_error (_("error reading application data\n")); return gpg_error (GPG_ERR_GENERAL); } fpr = find_tlv (buffer, buflen, 0x00C5, &n); if (!fpr || n < 60) { log_error (_("error reading fingerprint DO\n")); xfree (buffer); return gpg_error (GPG_ERR_GENERAL); } fpr += 20*keyidx; for (i=0; i < 20 && !fpr[i]; i++) ; xfree (buffer); if (i!=20 && !force) { log_error (_("key already exists\n")); return gpg_error (GPG_ERR_EEXIST); } else if (i!=20) log_info (_("existing key will be replaced\n")); else if (generating) log_info (_("generating new key\n")); else log_info (_("writing new key\n")); return 0; } /* Create a TLV tag and value and store it at BUFFER. Return the length of tag and length. A LENGTH greater than 65535 is truncated. */ static size_t add_tlv (unsigned char *buffer, unsigned int tag, size_t length) { unsigned char *p = buffer; - assert (tag <= 0xffff); + log_assert (tag <= 0xffff); if ( tag > 0xff ) *p++ = tag >> 8; *p++ = tag; if (length < 128) *p++ = length; else if (length < 256) { *p++ = 0x81; *p++ = length; } else { if (length > 0xffff) length = 0xffff; *p++ = 0x82; *p++ = length >> 8; *p++ = length; } return p - buffer; } static gpg_error_t build_privkey_template (app_t app, int keyno, const unsigned char *rsa_n, size_t rsa_n_len, const unsigned char *rsa_e, size_t rsa_e_len, const unsigned char *rsa_p, size_t rsa_p_len, const unsigned char *rsa_q, size_t rsa_q_len, const unsigned char *rsa_u, size_t rsa_u_len, const unsigned char *rsa_dp, size_t rsa_dp_len, const unsigned char *rsa_dq, size_t rsa_dq_len, unsigned char **result, size_t *resultlen) { size_t rsa_e_reqlen; unsigned char privkey[7*(1+3+3)]; size_t privkey_len; unsigned char exthdr[2+2+3]; size_t exthdr_len; unsigned char suffix[2+3]; size_t suffix_len; unsigned char *tp; size_t datalen; unsigned char *template; size_t template_size; *result = NULL; *resultlen = 0; switch (app->app_local->keyattr[keyno].rsa.format) { case RSA_STD: case RSA_STD_N: case RSA_CRT: case RSA_CRT_N: break; default: return gpg_error (GPG_ERR_INV_VALUE); } /* Get the required length for E. Rounded up to the nearest byte */ rsa_e_reqlen = (app->app_local->keyattr[keyno].rsa.e_bits + 7) / 8; - assert (rsa_e_len <= rsa_e_reqlen); + log_assert (rsa_e_len <= rsa_e_reqlen); /* Build the 7f48 cardholder private key template. */ datalen = 0; tp = privkey; tp += add_tlv (tp, 0x91, rsa_e_reqlen); datalen += rsa_e_reqlen; tp += add_tlv (tp, 0x92, rsa_p_len); datalen += rsa_p_len; tp += add_tlv (tp, 0x93, rsa_q_len); datalen += rsa_q_len; if (app->app_local->keyattr[keyno].rsa.format == RSA_CRT || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N) { tp += add_tlv (tp, 0x94, rsa_u_len); datalen += rsa_u_len; tp += add_tlv (tp, 0x95, rsa_dp_len); datalen += rsa_dp_len; tp += add_tlv (tp, 0x96, rsa_dq_len); datalen += rsa_dq_len; } if (app->app_local->keyattr[keyno].rsa.format == RSA_STD_N || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N) { tp += add_tlv (tp, 0x97, rsa_n_len); datalen += rsa_n_len; } privkey_len = tp - privkey; /* Build the extended header list without the private key template. */ tp = exthdr; *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4; *tp++ = 0; tp += add_tlv (tp, 0x7f48, privkey_len); exthdr_len = tp - exthdr; /* Build the 5f48 suffix of the data. */ tp = suffix; tp += add_tlv (tp, 0x5f48, datalen); suffix_len = tp - suffix; /* Now concatenate everything. */ template_size = (1 + 3 /* 0x4d and len. */ + exthdr_len + privkey_len + suffix_len + datalen); tp = template = xtrymalloc_secure (template_size); if (!template) return gpg_error_from_syserror (); tp += add_tlv (tp, 0x4d, exthdr_len + privkey_len + suffix_len + datalen); memcpy (tp, exthdr, exthdr_len); tp += exthdr_len; memcpy (tp, privkey, privkey_len); tp += privkey_len; memcpy (tp, suffix, suffix_len); tp += suffix_len; memcpy (tp, rsa_e, rsa_e_len); if (rsa_e_len < rsa_e_reqlen) { /* Right justify E. */ memmove (tp + rsa_e_reqlen - rsa_e_len, tp, rsa_e_len); memset (tp, 0, rsa_e_reqlen - rsa_e_len); } tp += rsa_e_reqlen; memcpy (tp, rsa_p, rsa_p_len); tp += rsa_p_len; memcpy (tp, rsa_q, rsa_q_len); tp += rsa_q_len; if (app->app_local->keyattr[keyno].rsa.format == RSA_CRT || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N) { memcpy (tp, rsa_u, rsa_u_len); tp += rsa_u_len; memcpy (tp, rsa_dp, rsa_dp_len); tp += rsa_dp_len; memcpy (tp, rsa_dq, rsa_dq_len); tp += rsa_dq_len; } if (app->app_local->keyattr[keyno].rsa.format == RSA_STD_N || app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N) { memcpy (tp, rsa_n, rsa_n_len); tp += rsa_n_len; } /* Sanity check. We don't know the exact length because we allocated 3 bytes for the first length header. */ - assert (tp - template <= template_size); + log_assert (tp - template <= template_size); *result = template; *resultlen = tp - template; return 0; } static gpg_error_t build_ecc_privkey_template (app_t app, int keyno, const unsigned char *ecc_d, size_t ecc_d_len, size_t ecc_d_fixed_len, const unsigned char *ecc_q, size_t ecc_q_len, unsigned char **result, size_t *resultlen) { unsigned char privkey[2*(1+3)]; size_t privkey_len; unsigned char exthdr[2+2+3]; size_t exthdr_len; unsigned char suffix[2+3]; size_t suffix_len; unsigned char *tp; size_t datalen; unsigned char *template; size_t template_size; int pubkey_required; /* This case doesn't occur in GnuPG 2.3 or later, because agent/sexp-secret.c does the fixup. */ if (ecc_d_fixed_len < ecc_d_len) { if (ecc_d_fixed_len != ecc_d_len - 1 || *ecc_d) return gpg_error (GPG_ERR_INV_OBJ); /* Remove the additional zero. */ ecc_d_len--; ecc_d++; } pubkey_required = !!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_PUBKEY); *result = NULL; *resultlen = 0; /* Build the 7f48 cardholder private key template. */ datalen = 0; tp = privkey; tp += add_tlv (tp, 0x92, ecc_d_fixed_len); datalen += ecc_d_fixed_len; if (pubkey_required) { tp += add_tlv (tp, 0x99, ecc_q_len); datalen += ecc_q_len; } privkey_len = tp - privkey; /* Build the extended header list without the private key template. */ tp = exthdr; *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4; *tp++ = 0; tp += add_tlv (tp, 0x7f48, privkey_len); exthdr_len = tp - exthdr; /* Build the 5f48 suffix of the data. */ tp = suffix; tp += add_tlv (tp, 0x5f48, datalen); suffix_len = tp - suffix; /* Now concatenate everything. */ template_size = (1 + 1 /* 0x4d and len. */ + exthdr_len + privkey_len + suffix_len + datalen); if (exthdr_len + privkey_len + suffix_len + datalen >= 128) template_size++; tp = template = xtrymalloc_secure (template_size); if (!template) return gpg_error_from_syserror (); tp += add_tlv (tp, 0x4d, exthdr_len + privkey_len + suffix_len + datalen); memcpy (tp, exthdr, exthdr_len); tp += exthdr_len; memcpy (tp, privkey, privkey_len); tp += privkey_len; memcpy (tp, suffix, suffix_len); tp += suffix_len; if (ecc_d_fixed_len > ecc_d_len) { memset (tp, 0, ecc_d_fixed_len - ecc_d_len); memcpy (tp + ecc_d_fixed_len - ecc_d_len, ecc_d, ecc_d_len); } else memcpy (tp, ecc_d, ecc_d_len); tp += ecc_d_fixed_len; if (pubkey_required) { memcpy (tp, ecc_q, ecc_q_len); tp += ecc_q_len; } - assert (tp - template == template_size); + log_assert (tp - template == template_size); *result = template; *resultlen = tp - template; return 0; } /* Helper for do_writekey to change the size of a key. Note that this deletes the entire key without asking. */ static gpg_error_t change_keyattr (app_t app, ctrl_t ctrl, int keyno, const unsigned char *buf, size_t buflen, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; - assert (keyno >=0 && keyno <= 2); + log_assert (keyno >=0 && keyno <= 2); /* Prepare for storing the key. */ err = verify_chv3 (app, ctrl, pincb, pincb_arg); if (err) return err; /* Change the attribute. */ err = iso7816_put_data (app_get_slot (app), 0, 0xC1+keyno, buf, buflen); if (err) log_error ("error changing key attribute of OPENPGP.%d\n", keyno+1); else log_info ("key attribute of OPENPGP.%d changed\n", keyno+1); flush_cache (app); parse_algorithm_attribute (app, keyno); app->did_chv1 = 0; app->did_chv2 = 0; app->did_chv3 = 0; cache_pin (app, ctrl, 1, NULL); cache_pin (app, ctrl, 2, NULL); cache_pin (app, ctrl, 3, NULL); return err; } static gpg_error_t change_rsa_keyattr (app_t app, ctrl_t ctrl, int keyno, unsigned int nbits, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err = 0; unsigned char *buf; size_t buflen; void *relptr; /* Read the current attributes into a buffer. */ relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL); if (!relptr) err = gpg_error (GPG_ERR_CARD); else if (buflen < 6) { /* Attributes too short. */ xfree (relptr); err = gpg_error (GPG_ERR_CARD); } else { /* If key attribute was RSA, we only change n_bits and don't touch anything else. Before we do so, we round up NBITS to a sensible way in the same way as gpg's key generation does it. This may help to sort out problems with a few bits too short keys. */ nbits = ((nbits + 31) / 32) * 32; buf[1] = (nbits >> 8); buf[2] = nbits; /* If it was not RSA, we need to fill other parts. */ if (buf[0] != PUBKEY_ALGO_RSA) { buf[0] = PUBKEY_ALGO_RSA; buf[3] = 0; buf[4] = 32; buf[5] = 0; buflen = 6; } err = change_keyattr (app, ctrl, keyno, buf, buflen, pincb, pincb_arg); xfree (relptr); } return err; } /* Helper to process an setattr command for name KEY-ATTR. * * If KEYREF and KEYALGO are NULL (VALUE,VALUELEN) are expected to * contain one of the following strings: * RSA: "--force rsa" * ECC: "--force " * * If KEYREF and KEYALGO is given the key attribute for KEYREF are * changed to what is described by KEYALGO (e.g. "rsa3072", "rsa2048", * or "ed25519"). */ static gpg_error_t change_keyattr_from_string (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const char *keyref, const char *keyalgo, const void *value, size_t valuelen) { gpg_error_t err = 0; char *string = NULL; int key, keyno, algo; unsigned int nbits = 0; const char *oidstr = NULL; /* OID of the curve. */ char *endp; if (keyref && keyalgo && *keyref && *keyalgo) { if (!ascii_strcasecmp (keyref, "OPENPGP.1")) keyno = 0; else if (!ascii_strcasecmp (keyref, "OPENPGP.2")) keyno = 1; else if (!ascii_strcasecmp (keyref, "OPENPGP.3")) keyno = 2; else { err = gpg_error (GPG_ERR_INV_ID); goto leave; } if (!strncmp (keyalgo, "rsa", 3) && digitp (keyalgo+3)) { errno = 0; nbits = strtoul (keyalgo+3, &endp, 10); if (errno || *endp) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } algo = PUBKEY_ALGO_RSA; } else if ((!strncmp (keyalgo, "dsa", 3) || !strncmp (keyalgo, "elg", 3)) && digitp (keyalgo+3)) { err = gpg_error (GPG_ERR_PUBKEY_ALGO); goto leave; } else { nbits = 0; oidstr = openpgp_curve_to_oid (keyalgo, NULL, &algo); if (!oidstr) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } if (!algo) algo = keyno == 1? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA; } } else if (!keyref && !keyalgo && value) { int n; /* VALUE is expected to be a string but not guaranteed to be * terminated. Thus copy it to an allocated buffer first. */ string = xtrymalloc (valuelen+1); if (!string) { err = gpg_error_from_syserror (); goto leave; } memcpy (string, value, valuelen); string[valuelen] = 0; /* Because this function deletes the key we require the string * "--force" in the data to make clear that something serious * might happen. */ n = 0; sscanf (string, "--force %d %d %n", &key, &algo, &n); if (n < 12) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } keyno = key - 1; if (algo == PUBKEY_ALGO_RSA) { errno = 0; nbits = strtoul (string+n+3, NULL, 10); if (errno) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } } else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA) { oidstr = openpgp_curve_to_oid (string+n, NULL, NULL); if (!oidstr) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; } } else { err = gpg_error (GPG_ERR_PUBKEY_ALGO); goto leave; } } else { err = gpg_error (GPG_ERR_INV_ARG); goto leave; } if (keyno < 0 || keyno > 2) err = gpg_error (GPG_ERR_INV_ID); else if (algo == PUBKEY_ALGO_RSA) { if (nbits < 1024) err = gpg_error (GPG_ERR_TOO_SHORT); else if (nbits > 4096) err = gpg_error (GPG_ERR_TOO_LARGE); else err = change_rsa_keyattr (app, ctrl, keyno, nbits, pincb, pincb_arg); } else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA) { gcry_mpi_t oid; const unsigned char *oidbuf; size_t oid_len; unsigned int n; /* Check that the requested algo matches the properties of the * key slot. */ if (keyno == 1 && algo != PUBKEY_ALGO_ECDH) err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); else if (keyno != 1 && algo == PUBKEY_ALGO_ECDH) err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); else err = 0; if (err) goto leave; /* Convert the OID string to an OpenPGP formatted OID. */ err = openpgp_oid_from_str (oidstr, &oid); if (err) goto leave; oidbuf = gcry_mpi_get_opaque (oid, &n); oid_len = (n+7)/8; /* Create the template. */ xfree (string); string = xtrymalloc (1 + oid_len); if (!string) { err = gpg_error_from_syserror (); goto leave; } string[0] = algo; memcpy (string+1, oidbuf+1, oid_len-1); err = change_keyattr (app, ctrl,keyno, string, oid_len, pincb, pincb_arg); gcry_mpi_release (oid); } else err = gpg_error (GPG_ERR_PUBKEY_ALGO); leave: xfree (string); return err; } static gpg_error_t rsa_writekey (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, int keyno, const unsigned char *buf, size_t buflen, int depth) { gpg_error_t err; const unsigned char *tok; size_t toklen; int last_depth1, last_depth2; const unsigned char *rsa_n = NULL; const unsigned char *rsa_e = NULL; const unsigned char *rsa_p = NULL; const unsigned char *rsa_q = NULL; size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len; unsigned int nbits; unsigned int maxbits; unsigned char *template = NULL; unsigned char *tp; size_t template_len; unsigned char fprbuf[20]; u32 created_at = 0; if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_RSA) { log_error (_("unsupported algorithm: %s"), "RSA"); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } last_depth1 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth1) { if (tok) { err = gpg_error (GPG_ERR_UNKNOWN_SEXP); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && toklen == 1) { const unsigned char **mpi; size_t *mpi_len; switch (*tok) { case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break; case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break; case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break; case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break; default: mpi = NULL; mpi_len = NULL; break; } if (mpi && *mpi) { err = gpg_error (GPG_ERR_DUP_VALUE); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && mpi) { /* Strip off leading zero bytes and save. */ for (;toklen && !*tok; toklen--, tok++) ; *mpi = tok; *mpi_len = toklen; } } /* Skip until end of list. */ last_depth2 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth2) ; if (err) goto leave; } /* Parse other attributes. */ last_depth1 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth1) { if (tok) { err = gpg_error (GPG_ERR_UNKNOWN_SEXP); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && toklen == 10 && !memcmp ("created-at", tok, toklen)) { if ((err = parse_sexp (&buf,&buflen,&depth,&tok,&toklen))) goto leave; if (tok) { for (created_at=0; toklen && *tok && *tok >= '0' && *tok <= '9'; tok++, toklen--) created_at = created_at*10 + (*tok - '0'); } } /* Skip until end of list. */ last_depth2 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth2) ; if (err) goto leave; } /* Check that we have all parameters and that they match the card description. */ if (!created_at) { log_error (_("creation timestamp missing\n")); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } maxbits = app->app_local->keyattr[keyno].rsa.n_bits; nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0; if (opt.verbose) log_info ("RSA modulus size is %u bits\n", nbits); if (nbits && nbits != maxbits && app->app_local->extcap.algo_attr_change) { /* Try to switch the key to a new length. */ err = change_rsa_keyattr (app, ctrl, keyno, nbits, pincb, pincb_arg); if (!err) maxbits = app->app_local->keyattr[keyno].rsa.n_bits; } if (nbits != maxbits) { log_error (_("RSA modulus missing or not of size %d bits\n"), (int)maxbits); err = gpg_error (GPG_ERR_BAD_SECKEY); goto leave; } maxbits = app->app_local->keyattr[keyno].rsa.e_bits; if (maxbits > 32 && !app->app_local->extcap.is_v2) maxbits = 32; /* Our code for v1 does only support 32 bits. */ nbits = rsa_e? count_bits (rsa_e, rsa_e_len) : 0; if (nbits < 2 || nbits > maxbits) { log_error (_("RSA public exponent missing or larger than %d bits\n"), (int)maxbits); err = gpg_error (GPG_ERR_BAD_SECKEY); goto leave; } maxbits = app->app_local->keyattr[keyno].rsa.n_bits/2; nbits = rsa_p? count_bits (rsa_p, rsa_p_len) : 0; if (nbits != maxbits) { log_error (_("RSA prime %s missing or not of size %d bits\n"), "P", (int)maxbits); err = gpg_error (GPG_ERR_BAD_SECKEY); goto leave; } nbits = rsa_q? count_bits (rsa_q, rsa_q_len) : 0; if (nbits != maxbits) { log_error (_("RSA prime %s missing or not of size %d bits\n"), "Q", (int)maxbits); err = gpg_error (GPG_ERR_BAD_SECKEY); goto leave; } /* We need to remove the cached public key. */ xfree (app->app_local->pk[keyno].key); app->app_local->pk[keyno].key = NULL; app->app_local->pk[keyno].keylen = 0; app->app_local->pk[keyno].read_done = 0; if (app->app_local->extcap.is_v2) { unsigned char *rsa_u, *rsa_dp, *rsa_dq; size_t rsa_u_len, rsa_dp_len, rsa_dq_len; gcry_mpi_t mpi_e, mpi_p, mpi_q; gcry_mpi_t mpi_u = gcry_mpi_snew (0); gcry_mpi_t mpi_dp = gcry_mpi_snew (0); gcry_mpi_t mpi_dq = gcry_mpi_snew (0); gcry_mpi_t mpi_tmp = gcry_mpi_snew (0); int exmode; /* Calculate the u, dp and dq components needed by RSA_CRT cards */ gcry_mpi_scan (&mpi_e, GCRYMPI_FMT_USG, rsa_e, rsa_e_len, NULL); gcry_mpi_scan (&mpi_p, GCRYMPI_FMT_USG, rsa_p, rsa_p_len, NULL); gcry_mpi_scan (&mpi_q, GCRYMPI_FMT_USG, rsa_q, rsa_q_len, NULL); gcry_mpi_invm (mpi_u, mpi_q, mpi_p); gcry_mpi_sub_ui (mpi_tmp, mpi_p, 1); gcry_mpi_invm (mpi_dp, mpi_e, mpi_tmp); gcry_mpi_sub_ui (mpi_tmp, mpi_q, 1); gcry_mpi_invm (mpi_dq, mpi_e, mpi_tmp); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_u, &rsa_u_len, mpi_u); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dp, &rsa_dp_len, mpi_dp); gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_dq, &rsa_dq_len, mpi_dq); gcry_mpi_release (mpi_e); gcry_mpi_release (mpi_p); gcry_mpi_release (mpi_q); gcry_mpi_release (mpi_u); gcry_mpi_release (mpi_dp); gcry_mpi_release (mpi_dq); gcry_mpi_release (mpi_tmp); /* Build the private key template as described in section 4.3.3.7 of the OpenPGP card specs version 2.0. */ err = build_privkey_template (app, keyno, rsa_n, rsa_n_len, rsa_e, rsa_e_len, rsa_p, rsa_p_len, rsa_q, rsa_q_len, rsa_u, rsa_u_len, rsa_dp, rsa_dp_len, rsa_dq, rsa_dq_len, &template, &template_len); xfree(rsa_u); xfree(rsa_dp); xfree(rsa_dq); if (err) goto leave; /* Prepare for storing the key. */ err = verify_chv3 (app, ctrl, pincb, pincb_arg); if (err) goto leave; /* Store the key. */ if (app->app_local->cardcap.ext_lc_le && template_len > 254) exmode = 1; /* Use extended length w/o a limit. */ else if (app->app_local->cardcap.cmd_chaining && template_len > 254) exmode = -254; else exmode = 0; err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff, template, template_len); } else { /* Build the private key template as described in section 4.3.3.6 of the OpenPGP card specs version 1.1: 0xC0 public exponent 0xC1 prime p 0xC2 prime q */ - assert (rsa_e_len <= 4); + log_assert (rsa_e_len <= 4); template_len = (1 + 1 + 4 + 1 + 1 + rsa_p_len + 1 + 1 + rsa_q_len); template = tp = xtrymalloc_secure (template_len); if (!template) { err = gpg_error_from_syserror (); goto leave; } *tp++ = 0xC0; *tp++ = 4; memcpy (tp, rsa_e, rsa_e_len); if (rsa_e_len < 4) { /* Right justify E. */ memmove (tp+4-rsa_e_len, tp, rsa_e_len); memset (tp, 0, 4-rsa_e_len); } tp += 4; *tp++ = 0xC1; *tp++ = rsa_p_len; memcpy (tp, rsa_p, rsa_p_len); tp += rsa_p_len; *tp++ = 0xC2; *tp++ = rsa_q_len; memcpy (tp, rsa_q, rsa_q_len); tp += rsa_q_len; - assert (tp - template == template_len); + log_assert (tp - template == template_len); /* Prepare for storing the key. */ err = verify_chv3 (app, ctrl, pincb, pincb_arg); if (err) goto leave; /* Store the key. */ err = iso7816_put_data (app_get_slot (app), 0, (app->appversion > 0x0007? 0xE0:0xE9)+keyno, template, template_len); } if (err) { log_error (_("failed to store the key: %s\n"), gpg_strerror (err)); goto leave; } err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA, rsa_n, rsa_n_len, rsa_e, rsa_e_len); if (err) goto leave; leave: xfree (template); return err; } static gpg_error_t ecc_writekey (app_t app, ctrl_t ctrl, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, int keyno, const unsigned char *buf, size_t buflen, int depth) { gpg_error_t err; const unsigned char *tok; size_t toklen; int last_depth1, last_depth2; const unsigned char *ecc_q = NULL; const unsigned char *ecc_d = NULL; size_t ecc_q_len, ecc_d_len; const char *curve = NULL; u32 created_at = 0; const char *oidstr; int flag_djb_tweak = 0; int algo; gcry_mpi_t oid = NULL; const unsigned char *oidbuf; unsigned int n; size_t oid_len; unsigned char fprbuf[20]; size_t ecc_d_fixed_len; /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): curve = "NIST P-256" */ /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): curve = "secp256k1" */ /* (private-key(ecc(curve%s)(flags eddsa)(q%m)(d%m))(created-at%d)): curve = "Ed25519" */ /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): curve = "Ed448" */ last_depth1 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth1) { if (tok) { err = gpg_error (GPG_ERR_UNKNOWN_SEXP); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && toklen == 5 && !memcmp (tok, "curve", 5)) { char *curve_name; if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; curve_name = xtrymalloc (toklen+1); if (!curve_name) { err = gpg_error_from_syserror (); goto leave; } memcpy (curve_name, tok, toklen); curve_name[toklen] = 0; curve = openpgp_is_curve_supported (curve_name, NULL, NULL); xfree (curve_name); } else if (tok && toklen == 5 && !memcmp (tok, "flags", 5)) { if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok) { if ((toklen == 5 && !memcmp (tok, "eddsa", 5)) || (toklen == 9 && !memcmp (tok, "djb-tweak", 9))) flag_djb_tweak = 1; } } else if (tok && toklen == 1) { const unsigned char **buf2; size_t *buf2len; int native = flag_djb_tweak; switch (*tok) { case 'q': buf2 = &ecc_q; buf2len = &ecc_q_len; break; case 'd': buf2 = &ecc_d; buf2len = &ecc_d_len; native = 0; break; default: buf2 = NULL; buf2len = NULL; break; } if (buf2 && *buf2) { err = gpg_error (GPG_ERR_DUP_VALUE); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && buf2) { if (!native) /* Strip off leading zero bytes and save. */ for (;toklen && !*tok; toklen--, tok++) ; *buf2 = tok; *buf2len = toklen; } } /* Skip until end of list. */ last_depth2 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth2) ; if (err) goto leave; } /* Parse other attributes. */ last_depth1 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth1) { if (tok) { err = gpg_error (GPG_ERR_UNKNOWN_SEXP); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && toklen == 10 && !memcmp ("created-at", tok, toklen)) { if ((err = parse_sexp (&buf,&buflen,&depth,&tok,&toklen))) goto leave; if (tok) { for (created_at=0; toklen && *tok && *tok >= '0' && *tok <= '9'; tok++, toklen--) created_at = created_at*10 + (*tok - '0'); } } /* Skip until end of list. */ last_depth2 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth2) ; if (err) goto leave; } /* Check that we have all parameters and that they match the card description. */ if (!curve) { log_error (_("unsupported curve\n")); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } if (!created_at) { log_error (_("creation timestamp missing\n")); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } if (flag_djb_tweak && keyno != 1) algo = PUBKEY_ALGO_EDDSA; else if (keyno == 1) algo = PUBKEY_ALGO_ECDH; else if (!strcmp (curve, "Ed448")) algo = PUBKEY_ALGO_EDDSA; else algo = PUBKEY_ALGO_ECDSA; oidstr = openpgp_curve_to_oid (curve, &n, NULL); ecc_d_fixed_len = (n+7)/8; err = openpgp_oid_from_str (oidstr, &oid); if (err) goto leave; oidbuf = gcry_mpi_get_opaque (oid, &n); if (!oidbuf) { err = gpg_error_from_syserror (); goto leave; } oid_len = (n+7)/8; if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC || app->app_local->keyattr[keyno].ecc.curve != curve || (flag_djb_tweak != (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))) { if (app->app_local->extcap.algo_attr_change) { unsigned char *keyattr; if (!oid_len) { err = gpg_error (GPG_ERR_INTERNAL); goto leave; } keyattr = xtrymalloc (oid_len); if (!keyattr) { err = gpg_error_from_syserror (); goto leave; } keyattr[0] = algo; memcpy (keyattr+1, oidbuf+1, oid_len-1); err = change_keyattr (app, ctrl, keyno, keyattr, oid_len, pincb, pincb_arg); xfree (keyattr); if (err) goto leave; } else { log_error ("key attribute on card doesn't match\n"); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } } if (opt.verbose) log_info ("ECC private key size is %u bytes\n", (unsigned int)ecc_d_len); /* We need to remove the cached public key. */ xfree (app->app_local->pk[keyno].key); app->app_local->pk[keyno].key = NULL; app->app_local->pk[keyno].keylen = 0; app->app_local->pk[keyno].read_done = 0; if (app->app_local->extcap.is_v2) { /* Build the private key template as described in section 4.3.3.7 of the OpenPGP card specs version 2.0. */ unsigned char *template; size_t template_len; int exmode; err = build_ecc_privkey_template (app, keyno, ecc_d, ecc_d_len, ecc_d_fixed_len, ecc_q, ecc_q_len, &template, &template_len); if (err) goto leave; /* Prepare for storing the key. */ err = verify_chv3 (app, ctrl, pincb, pincb_arg); if (err) { xfree (template); goto leave; } /* Store the key. */ if (app->app_local->cardcap.ext_lc_le && template_len > 254) exmode = 1; /* Use extended length w/o a limit. */ else if (app->app_local->cardcap.cmd_chaining && template_len > 254) exmode = -254; else exmode = 0; err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff, template, template_len); xfree (template); } else err = gpg_error (GPG_ERR_NOT_SUPPORTED); if (err) { log_error (_("failed to store the key: %s\n"), gpg_strerror (err)); goto leave; } err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len, ecc_q, ecc_q_len, ecdh_params (curve), (size_t)4); leave: gcry_mpi_release (oid); return err; } /* Handle the WRITEKEY command for OpenPGP. This function expects a canonical encoded S-expression with the secret key in KEYDATA and its length (for assertions) in KEYDATALEN. KEYID needs to be the usual keyid which for OpenPGP is the string "OPENPGP.n" with n=1,2,3. Bit 0 of FLAGS indicates whether an existing key shall get overwritten. PINCB and PINCB_ARG are the usual arguments for the pinentry callback. */ static gpg_error_t do_writekey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *keydata, size_t keydatalen) { gpg_error_t err; int force = (flags & 1); int keyno; const unsigned char *buf, *tok; size_t buflen, toklen; int depth; (void)ctrl; if (!ascii_strcasecmp (keyid, "OPENPGP.1")) keyno = 0; else if (!ascii_strcasecmp (keyid, "OPENPGP.2")) keyno = 1; else if (!ascii_strcasecmp (keyid, "OPENPGP.3")) keyno = 2; else return gpg_error (GPG_ERR_INV_ID); err = does_key_exist (app, keyno, 0, force); if (err) return err; /* Parse the S-expression */ buf = keydata; buflen = keydatalen; depth = 0; if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (!tok || toklen != 11 || memcmp ("private-key", tok, toklen)) { if (!tok) ; else if (toklen == 21 && !memcmp ("protected-private-key", tok, toklen)) log_info ("protected-private-key passed to writekey\n"); else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen)) log_info ("shadowed-private-key passed to writekey\n"); err = gpg_error (GPG_ERR_BAD_SECKEY); goto leave; } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; if (tok && toklen == 3 && memcmp ("rsa", tok, toklen) == 0) err = rsa_writekey (app, ctrl, pincb, pincb_arg, keyno, buf, buflen, depth); else if (tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0) err = ecc_writekey (app, ctrl, pincb, pincb_arg, keyno, buf, buflen, depth); else { err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); goto leave; } leave: return err; } /* Handle the GENKEY command. */ static gpg_error_t do_genkey (app_t app, ctrl_t ctrl, const char *keyref, const char *keyalgo, unsigned int flags, time_t createtime, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; char numbuf[30]; const char *keynostr; unsigned char *buffer = NULL; const unsigned char *keydata; size_t buflen, keydatalen; u32 created_at; int keyno; int force = !!(flags & APP_GENKEY_FLAG_FORCE); time_t start_at; int exmode = 0; int le_value = 256; /* Use legacy value. */ /* Strip the OpenPGP prefix which is for historical reasons optional. */ keynostr = keyref; if (!ascii_strncasecmp (keynostr, "OPENPGP.", 8)) keynostr += 8; keyno = atoi (keynostr) - 1; if (!digitp (keynostr) || keyno < 0 || keyno > 2) return gpg_error (GPG_ERR_INV_ID); /* We flush the cache to increase the traffic before a key generation. This _might_ help a card to gather more entropy. */ flush_cache (app); /* Obviously we need to remove the cached public key. */ xfree (app->app_local->pk[keyno].key); app->app_local->pk[keyno].key = NULL; app->app_local->pk[keyno].keylen = 0; app->app_local->pk[keyno].read_done = 0; /* Check whether a key already exists. */ err = does_key_exist (app, keyno, 1, force); if (err) return err; if (keyalgo && app->app_local->keyattr[keyno].keyalgo && strcmp (keyalgo, app->app_local->keyattr[keyno].keyalgo)) { /* Specific algorithm requested which is not the currently * configured algorithm. Change it. */ log_info ("openpgp: changing key attribute from %s to %s\n", app->app_local->keyattr[keyno].keyalgo, keyalgo); err = change_keyattr_from_string (app, ctrl, pincb, pincb_arg, keyref, keyalgo, NULL, 0); if (err) return err; } if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) { unsigned int keybits = app->app_local->keyattr[keyno].rsa.n_bits; /* Because we send the key parameter back via status lines we need to put a limit on the max. allowed keysize. 2048 bit will already lead to a 527 byte long status line and thus a 4096 bit key would exceed the Assuan line length limit. */ if (keybits > 4096) return gpg_error (GPG_ERR_TOO_LARGE); if (app->app_local->cardcap.ext_lc_le && keybits > RSA_SMALL_SIZE_KEY && app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) { exmode = 1; /* Use extended length w/o a limit. */ le_value = determine_rsa_response (app, keyno); /* No need to check le_value because it comes from a 16 bit value and thus can't create an overflow on a 32 bit system. */ } } /* Prepare for key generation by verifying the Admin PIN. */ err = verify_chv3 (app, ctrl, pincb, pincb_arg); if (err) return err; log_info (_("please wait while key is being generated ...\n")); start_at = time (NULL); err = iso7816_generate_keypair (app_get_slot (app), exmode, 0x80, 0, (keyno == 0? "\xB6" : keyno == 1? "\xB8" : "\xA4"), 2, le_value, &buffer, &buflen); if (err) { log_error (_("generating key failed\n")); return gpg_error (GPG_ERR_CARD); } { int nsecs = (int)(time (NULL) - start_at); log_info (ngettext("key generation completed (%d second)\n", "key generation completed (%d seconds)\n", nsecs), nsecs); } keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen); if (!keydata) { err = gpg_error (GPG_ERR_CARD); log_error (_("response does not contain the public key data\n")); goto leave; } created_at = (u32)(createtime? createtime : gnupg_get_time ()); sprintf (numbuf, "%u", created_at); send_status_info (ctrl, "KEY-CREATED-AT", numbuf, (size_t)strlen(numbuf), NULL, 0); err = read_public_key (app, ctrl, created_at, keyno, buffer, buflen); leave: xfree (buffer); return err; } static unsigned long convert_sig_counter_value (const unsigned char *value, size_t valuelen) { unsigned long ul; if (valuelen == 3 ) ul = (value[0] << 16) | (value[1] << 8) | value[2]; else { log_error (_("invalid structure of OpenPGP card (DO 0x93)\n")); ul = 0; } return ul; } static unsigned long get_sig_counter (app_t app) { void *relptr; unsigned char *value; size_t valuelen; unsigned long ul; relptr = get_one_do (app, 0x0093, &value, &valuelen, NULL); if (!relptr) return 0; ul = convert_sig_counter_value (value, valuelen); xfree (relptr); return ul; } static gpg_error_t compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr) { const unsigned char *fpr; unsigned char *buffer; size_t buflen, n; int rc, i; - assert (keyno >= 0 && keyno <= 2); + log_assert (keyno >= 0 && keyno <= 2); rc = get_cached_data (app, 0x006E, &buffer, &buflen, 0, 0); if (rc) { log_error (_("error reading application data\n")); return gpg_error (GPG_ERR_GENERAL); } fpr = find_tlv (buffer, buflen, 0x00C5, &n); if (!fpr || n < 60) { xfree (buffer); log_error (_("error reading fingerprint DO\n")); return gpg_error (GPG_ERR_GENERAL); } fpr += keyno*20; for (i=0; i < 20; i++) if (sha1fpr[i] != fpr[i]) { xfree (buffer); log_info (_("fingerprint on card does not match requested one\n")); return gpg_error (GPG_ERR_WRONG_SECKEY); } xfree (buffer); return 0; } /* If a fingerprint has been specified check it against the one on the card. This allows for a meaningful error message in case the key on the card has been replaced but the shadow information known to gpg has not been updated. If there is no fingerprint we assume that this is okay. */ static gpg_error_t check_against_given_fingerprint (app_t app, const char *fpr, int key) { unsigned char tmp[20]; const char *s; int n; for (s=fpr, n=0; hexdigitp (s); s++, n++) ; if (n != 40) return gpg_error (GPG_ERR_INV_ID); else if (!*s) ; /* okay */ else return gpg_error (GPG_ERR_INV_ID); for (s=fpr, n=0; n < 20; s += 2, n++) tmp[n] = xtoi_2 (s); return compare_fingerprint (app, key-1, tmp); } /* Check KEYIDSTR, if it's valid. When KEYNO is 0, it means it's for PIN check. Otherwise, KEYNO corresponds to the slot (signing, decipher and auth). KEYIDSTR is either: (1) Serial number (2) Serial number "/" fingerprint (3) Serial number "[CHV3]" (4) keygrip When KEYNO is 0 and KEYIDSTR is for a keygrip, the keygrip should be to be compared is the first one (keygrip for signing). When KEYNO is 1, KEYIDSTR is for a keygrip, and R_USE_AUTH is not NULL, OpenPGP.1 is first tested and then OpenPGP.3. In the latter case 1 is stored at R_USE_AUTH */ static int check_keyidstr (app_t app, const char *keyidstr, int keyno, int *r_use_auth) { int rc; const char *s; int n; const char *fpr = NULL; if (r_use_auth) *r_use_auth = 0; if (strlen (keyidstr) < 32) return gpg_error (GPG_ERR_INV_ID); else { char *serial; for (s=keyidstr, n=0; hexdigitp (s); s++, n++) ; /* Check if it's a keygrip */ if (n == 40) { const unsigned char *keygrip_str; keygrip_str = app->app_local->pk[keyno?keyno-1:0].keygrip_str; if (!strncmp (keygrip_str, keyidstr, 40)) return 0; else if (keyno == 1 && r_use_auth && !strncmp (app->app_local->pk[2].keygrip_str, keyidstr, 40)) { *r_use_auth = 1; return 0; } else return gpg_error (GPG_ERR_INV_ID); } /* For a description of the serialno compare function see * is_same_serialno. We don't use that function because here we * are working on a hex string. */ if (n != 32 || ascii_strncasecmp (keyidstr, "D27600012401", 12)) return gpg_error (GPG_ERR_INV_ID); else if (!*s) ; /* no fingerprint given: we allow this for now. */ else if (*s == '/') fpr = s + 1; serial = app_get_serialno (app); if (!serial || strlen (serial) != 32 || ascii_memcasecmp (serial, "D27600012401", 12) || ascii_memcasecmp (serial+16, keyidstr+16, 16)) { xfree (serial); return gpg_error (GPG_ERR_WRONG_CARD); } xfree (serial); } /* If a fingerprint has been specified check it against the one on the card. This is allows for a meaningful error message in case the key on the card has been replaced but the shadow information known to gpg was not updated. If there is no fingerprint, gpg will detect a bogus signature anyway due to the verify-after-signing feature. */ rc = (fpr&&keyno)? check_against_given_fingerprint (app, fpr, keyno) : 0; return rc; } /* Compute a digital signature on INDATA which is expected to be the raw message digest. For this application the KEYIDSTR consists of the serialnumber and the fingerprint delimited by a slash. Note that this function may return the error code GPG_ERR_WRONG_CARD to indicate that the card currently present does not match the one required for the requested action (e.g. the serial number does not match). As a special feature a KEYIDSTR of "OPENPGP.3" redirects the operation to the auth command. */ static gpg_error_t do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */ { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */ { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; int rc; unsigned char data[19+64]; size_t datalen; unsigned long sigcount; int use_auth = 0; int exmode, le_value; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); /* Strip off known prefixes. */ #define X(a,b,c,d) \ if (hashalgo == GCRY_MD_ ## a \ && (d) \ && indatalen == sizeof b ## _prefix + (c) \ && !memcmp (indata, b ## _prefix, sizeof b ## _prefix)) \ { \ indata = (const char*)indata + sizeof b ## _prefix; \ indatalen -= sizeof b ## _prefix; \ } if (indatalen == 20) ; /* Assume a plain SHA-1 or RMD160 digest has been given. */ else X(SHA1, sha1, 20, 1) else X(RMD160, rmd160, 20, 1) else X(SHA224, sha224, 28, app->app_local->extcap.is_v2) else X(SHA256, sha256, 32, app->app_local->extcap.is_v2) else X(SHA384, sha384, 48, app->app_local->extcap.is_v2) else X(SHA512, sha512, 64, app->app_local->extcap.is_v2) else if ((indatalen == 28 || indatalen == 32 || indatalen == 48 || indatalen ==64) && app->app_local->extcap.is_v2) ; /* Assume a plain SHA-3 digest has been given. */ else { log_error (_("card does not support digest algorithm %s\n"), gcry_md_algo_name (hashalgo)); /* Or the supplied digest length does not match an algorithm. */ return gpg_error (GPG_ERR_INV_VALUE); } #undef X /* Check whether an OpenPGP card of any version has been requested. */ if (!ascii_strcasecmp (keyidstr, "OPENPGP.1")) ; else if (!ascii_strcasecmp (keyidstr, "OPENPGP.3")) use_auth = 1; else { rc = check_keyidstr (app, keyidstr, 1, &use_auth); if (rc) return rc; } /* Concatenate prefix and digest. */ #define X(a,b,d) \ if (hashalgo == GCRY_MD_ ## a && (d) ) \ { \ datalen = sizeof b ## _prefix + indatalen; \ - assert (datalen <= sizeof data); \ + log_assert (datalen <= sizeof data); \ memcpy (data, b ## _prefix, sizeof b ## _prefix); \ memcpy (data + sizeof b ## _prefix, indata, indatalen); \ } if (use_auth || app->app_local->keyattr[use_auth? 2: 0].key_type == KEY_TYPE_RSA) { X(SHA1, sha1, 1) else X(RMD160, rmd160, 1) else X(SHA224, sha224, app->app_local->extcap.is_v2) else X(SHA256, sha256, app->app_local->extcap.is_v2) else X(SHA384, sha384, app->app_local->extcap.is_v2) else X(SHA512, sha512, app->app_local->extcap.is_v2) else return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); } else { datalen = indatalen; memcpy (data, indata, indatalen); } #undef X /* Redirect to the AUTH command if asked to. */ if (use_auth) { return do_auth (app, ctrl, "OPENPGP.3", pincb, pincb_arg, data, datalen, outdata, outdatalen); } /* Show the number of signature done using this key. */ sigcount = get_sig_counter (app); log_info (_("signatures created so far: %lu\n"), sigcount); /* Check CHV if needed. */ if (!app->did_chv1 || app->force_chv1) { char *pinvalue; size_t pinlen; rc = verify_a_chv (app, ctrl, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen); if (rc) return rc; app->did_chv1 = 1; /* For cards with versions < 2 we want to keep CHV1 and CHV2 in sync, thus we verify CHV2 here using the given PIN. Cards with version2 to not have the need for a separate CHV2 and internally use just one. Obviously we can't do that if the pinpad has been used. */ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2) { rc = iso7816_verify (app_get_slot (app), 0x82, pinvalue, pinlen); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); if (rc) { log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc)); wipe_and_free (pinvalue, pinlen); flush_cache_after_error (app); return rc; } app->did_chv2 = 1; cache_pin (app, ctrl, 2, pinvalue); } wipe_and_free (pinvalue, pinlen); } if (app->app_local->cardcap.ext_lc_le && app->app_local->keyattr[0].key_type == KEY_TYPE_RSA && app->app_local->keyattr[0].rsa.n_bits > RSA_SMALL_SIZE_OP) { exmode = 1; /* Use extended length. */ le_value = app->app_local->keyattr[0].rsa.n_bits / 8; } else { exmode = 0; le_value = 0; } rc = iso7816_compute_ds (app_get_slot (app), exmode, data, datalen, le_value, outdata, outdatalen); if (gpg_err_code (rc) == GPG_ERR_TIMEOUT) clear_chv_status (app, ctrl, 1); else if (!rc && app->force_chv1) { app->did_chv1 = 0; cache_pin (app, ctrl, 1, NULL); } return rc; } /* Compute a digital signature using the INTERNAL AUTHENTICATE command on INDATA which is expected to be the raw message digest. For this application the KEYIDSTR consists of the serialnumber and the fingerprint delimited by a slash. Optionally the id OPENPGP.3 may be given. Note that this function may return the error code GPG_ERR_WRONG_CARD to indicate that the card currently present does not match the one required for the requested action (e.g. the serial number does not match). */ static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { int rc; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (app->app_local->keyattr[2].key_type == KEY_TYPE_RSA && indatalen > 101) /* For a 2048 bit key. */ return gpg_error (GPG_ERR_INV_VALUE); if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) { if (!(app->app_local->keyattr[2].ecc.flags & ECC_FLAG_DJB_TWEAK) && (indatalen == 51 || indatalen == 67 || indatalen == 83)) { const char *p = (const char *)indata + 19; indata = p; indatalen -= 19; } else { const char *p = (const char *)indata + 15; indata = p; indatalen -= 15; } } /* Check whether an OpenPGP card of any version has been requested. */ if (!ascii_strcasecmp (keyidstr, "OPENPGP.3")) ; else { rc = check_keyidstr (app, keyidstr, 3, NULL); if (rc) return rc; } rc = verify_chv2 (app, ctrl, pincb, pincb_arg); if (!rc) { int exmode, le_value; if (app->app_local->cardcap.ext_lc_le && app->app_local->keyattr[2].key_type == KEY_TYPE_RSA && app->app_local->keyattr[2].rsa.n_bits > RSA_SMALL_SIZE_OP) { exmode = 1; /* Use extended length. */ le_value = app->app_local->keyattr[2].rsa.n_bits / 8; } else { exmode = 0; le_value = 0; } rc = iso7816_internal_authenticate (app_get_slot (app), exmode, indata, indatalen, le_value, outdata, outdatalen); if (gpg_err_code (rc) == GPG_ERR_TIMEOUT) clear_chv_status (app, ctrl, 1); } return rc; } static gpg_error_t do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen, unsigned int *r_info) { int n; int rc; int exmode, le_value; unsigned char *fixbuf = NULL; int padind = 0; int fixuplen = 0; if (!keyidstr || !*keyidstr || !indatalen) return gpg_error (GPG_ERR_INV_VALUE); /* Check whether an OpenPGP card of any version has been requested. */ if (!ascii_strcasecmp (keyidstr, "OPENPGP.2")) ; else { rc = check_keyidstr (app, keyidstr, 2, NULL); if (rc) return rc; } rc = verify_chv2 (app, ctrl, pincb, pincb_arg); if (rc) return rc; if ((indatalen == 16 + 1 || indatalen == 32 + 1) && ((char *)indata)[0] == 0x02) { /* PSO:DECIPHER with symmetric key. */ padind = -1; } else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) { /* We might encounter a couple of leading zeroes in the cryptogram. Due to internal use of MPIs these leading zeroes are stripped. However the OpenPGP card expects exactly 128 bytes for the cryptogram (for a 1k key). Thus we need to fix it up. We do this for up to 16 leading zero bytes; a cryptogram with more than this is with a very high probability anyway broken. If a signed conversion was used we may also encounter one leading zero followed by the correct length. We fix that as well. */ if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */ fixuplen = 128 - indatalen; else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */ fixuplen = 192 - indatalen; else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */ fixuplen = 256 - indatalen; else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key. */ fixuplen = 384 - indatalen; else if (indatalen >= (512-16) && indatalen < 512) /* 4096 bit key. */ fixuplen = 512 - indatalen; else if (!*(const char *)indata && (indatalen == 129 || indatalen == 193 || indatalen == 257 || indatalen == 385 || indatalen == 513)) fixuplen = -1; else fixuplen = 0; if (fixuplen > 0) { /* While we have to prepend stuff anyway, we can also include the padding byte here so that iso1816_decipher does not need to do another data mangling. */ fixuplen++; fixbuf = xtrymalloc (fixuplen + indatalen); if (!fixbuf) return gpg_error_from_syserror (); memset (fixbuf, 0, fixuplen); memcpy (fixbuf+fixuplen, indata, indatalen); indata = fixbuf; indatalen = fixuplen + indatalen; padind = -1; /* Already padded. */ } else if (fixuplen < 0) { /* We use the extra leading zero as the padding byte. */ padind = -1; } } else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC) { int old_format_len = 0; if ((app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)) { if (indatalen > 32 && (indatalen % 2)) { /* * Skip the prefix. It may be 0x40 (in new format), or MPI * head of 0x00 (in old format). */ indata = (const char *)indata + 1; indatalen--; } else if (indatalen < 32) { /* * Old format trancated by MPI handling. */ old_format_len = indatalen; indatalen = 32; } } n = 0; if (indatalen < 128) fixuplen = 7; else fixuplen = 10; fixbuf = xtrymalloc (fixuplen + indatalen); if (!fixbuf) return gpg_error_from_syserror (); /* Build 'Cipher DO' */ fixbuf[n++] = '\xa6'; if (indatalen < 128) fixbuf[n++] = (char)(indatalen+5); else { fixbuf[n++] = 0x81; fixbuf[n++] = (char)(indatalen+7); } fixbuf[n++] = '\x7f'; fixbuf[n++] = '\x49'; if (indatalen < 128) fixbuf[n++] = (char)(indatalen+2); else { fixbuf[n++] = 0x81; fixbuf[n++] = (char)(indatalen+3); } fixbuf[n++] = '\x86'; if (indatalen < 128) fixbuf[n++] = (char)indatalen; else { fixbuf[n++] = 0x81; fixbuf[n++] = (char)indatalen; } if (old_format_len) { memset (fixbuf+fixuplen, 0, 32 - old_format_len); memcpy (fixbuf+fixuplen + 32 - old_format_len, indata, old_format_len); } else { memcpy (fixbuf+fixuplen, indata, indatalen); } indata = fixbuf; indatalen = fixuplen + indatalen; padind = -1; } else return gpg_error (GPG_ERR_INV_VALUE); if (app->app_local->cardcap.ext_lc_le && (indatalen > 254 || (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA && app->app_local->keyattr[1].rsa.n_bits > RSA_SMALL_SIZE_OP))) { exmode = 1; /* Extended length w/o a limit. */ le_value = app->app_local->keyattr[1].rsa.n_bits / 8; } else if (app->app_local->cardcap.cmd_chaining && indatalen > 254) { exmode = -254; /* Command chaining with max. 254 bytes. */ le_value = 0; } else exmode = le_value = 0; rc = iso7816_decipher (app_get_slot (app), exmode, indata, indatalen, le_value, padind, outdata, outdatalen); xfree (fixbuf); if (!rc && app->app_local->keyattr[1].key_type == KEY_TYPE_ECC) { unsigned char prefix = 0; if (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK) prefix = 0x40; else if (*outdatalen == 56) /* It's X448 with no prefix. */ ; else if ((*outdatalen % 2) == 0) /* No 0x04 -> x-coordinate only */ prefix = 0x41; if (prefix) { /* Add the prefix */ fixbuf = xtrymalloc (*outdatalen + 1); if (!fixbuf) { xfree (*outdata); return gpg_error_from_syserror (); } fixbuf[0] = prefix; memcpy (fixbuf+1, *outdata, *outdatalen); xfree (*outdata); *outdata = fixbuf; *outdatalen = *outdatalen + 1; } } if (gpg_err_code (rc) == GPG_ERR_TIMEOUT) clear_chv_status (app, ctrl, 1); if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */ && app->app_local->manufacturer == 5 && app->appversion == 0x0200) log_info ("NOTE: Cards with manufacturer id 5 and s/n <= 346 (0x15a)" " do not work with encryption keys > 2048 bits\n"); *r_info |= APP_DECIPHER_INFO_NOPAD; return rc; } /* Perform a simple verify operation for CHV1 and CHV2, so that further operations won't ask for CHV2 and it is possible to do a cheap check on the PIN: If there is something wrong with the PIN entry system, only the regular CHV will get blocked and not the dangerous CHV3. KEYIDSTR is the usual card's serial number; an optional fingerprint part will be ignored. There is a special mode if the keyidstr is "[CHV3]" with the "[CHV3]" being a literal string: The Admin Pin is checked if and only if the retry counter is still at 3. */ static gpg_error_t do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { int admin_pin = 0; int rc; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); rc = check_keyidstr (app, keyidstr, 0, NULL); if (rc) return rc; if ((strlen (keyidstr) >= 32+6 && !strcmp (keyidstr+32, "[CHV3]")) || (strlen (keyidstr) >= 40+6 && !strcmp (keyidstr+40, "[CHV3]"))) admin_pin = 1; /* Yes, there is a race conditions: The user might pull the card right here and we won't notice that. However this is not a problem and the check above is merely for a graceful failure between operations. */ if (admin_pin) { void *relptr; unsigned char *value; size_t valuelen; int count; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) { log_error (_("error retrieving CHV status from card\n")); xfree (relptr); return gpg_error (GPG_ERR_CARD); } count = value[6]; xfree (relptr); if (!count) { log_info (_("card is permanently locked!\n")); return gpg_error (GPG_ERR_BAD_PIN); } else if (count < 3) { log_info (_("verification of Admin PIN is currently prohibited " "through this command\n")); return gpg_error (GPG_ERR_GENERAL); } app->did_chv3 = 0; /* Force verification. */ return verify_chv3 (app, ctrl, pincb, pincb_arg); } else return verify_chv2 (app, ctrl, pincb, pincb_arg); } static void send_keyinfo_if_available (app_t app, ctrl_t ctrl, char *serial, int data, int i) { char idbuf[50]; if (app->app_local->pk[i].read_done) { sprintf (idbuf, "OPENPGP.%d", i+1); send_keyinfo (ctrl, data, app->app_local->pk[i].keygrip_str, serial, idbuf); } } static gpg_error_t do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str, int capability) { int i; /* Make sure we have load the public keys. */ for (i = 0; i < 3; i++) get_public_key (app, i); if (action == KEYGRIP_ACTION_LOOKUP) { if (keygrip_str == NULL) return gpg_error (GPG_ERR_NOT_FOUND); for (i = 0; i < 3; i++) if (app->app_local->pk[i].read_done && !strcmp (keygrip_str, app->app_local->pk[i].keygrip_str)) return 0; /* Found */ } else { int data = (action == KEYGRIP_ACTION_SEND_DATA); char *serial = app_get_serialno (app); if (keygrip_str == NULL) { if (capability == 0) { for (i = 0; i < 3; i++) send_keyinfo_if_available (app, ctrl, serial, data, i); } else { if (capability == GCRY_PK_USAGE_SIGN) i = 0; else if (capability == GCRY_PK_USAGE_ENCR) i = 1; else if (capability == GCRY_PK_USAGE_AUTH) i = 2; else i = -1; if (i >= 0) send_keyinfo_if_available (app, ctrl, serial, data, i); } xfree (serial); /* Return an error so that the dispatcher keeps on looping * over the other applications. Only for clarity we use a * different error code than for the not_found case. */ return gpg_error (GPG_ERR_TRUE); } else { for (i = 0; i < 3; i++) if (!strcmp (keygrip_str, app->app_local->pk[i].keygrip_str)) { send_keyinfo_if_available (app, ctrl, serial, data, i); xfree (serial); return 0; } xfree (serial); } } return gpg_error (GPG_ERR_NOT_FOUND); } /* Show information about card capabilities. */ static void show_caps (struct app_local_s *s) { log_info ("Version-2+ .....: %s\n", s->extcap.is_v2? "yes":"no"); log_info ("Version-3+ .....: %s\n", s->extcap.is_v3? "yes":"no"); log_info ("Button .........: %s\n", s->extcap.has_button? "yes":"no"); log_info ("SM-Support .....: %s", s->extcap.sm_supported? "yes":"no"); if (s->extcap.sm_supported) log_printf (" (%s)", s->extcap.sm_algo==2? "3DES": (s->extcap.sm_algo==2? "AES-128" : "AES-256")); log_info ("Get-Challenge ..: %s", s->extcap.get_challenge? "yes":"no"); if (s->extcap.get_challenge) log_printf (" (%u bytes max)", s->extcap.max_get_challenge); log_info ("Key-Import .....: %s\n", s->extcap.key_import? "yes":"no"); log_info ("Change-Force-PW1: %s\n", s->extcap.change_force_chv? "yes":"no"); log_info ("Private-DOs ....: %s\n", s->extcap.private_dos? "yes":"no"); log_info ("Algo-Attr-Change: %s\n", s->extcap.algo_attr_change? "yes":"no"); log_info ("Symmetric Crypto: %s\n", s->extcap.has_decrypt? "yes":"no"); log_info ("KDF-Support ....: %s\n", s->extcap.kdf_do? "yes":"no"); log_info ("Max-Cert-Len ...: %u\n", s->extcap.max_certlen); if (s->extcap.is_v3) { log_info ("PIN-Block-2 ....: %s\n", s->extcap.pin_blk2? "yes":"no"); log_info ("MSE-Support ....: %s\n", s->extcap.mse? "yes":"no"); log_info ("Max-Special-DOs : %u\n", s->extcap.max_special_do); } log_info ("Cmd-Chaining ...: %s\n", s->cardcap.cmd_chaining?"yes":"no"); log_info ("Ext-Lc-Le ......: %s\n", s->cardcap.ext_lc_le?"yes":"no"); log_info ("Status-Indicator: %02X\n", s->status_indicator); log_info ("GnuPG-No-Sync ..: %s\n", s->flags.no_sync? "yes":"no"); log_info ("GnuPG-Def-PW2 ..: %s\n", s->flags.def_chv2? "yes":"no"); } /* Parse the historical bytes in BUFFER of BUFLEN and store them in APPLOC. */ static void parse_historical (struct app_local_s *apploc, const unsigned char * buffer, size_t buflen) { /* Example buffer: 00 31 C5 73 C0 01 80 00 90 00 */ if (buflen < 4) { log_error ("warning: historical bytes are too short\n"); return; /* Too short. */ } if (*buffer) { log_error ("warning: bad category indicator in historical bytes\n"); return; } /* Skip category indicator. */ buffer++; buflen--; /* Get the status indicator. */ apploc->status_indicator = buffer[buflen-3]; buflen -= 3; /* Parse the compact TLV. */ while (buflen) { unsigned int tag = (*buffer & 0xf0) >> 4; unsigned int len = (*buffer & 0x0f); if (len+1 > buflen) { log_error ("warning: bad Compact-TLV in historical bytes\n"); return; /* Error. */ } buffer++; buflen--; if (tag == 7 && len == 3) { /* Card capabilities. */ apploc->cardcap.cmd_chaining = !!(buffer[2] & 0x80); apploc->cardcap.ext_lc_le = !!(buffer[2] & 0x40); } buffer += len; buflen -= len; } } /* * Check if the OID in an DER encoding is available by GnuPG/libgcrypt, * and return the canonical curve name. Return NULL if not available. * The constant string is not allocated dynamically, never free it. */ static const char * ecc_curve (const unsigned char *buf, size_t buflen) { gcry_mpi_t oid; char *oidstr; const char *result; unsigned char *oidbuf; oidbuf = xtrymalloc (buflen + 1); if (!oidbuf) return NULL; memcpy (oidbuf+1, buf, buflen); oidbuf[0] = buflen; oid = gcry_mpi_set_opaque (NULL, oidbuf, (buflen+1) * 8); if (!oid) { xfree (oidbuf); return NULL; } oidstr = openpgp_oid_to_str (oid); gcry_mpi_release (oid); if (!oidstr) return NULL; result = openpgp_oid_to_curve (oidstr, 1); xfree (oidstr); return result; } static const char * get_algorithm_attribute_string (const unsigned char *buffer, size_t buflen) { enum gcry_pk_algos galgo; const char *curve; unsigned int nbits = 0; galgo = map_openpgp_pk_to_gcry (*buffer); nbits = 0; curve = NULL; if (*buffer == PUBKEY_ALGO_RSA && (buflen == 5 || buflen == 6)) nbits = (buffer[1]<<8 | buffer[2]); else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA || *buffer == PUBKEY_ALGO_EDDSA) { int oidlen = buflen - 1; if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) { /* Found "pubkey required"-byte for private key template. */ oidlen--; } curve = ecc_curve (buffer + 1, oidlen); } else if (opt.verbose) log_printhex (buffer, buflen, ""); return get_keyalgo_string (galgo, nbits, curve); } /* Parse and optionally show the algorithm attributes for KEYNO. KEYNO must be in the range 0..2. */ static void parse_algorithm_attribute (app_t app, int keyno) { unsigned char *buffer; size_t buflen; void *relptr; const char desc[3][5] = {"sign", "encr", "auth"}; enum gcry_pk_algos galgo; unsigned int nbits; const char *curve; log_assert (keyno >=0 && keyno <= 2); app->app_local->keyattr[keyno].key_type = KEY_TYPE_RSA; app->app_local->keyattr[keyno].rsa.n_bits = 0; relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL); if (!relptr) { log_error ("error reading DO 0x%02X\n", 0xc1+keyno); return; } if (buflen < 1) { log_error ("error reading DO 0x%02X\n", 0xc1+keyno); xfree (relptr); return; } if (opt.verbose) log_info ("Key-Attr-%s ..: ", desc[keyno]); galgo = map_openpgp_pk_to_gcry (*buffer); nbits = 0; curve = NULL; if (*buffer == PUBKEY_ALGO_RSA && (buflen == 5 || buflen == 6)) { app->app_local->keyattr[keyno].rsa.n_bits = (buffer[1]<<8 | buffer[2]); app->app_local->keyattr[keyno].rsa.e_bits = (buffer[3]<<8 | buffer[4]); app->app_local->keyattr[keyno].rsa.format = 0; if (buflen < 6) app->app_local->keyattr[keyno].rsa.format = RSA_STD; else app->app_local->keyattr[keyno].rsa.format = (buffer[5] == 0? RSA_STD : buffer[5] == 1? RSA_STD_N : buffer[5] == 2? RSA_CRT : buffer[5] == 3? RSA_CRT_N : RSA_UNKNOWN_FMT); nbits = app->app_local->keyattr[keyno].rsa.n_bits; if (opt.verbose) log_printf ("RSA, n=%u, e=%u, fmt=%s\n", app->app_local->keyattr[keyno].rsa.n_bits, app->app_local->keyattr[keyno].rsa.e_bits, app->app_local->keyattr[keyno].rsa.format == RSA_STD? "std" : app->app_local->keyattr[keyno].rsa.format == RSA_STD_N?"std+n": app->app_local->keyattr[keyno].rsa.format == RSA_CRT? "crt" : app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N?"crt+n":"?"); } else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA || *buffer == PUBKEY_ALGO_EDDSA) { int oidlen = buflen - 1; app->app_local->keyattr[keyno].ecc.algo = *buffer; app->app_local->keyattr[keyno].ecc.flags = 0; if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) { /* Found "pubkey required"-byte for private key template. */ oidlen--; if (buffer[buflen-1] == 0xff) app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; } curve = ecc_curve (buffer + 1, oidlen); if (!curve) log_printhex (buffer+1, buflen-1, "Curve with OID not supported: "); else { app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; app->app_local->keyattr[keyno].ecc.curve = curve; if ((*buffer == PUBKEY_ALGO_EDDSA && !strcmp (app->app_local->keyattr[keyno].ecc.curve, "Ed25519")) || (*buffer == PUBKEY_ALGO_ECDH && !strcmp (app->app_local->keyattr[keyno].ecc.curve, "Curve25519"))) app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_DJB_TWEAK; if (opt.verbose) log_printf ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.curve, !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)? "": keyno==1? " (djb-tweak)": " (eddsa)"); } } else if (opt.verbose) log_printhex (buffer, buflen, ""); app->app_local->keyattr[keyno].keyalgo = get_keyalgo_string (galgo, nbits, curve); if (opt.verbose) log_info ("Key-Algo-%s ..: %s\n", desc[keyno], app->app_local->keyattr[keyno].keyalgo); xfree (relptr); } /* Prepare a reselect of another application. This is used by cards * which support on-the-fly switching between applications. The * function is called to give us a chance to save state for a future * reselect of us again. */ static gpg_error_t do_prep_reselect (app_t app, ctrl_t ctrl) { gpg_error_t err; (void)app; (void)ctrl; err = 0; return err; } /* Reselect the application. This is used by cards which support * on-the-fly switching between applications. */ static gpg_error_t do_reselect (app_t app, ctrl_t ctrl) { gpg_error_t err; (void)ctrl; /* An extra check which should not be necessary because the caller * should have made sure that a re-select is only called for * appropriate cards. */ if (APP_CARD(app)->cardtype != CARDTYPE_YUBIKEY) return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Note that the card can't cope with P2=0xCO, thus we need to pass * a special flag value. */ err = iso7816_select_application (app_get_slot (app), openpgp_aid, sizeof openpgp_aid, 0x0001); if (!err) { app->did_chv1 = 0; app->did_chv2 = 0; app->did_chv3 = 0; } return err; } /* Select the OpenPGP application on the card in SLOT. This function must be used before any other OpenPGP application functions. */ gpg_error_t app_select_openpgp (app_t app) { int slot = app_get_slot (app); int rc; unsigned char *buffer; size_t buflen; void *relptr; /* Note that the card can't cope with P2=0xCO, thus we need to pass a special flag value. */ rc = iso7816_select_application (slot, openpgp_aid, sizeof openpgp_aid, 0x0001); if (!rc) { unsigned int manufacturer; app->apptype = APPTYPE_OPENPGP; app->did_chv1 = 0; app->did_chv2 = 0; app->did_chv3 = 0; app->app_local = NULL; /* The OpenPGP card returns the serial number as part of the AID; because we prefer to use OpenPGP serial numbers, we replace a possibly already set one from a EF.GDO with this one. Note, that for current OpenPGP cards, no EF.GDO exists and thus it won't matter at all. */ rc = iso7816_get_data (slot, 0, 0x004F, &buffer, &buflen); if (rc) goto leave; if (opt.verbose) { log_info ("AID: "); log_printhex (buffer, buflen, ""); } app->appversion = buffer[6] << 8; app->appversion |= buffer[7]; manufacturer = (buffer[8]<<8 | buffer[9]); /* For Yubikey, serialno is set in app.c, already. The problem * is that the OpenPGP appversion has been set to 0.0 because we * are not able to deduce this if the OpenPGP app has not been * enabled. Thus we here to to use the appversion from DO 0x4f * but return a serialno with a version 0.0 as set by app.c. * Users of scdaemon taking the version from the serialno won't * work anymore and need to be modified. Recall that our * architecture requires exactly one serilano per card. */ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) xfree (buffer); else { xfree (APP_CARD(app)->serialno); APP_CARD(app)->serialno = buffer; APP_CARD(app)->serialnolen = buflen; } buffer = NULL; app->app_local = xtrycalloc (1, sizeof *app->app_local); if (!app->app_local) { rc = gpg_error (gpg_err_code_from_errno (errno)); goto leave; } /* We want to temporary cache the DO 6E. */ app->app_local->override.cache_6e = 1; app->app_local->manufacturer = manufacturer; if (app->appversion >= 0x0200) app->app_local->extcap.is_v2 = 1; if (app->appversion >= 0x0300) app->app_local->extcap.is_v3 = 1; /* Read the historical bytes. */ relptr = get_one_do (app, 0x5f52, &buffer, &buflen, NULL); if (relptr) { if (opt.verbose) { log_info ("Historical Bytes: "); log_printhex (buffer, buflen, ""); } parse_historical (app->app_local, buffer, buflen); xfree (relptr); } /* Read the force-chv1 flag. */ relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL); if (!relptr) { log_error (_("can't access %s - invalid OpenPGP card?\n"), "CHV Status Bytes"); goto leave; } app->force_chv1 = (buflen && *buffer == 0); xfree (relptr); /* Read the extended capabilities. */ relptr = get_one_do (app, 0x00C0, &buffer, &buflen, NULL); if (!relptr) { log_error (_("can't access %s - invalid OpenPGP card?\n"), "Extended Capability Flags" ); goto leave; } if (buflen) { app->app_local->extcap.sm_supported = !!(*buffer & 0x80); app->app_local->extcap.get_challenge = !!(*buffer & 0x40); app->app_local->extcap.key_import = !!(*buffer & 0x20); app->app_local->extcap.change_force_chv = !!(*buffer & 0x10); app->app_local->extcap.private_dos = !!(*buffer & 0x08); app->app_local->extcap.algo_attr_change = !!(*buffer & 0x04); app->app_local->extcap.has_decrypt = !!(*buffer & 0x02); app->app_local->extcap.kdf_do = !!(*buffer & 0x01); } if (buflen >= 10) { /* Available with cards of v2 or later. */ app->app_local->extcap.sm_algo = buffer[1]; app->app_local->extcap.max_get_challenge = (buffer[2] << 8 | buffer[3]); app->app_local->extcap.max_certlen = (buffer[4] << 8 | buffer[5]); /* Interpretation is different between v2 and v3, unfortunately. */ if (app->app_local->extcap.is_v3) { app->app_local->extcap.max_special_do = (buffer[6] << 8 | buffer[7]); app->app_local->extcap.pin_blk2 = !!(buffer[8] & 0x01); app->app_local->extcap.mse= !!(buffer[9] & 0x01); } } xfree (relptr); /* Some of the first cards accidentally don't set the CHANGE_FORCE_CHV bit but allow it anyway. */ if (app->appversion <= 0x0100 && manufacturer == 1) app->app_local->extcap.change_force_chv = 1; /* Check optional DO of "General Feature Management" for button. */ relptr = get_one_do (app, 0x7f74, &buffer, &buflen, NULL); if (relptr) { /* It must be: 03 81 01 20 */ app->app_local->extcap.has_button = 1; } parse_login_data (app); if (opt.verbose) show_caps (app->app_local); parse_algorithm_attribute (app, 0); parse_algorithm_attribute (app, 1); parse_algorithm_attribute (app, 2); if (opt.verbose > 1) dump_all_do (slot); app->app_local->override.cache_6e = 0; flush_cache_item (app, 0x6E); app->fnc.deinit = do_deinit; app->fnc.prep_reselect = do_prep_reselect; app->fnc.reselect = do_reselect; app->fnc.learn_status = do_learn_status; app->fnc.readcert = do_readcert; app->fnc.readkey = do_readkey; app->fnc.getattr = do_getattr; app->fnc.setattr = do_setattr; app->fnc.writecert = do_writecert; app->fnc.writekey = do_writekey; app->fnc.genkey = do_genkey; app->fnc.sign = do_sign; app->fnc.auth = do_auth; app->fnc.decipher = do_decipher; app->fnc.change_pin = do_change_pin; app->fnc.check_pin = do_check_pin; app->fnc.with_keygrip = do_with_keygrip; } leave: if (rc) do_deinit (app); return rc; } diff --git a/scd/app-p15.c b/scd/app-p15.c index 47a79d7ee..00ee12de6 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -1,5863 +1,5862 @@ /* app-p15.c - The pkcs#15 card application. * Copyright (C) 2005 Free Software Foundation, Inc. * Copyright (C) 2020, 2021 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * SPDX-License-Identifier: GPL-3.0-or-later */ /* Information pertaining to the BELPIC developer card samples: Unblock PUK: "222222111111" Reset PIN: "333333111111") e.g. the APDUs 00:20:00:02:08:2C:33:33:33:11:11:11:FF and 00:24:01:01:08:24:12:34:FF:FF:FF:FF:FF should change the PIN into 1234. */ #include #include #include #include #include -#include #include #include "scdaemon.h" #include "iso7816.h" #include "../common/i18n.h" #include "../common/tlv.h" #include "../common/host2net.h" #include "apdu.h" /* fixme: we should move the card detection to a separate file */ static const char oid_kp_codeSigning[] = "1.3.6.1.5.5.7.3.3"; static const char oid_kp_timeStamping[] = "1.3.6.1.5.5.7.3.8"; static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9"; static const char oid_kp_ms_documentSigning[] = "1.3.6.1.4.1.311.10.3.12"; static const char oid_kp_ms_old_documentSigning[] = "1.3.6.1.4.1.311.3.10.3.12"; static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4"; static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1"; static const char oid_kp_clientAuth[] = "1.3.6.1.5.5.7.3.2"; static const char oid_kp_ms_smartcardLogon[] = "1.3.6.1.4.1.311.20.2.2"; static const char oid_kp_anyExtendedKeyUsage[] = "2.5.29.37.0"; static const char oid_kp_gpgUsageCert[] = "1.3.6.1.4.1.11591.2.6.1"; static const char oid_kp_gpgUsageSign[] = "1.3.6.1.4.1.11591.2.6.2"; static const char oid_kp_gpgUsageEncr[] = "1.3.6.1.4.1.11591.2.6.3"; static const char oid_kp_gpgUsageAuth[] = "1.3.6.1.4.1.11591.2.6.4"; /* Types of cards we know and which needs special treatment. */ typedef enum { CARD_TYPE_UNKNOWN, CARD_TYPE_TCOS, CARD_TYPE_MICARDO, CARD_TYPE_CARDOS_50, CARD_TYPE_CARDOS_53, CARD_TYPE_BELPIC /* Belgian eID card specs. */ } card_type_t; /* The OS of card as specified by card_type_t is not always * sufficient. Thus we also distinguish the actual product build upon * the given OS. */ typedef enum { CARD_PRODUCT_UNKNOWN, CARD_PRODUCT_RSCS, /* Rohde&Schwarz Cybersecurity */ CARD_PRODUCT_DTRUST /* D-Trust GmbH (bundesdruckerei.de) */ } card_product_t; /* A list card types with ATRs noticed with these cards. */ #define X(a) ((unsigned char const *)(a)) static struct { size_t atrlen; unsigned char const *atr; card_type_t type; } card_atr_list[] = { { 19, X("\x3B\xBA\x13\x00\x81\x31\x86\x5D\x00\x64\x05\x0A\x02\x01\x31\x80" "\x90\x00\x8B"), CARD_TYPE_TCOS }, /* SLE44 */ { 19, X("\x3B\xBA\x14\x00\x81\x31\x86\x5D\x00\x64\x05\x14\x02\x02\x31\x80" "\x90\x00\x91"), CARD_TYPE_TCOS }, /* SLE66S */ { 19, X("\x3B\xBA\x96\x00\x81\x31\x86\x5D\x00\x64\x05\x60\x02\x03\x31\x80" "\x90\x00\x66"), CARD_TYPE_TCOS }, /* SLE66P */ { 27, X("\x3B\xFF\x94\x00\xFF\x80\xB1\xFE\x45\x1F\x03\x00\x68\xD2\x76\x00" "\x00\x28\xFF\x05\x1E\x31\x80\x00\x90\x00\x23"), CARD_TYPE_MICARDO }, /* German BMI card */ { 19, X("\x3B\x6F\x00\xFF\x00\x68\xD2\x76\x00\x00\x28\xFF\x05\x1E\x31\x80" "\x00\x90\x00"), CARD_TYPE_MICARDO }, /* German BMI card (ATR due to reader problem) */ { 26, X("\x3B\xFE\x94\x00\xFF\x80\xB1\xFA\x45\x1F\x03\x45\x73\x74\x45\x49" "\x44\x20\x76\x65\x72\x20\x31\x2E\x30\x43"), CARD_TYPE_MICARDO }, /* EstEID (Estonian Big Brother card) */ { 11, X("\x3b\xd2\x18\x00\x81\x31\xfe\x58\xc9\x01\x14"), CARD_TYPE_CARDOS_50 }, /* CardOS 5.0 */ { 11, X("\x3b\xd2\x18\x00\x81\x31\xfe\x58\xc9\x03\x16"), CARD_TYPE_CARDOS_53 }, /* CardOS 5.3 */ { 0 } }; #undef X /* Macro to test for CardOS 5.0 and 5.3. */ #define IS_CARDOS_5(a) ((a)->app_local->card_type == CARD_TYPE_CARDOS_50 \ || (a)->app_local->card_type == CARD_TYPE_CARDOS_53) /* The default PKCS-15 home DF */ #define DEFAULT_HOME_DF 0x5015 /* The AID of PKCS15. */ static char const pkcs15_aid[] = { 0xA0, 0, 0, 0, 0x63, 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 }; /* The Belgian eID variant - they didn't understood why a shared AID is useful for a standard. Oh well. */ static char const pkcs15be_aid[] = { 0xA0, 0, 0, 0x01, 0x77, 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 }; /* The PIN types as defined in pkcs#15 v1.1 */ typedef enum { PIN_TYPE_BCD = 0, PIN_TYPE_ASCII_NUMERIC = 1, PIN_TYPE_UTF8 = 2, PIN_TYPE_HALF_NIBBLE_BCD = 3, PIN_TYPE_ISO9564_1 = 4 } pin_type_t; /* A bit array with for the key usage flags from the commonKeyAttributes. */ struct keyusage_flags_s { unsigned int encrypt: 1; unsigned int decrypt: 1; unsigned int sign: 1; unsigned int sign_recover: 1; unsigned int wrap: 1; unsigned int unwrap: 1; unsigned int verify: 1; unsigned int verify_recover: 1; unsigned int derive: 1; unsigned int non_repudiation: 1; }; typedef struct keyusage_flags_s keyusage_flags_t; /* A bit array with for the key access flags from the commonKeyAttributes. */ struct keyaccess_flags_s { unsigned int any:1; /* Any access flag set. */ unsigned int sensitive:1; unsigned int extractable:1; unsigned int always_sensitive:1; unsigned int never_extractable:1; unsigned int local:1; }; typedef struct keyaccess_flags_s keyaccess_flags_t; /* A bit array with for the gpg usage flags. */ struct gpgusage_flags_s { unsigned int any:1; /* Any of the next flags are set. */ unsigned int cert:1; /* 1.3.6.1.4.1.11591.2.6.1 */ unsigned int sign:1; /* 1.3.6.1.4.1.11591.2.6.2 */ unsigned int encr:1; /* 1.3.6.1.4.1.11591.2.6.3 */ unsigned int auth:1; /* 1.3.6.1.4.1.11591.2.6.4 */ }; typedef struct gpgusage_flags_s gpgusage_flags_t; /* This is an object to store information about a Certificate Directory File (CDF) in a format suitable for further processing by us. To keep memory management, simple we use a linked list of items; i.e. one such object represents one certificate and the list the entire CDF. */ struct cdf_object_s { /* Link to next item when used in a linked list. */ struct cdf_object_s *next; /* Flags to indicate whether fields are valid. */ unsigned int have_off:1; /* Length and allocated buffer with the Id of this object. * This field is used for X.509 in PKCS#11 to make it easier to * match a private key with a certificate. */ size_t objidlen; unsigned char *objid; /* Length and allocated buffer with the authId of this object or NULL if no authID is known. */ size_t authidlen; unsigned char *authid; /* NULL or the malloced label of this object. */ char *label; /* To avoid reading and parsing a certificate more than once, we * cache the ksba object. */ ksba_cert_t cert; /* The offset and length of the object. They are only valid if HAVE_OFF is true and set to 0 if HAVE_OFF is false. */ unsigned long off, len; /* The length of the path as given in the CDF and the path itself. path[0] is the top DF (usually 0x3f00). The path will never be empty. */ size_t pathlen; unsigned short path[1]; }; typedef struct cdf_object_s *cdf_object_t; /* This is an object to store information about a Private Key Directory File (PrKDF) in a format suitable for further processing by us. To keep memory management, simple we use a linked list of items; i.e. one such object represents one certificate and the list the entire PrKDF. */ struct prkdf_object_s { /* Link to next item when used in a linked list. */ struct prkdf_object_s *next; /* Flags to indicate whether fields are valid. */ unsigned int keygrip_valid:1; unsigned int key_reference_valid:1; unsigned int have_off:1; /* Flag indicating that the corresponding PIN has already been * verified. Note that for cards which are able to return the * verification stus, this flag is not used. */ unsigned int pin_verified:1; /* PKCS#15 info whether this is an EC key. Default is RSA. Note * that there is also a KEYALGO field which is derived from the * publick key via Libgcrypt. */ unsigned int is_ecc:1; /* The key's usage flags. */ keyusage_flags_t usageflags; /* The key's access flags. */ keyaccess_flags_t accessflags; /* Extended key usage flags. Only used if .valid is set. This * information is computed from an associated certificate15. */ struct { unsigned int valid:1; unsigned int sign:1; unsigned int encr:1; unsigned int auth:1; } extusage; /* OpenPGP key features for this key. This is taken from special * extended key usage flags different from those tracked in EXTUSAGE * above. There is also no valid flag as in EXTUSAGE. */ gpgusage_flags_t gpgusage; /* The keygrip of the key. This is used as a cache. */ char keygrip[2*KEYGRIP_LEN+1]; /* A malloced algorithm string or NULL if not known. */ char *keyalgostr; /* The Gcrypt algo identifier for the key. It is valid if the * keygrip is also valid. See also is_ecc above. */ int keyalgo; /* The length of the key in bits (e.g. for RSA the length of the * modulus). It is valid if the keygrip is also valid. */ unsigned int keynbits; /* The creation time of the key or 0 if not known. */ u32 keytime; /* Malloced CN from the Subject-DN of the corresponding certificate * or NULL if not known. */ char *common_name; /* Malloced SerialNumber from the Subject-DN of the corresponding * certificate or NULL if not known. */ char *serial_number; /* Length and allocated buffer with the Id of this object. */ size_t objidlen; unsigned char *objid; /* Length and allocated buffer with the authId of this object or NULL if no authID is known. */ size_t authidlen; unsigned char *authid; /* NULL or the malloced label of this object. */ char *label; /* The keyReference and a flag telling whether it is valid. */ unsigned long key_reference; /* The offset and length of the object. They are only valid if * HAVE_OFF is true otherwise they are set to 0. */ unsigned long off, len; /* The length of the path as given in the PrKDF and the path itself. path[0] is the top DF (usually 0x3f00). */ size_t pathlen; unsigned short path[1]; }; typedef struct prkdf_object_s *prkdf_object_t; typedef struct prkdf_object_s *pukdf_object_t; /* This is an object to store information about a Authentication Object Directory File (AODF) in a format suitable for further processing by us. To keep memory management, simple we use a linked list of items; i.e. one such object represents one authentication object and the list the entire AOKDF. */ struct aodf_object_s { /* Link to next item when used in a linked list. */ struct aodf_object_s *next; /* Flags to indicate whether fields are valid. */ unsigned int have_off:1; /* Length and allocated buffer with the Id of this object. */ size_t objidlen; unsigned char *objid; /* Length and allocated buffer with the authId of this object or NULL if no authID is known. */ size_t authidlen; unsigned char *authid; /* NULL or the malloced label of this object. */ char *label; /* The file ID of this AODF. */ unsigned short fid; /* The PIN Flags. */ struct { unsigned int case_sensitive: 1; unsigned int local: 1; unsigned int change_disabled: 1; unsigned int unblock_disabled: 1; unsigned int initialized: 1; unsigned int needs_padding: 1; unsigned int unblocking_pin: 1; unsigned int so_pin: 1; unsigned int disable_allowed: 1; unsigned int integrity_protected: 1; unsigned int confidentiality_protected: 1; unsigned int exchange_ref_data: 1; } pinflags; /* The PIN Type. */ pin_type_t pintype; /* The minimum length of a PIN. */ unsigned long min_length; /* The stored length of a PIN. */ unsigned long stored_length; /* The maximum length of a PIN and a flag telling whether it is valid. */ unsigned long max_length; int max_length_valid; /* The pinReference and a flag telling whether it is valid. */ unsigned long pin_reference; int pin_reference_valid; /* The padChar and a flag telling whether it is valid. */ char pad_char; int pad_char_valid; /* The offset and length of the object. They are only valid if HAVE_OFF is true and set to 0 if HAVE_OFF is false. */ unsigned long off, len; /* The length of the path as given in the Aodf and the path itself. path[0] is the top DF (usually 0x3f00). PATH is optional and thus may be NULL. Malloced.*/ size_t pathlen; unsigned short *path; }; typedef struct aodf_object_s *aodf_object_t; /* Context local to this application. */ struct app_local_s { /* The home DF. Note, that we don't yet support a multilevel hierarchy. Thus we assume this is directly below the MF. */ unsigned short home_df; /* The type of the card's OS. */ card_type_t card_type; /* The vendor's product. */ card_product_t card_product; /* Flag indicating whether we may use direct path selection. */ int direct_path_selection; /* Flag indicating whether the card has any key with a gpgusage set. */ int any_gpgusage; /* Structure with the EFIDs of the objects described in the ODF file. */ struct { unsigned short private_keys; unsigned short public_keys; unsigned short trusted_public_keys; unsigned short secret_keys; unsigned short certificates; unsigned short trusted_certificates; unsigned short useful_certificates; unsigned short data_objects; unsigned short auth_objects; } odf; /* The PKCS#15 serialnumber from EF(TokeiNFo) or NULL. Malloced. */ unsigned char *serialno; size_t serialnolen; /* The manufacturerID from the TokenInfo EF. Malloced or NULL. */ char *manufacturer_id; /* The label from the TokenInfo EF. Malloced or NULL. */ char *token_label; /* The tokenflags from the TokenInfo EF. Malloced or NULL. */ unsigned char *tokenflags; unsigned int tokenflagslen; /* Information on all certificates. */ cdf_object_t certificate_info; /* Information on all trusted certificates. */ cdf_object_t trusted_certificate_info; /* Information on all useful certificates. */ cdf_object_t useful_certificate_info; /* Information on all public keys. */ prkdf_object_t public_key_info; /* Information on all private keys. */ pukdf_object_t private_key_info; /* Information on all authentication objects. */ aodf_object_t auth_object_info; }; /*** Local prototypes. ***/ static gpg_error_t select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen); static gpg_error_t keygrip_from_prkdf (app_t app, prkdf_object_t prkdf); static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf, unsigned char **r_cert, size_t *r_certlen); static char *get_dispserialno (app_t app, prkdf_object_t prkdf); static gpg_error_t do_getattr (app_t app, ctrl_t ctrl, const char *name); static const char * cardtype2str (card_type_t cardtype) { switch (cardtype) { case CARD_TYPE_UNKNOWN: return ""; case CARD_TYPE_TCOS: return "TCOS"; case CARD_TYPE_MICARDO: return "Micardo"; case CARD_TYPE_CARDOS_50: return "CardOS 5.0"; case CARD_TYPE_CARDOS_53: return "CardOS 5.3"; case CARD_TYPE_BELPIC: return "Belgian eID"; } return ""; } static const char * cardproduct2str (card_product_t cardproduct) { switch (cardproduct) { case CARD_PRODUCT_UNKNOWN: return ""; case CARD_PRODUCT_RSCS: return "RSCS"; case CARD_PRODUCT_DTRUST: return "D-Trust"; } return ""; } /* Release the CDF object A */ static void release_cdflist (cdf_object_t a) { while (a) { cdf_object_t tmp = a->next; ksba_free (a->cert); xfree (a->objid); xfree (a->authid); xfree (a->label); xfree (a); a = tmp; } } /* Release the PrKDF object A. */ static void release_prkdflist (prkdf_object_t a) { while (a) { prkdf_object_t tmp = a->next; xfree (a->keyalgostr); xfree (a->common_name); xfree (a->serial_number); xfree (a->objid); xfree (a->authid); xfree (a->label); xfree (a); a = tmp; } } static void release_pukdflist (pukdf_object_t a) { release_prkdflist (a); } /* Release just one aodf object. */ void release_aodf_object (aodf_object_t a) { if (a) { xfree (a->objid); xfree (a->authid); xfree (a->label); xfree (a->path); xfree (a); } } /* Release the AODF list A. */ static void release_aodflist (aodf_object_t a) { while (a) { aodf_object_t tmp = a->next; release_aodf_object (a); a = tmp; } } /* Release all local resources. */ static void do_deinit (app_t app) { if (app && app->app_local) { release_cdflist (app->app_local->certificate_info); release_cdflist (app->app_local->trusted_certificate_info); release_cdflist (app->app_local->useful_certificate_info); release_pukdflist (app->app_local->public_key_info); release_prkdflist (app->app_local->private_key_info); release_aodflist (app->app_local->auth_object_info); xfree (app->app_local->manufacturer_id); xfree (app->app_local->token_label); xfree (app->app_local->tokenflags); xfree (app->app_local->serialno); xfree (app->app_local); app->app_local = NULL; } } /* Do a select and a read for the file with EFID. EFID_DESC is a desctription of the EF to be used with error messages. On success BUFFER and BUFLEN contain the entire content of the EF. The caller must free BUFFER only on success. If EFID is 0 no seelct is done. */ static gpg_error_t select_and_read_binary (app_t app, unsigned short efid, const char *efid_desc, unsigned char **buffer, size_t *buflen) { gpg_error_t err; int sw; if (efid) { err = select_ef_by_path (app, &efid, 1); if (err) { log_error ("p15: error selecting %s (0x%04X): %s\n", efid_desc, efid, gpg_strerror (err)); return err; } } err = iso7816_read_binary_ext (app_get_slot (app), 0, 0, 0, buffer, buflen, &sw); if (err) log_error ("p15: error reading %s (0x%04X): %s (sw=%04X)\n", efid_desc, efid, gpg_strerror (err), sw); return err; } /* If EFID is not 0 do a select and then read the record RECNO. * EFID_DESC is a description of the EF to be used with error * messages. On success BUFFER and BUFLEN contain the entire content * of the EF. The caller must free BUFFER only on success. */ static gpg_error_t select_and_read_record (app_t app, unsigned short efid, int recno, const char *efid_desc, unsigned char **buffer, size_t *buflen, int *r_sw) { gpg_error_t err; int sw; if (r_sw) *r_sw = 0x9000; if (efid) { err = select_ef_by_path (app, &efid, 1); if (err) { log_error ("p15: error selecting %s (0x%04X): %s\n", efid_desc, efid, gpg_strerror (err)); if (r_sw) *r_sw = sw; return err; } } err = iso7816_read_record_ext (app_get_slot (app), recno, 1, 0, buffer, buflen, &sw); if (err) { if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) ; else if (err && sw == SW_FILE_STRUCT) ; else log_error ("p15: error reading %s (0x%04X) record %d: %s (sw=%04X)\n", efid_desc, efid, recno, gpg_strerror (err), sw); if (r_sw) *r_sw = sw; return err; } /* On CardOS with a Linear TLV file structure the records starts * with some tag (often the record number) followed by the length * byte for this record. Detect and remove this prefix. */ if (*buflen > 2 && (*buffer)[0] != 0x30 && (*buffer)[1] == *buflen - 2) { memmove (*buffer, *buffer + 2, *buflen - 2); *buflen = *buflen - 2; } return 0; } /* This function calls select file to read a file using a complete path which may or may not start at the master file (MF). */ static gpg_error_t select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) { gpg_error_t err; int i, j; if (!pathlen) return gpg_error (GPG_ERR_INV_VALUE); /* log_debug ("%s: path=", __func__); */ /* for (j=0; j < pathlen; j++) */ /* log_printf ("%s%04hX", j? "/":"", path[j]); */ /* log_printf ("%s\n",app->app_local->direct_path_selection?" (direct)":"");*/ if (app->app_local->direct_path_selection) { if (pathlen && *path == 0x3f00 ) { if (pathlen == 1) err = iso7816_select_mf (app_get_slot (app)); else err = iso7816_select_path (app_get_slot (app), path+1, pathlen-1, 0); } else err = iso7816_select_path (app_get_slot (app), path, pathlen, app->app_local->home_df); if (err) { log_error ("p15: error selecting path "); goto err_print_path; } } else { if (pathlen && *path != 0x3f00 ) log_error ("p15: warning: relative path select not yet implemented\n"); /* FIXME: Use home_df. */ for (i=0; i < pathlen; i++) { err = iso7816_select_file (app_get_slot (app), path[i], !(i+1 == pathlen)); if (err) { log_error ("p15: error selecting part %d from path ", i); goto err_print_path; } } } return 0; err_print_path: if (pathlen && *path != 0x3f00 ) log_printf ("3F00/"); else log_printf ("%04hX/", app->app_local->home_df); for (j=0; j < pathlen; j++) log_printf ("%s%04hX", j? "/":"", path[j]); log_printf (": %s\n", gpg_strerror (err)); return err; } /* Parse a cert Id string (or a key Id string) and return the binary object Id string in a newly allocated buffer stored at R_OBJID and R_OBJIDLEN. On Error NULL will be stored there and an error code returned. On success caller needs to free the buffer at R_OBJID. */ static gpg_error_t parse_certid (app_t app, const char *certid, unsigned char **r_objid, size_t *r_objidlen) { char tmpbuf[10]; const char *s; size_t objidlen; unsigned char *objid; int i; *r_objid = NULL; *r_objidlen = 0; if (certid[0] != 'P' && strlen (certid) == 40) /* This is a keygrip. */ { prkdf_object_t prkdf; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) if (!keygrip_from_prkdf (app, prkdf) && !strcmp (certid, prkdf->keygrip)) break; if (!prkdf || !prkdf->objidlen || !prkdf->objid) return gpg_error (GPG_ERR_NOT_FOUND); objidlen = prkdf->objidlen; objid = xtrymalloc (objidlen); if (!objid) return gpg_error_from_syserror (); memcpy (objid, prkdf->objid, prkdf->objidlen); } else /* This is a usual keyref. */ { if (app->app_local->home_df != DEFAULT_HOME_DF) snprintf (tmpbuf, sizeof tmpbuf, "P15-%04X.", (unsigned int)(app->app_local->home_df & 0xffff)); else strcpy (tmpbuf, "P15."); if (strncmp (certid, tmpbuf, strlen (tmpbuf)) ) { if (!strncmp (certid, "P15.", 4) || (!strncmp (certid, "P15-", 4) && hexdigitp (certid+4) && hexdigitp (certid+5) && hexdigitp (certid+6) && hexdigitp (certid+7) && certid[8] == '.')) return gpg_error (GPG_ERR_NOT_FOUND); return gpg_error (GPG_ERR_INV_ID); } certid += strlen (tmpbuf); for (s=certid, objidlen=0; hexdigitp (s); s++, objidlen++) ; if (*s || !objidlen || (objidlen%2)) return gpg_error (GPG_ERR_INV_ID); objidlen /= 2; objid = xtrymalloc (objidlen); if (!objid) return gpg_error_from_syserror (); for (s=certid, i=0; i < objidlen; i++, s+=2) objid[i] = xtoi_2 (s); } *r_objid = objid; *r_objidlen = objidlen; return 0; } /* Find a certificate object by its object ID and store a pointer to * it at R_CDF. */ static gpg_error_t cdf_object_from_objid (app_t app, size_t objidlen, const unsigned char *objid, cdf_object_t *r_cdf) { cdf_object_t cdf; for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen)) break; if (!cdf) for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen)) break; if (!cdf) for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen)) break; if (!cdf) return gpg_error (GPG_ERR_NOT_FOUND); *r_cdf = cdf; return 0; } /* Find a certificate object by the certificate ID CERTID and store a * pointer to it at R_CDF. */ static gpg_error_t cdf_object_from_certid (app_t app, const char *certid, cdf_object_t *r_cdf) { gpg_error_t err; size_t objidlen; unsigned char *objid; cdf_object_t cdf; err = parse_certid (app, certid, &objid, &objidlen); if (err) return err; err = cdf_object_from_objid (app, objidlen, objid, &cdf); xfree (objid); if (err) return err; *r_cdf = cdf; return 0; } /* Find a private key object by the key Id string KEYIDSTR and store a pointer to it at R_PRKDF. */ static gpg_error_t prkdf_object_from_keyidstr (app_t app, const char *keyidstr, prkdf_object_t *r_prkdf) { gpg_error_t err; size_t objidlen; unsigned char *objid; prkdf_object_t prkdf; err = parse_certid (app, keyidstr, &objid, &objidlen); if (err) return err; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) if (prkdf->objidlen == objidlen && !memcmp (prkdf->objid, objid, objidlen)) break; xfree (objid); if (!prkdf) return gpg_error (GPG_ERR_NOT_FOUND); *r_prkdf = prkdf; return 0; } /* Read and parse the Object Directory File and store away the pointers. ODF_FID shall contain the FID of the ODF. Example of such a file: A0 06 30 04 04 02 60 34 = Private Keys A4 06 30 04 04 02 60 35 = Certificates A5 06 30 04 04 02 60 36 = Trusted Certificates A7 06 30 04 04 02 60 37 = Data Objects A8 06 30 04 04 02 60 38 = Auth Objects These are all PathOrObjects using the path CHOICE element. The paths are octet strings of length 2. Using this Path CHOICE element is recommended, so we only implement that for now. */ static gpg_error_t read_ef_odf (app_t app, unsigned short odf_fid) { gpg_error_t err; unsigned char *buffer, *p; size_t buflen, n; unsigned short value; size_t offset; unsigned short home_df = 0; err = select_and_read_binary (app, odf_fid, "ODF", &buffer, &buflen); if (err) return err; if (buflen < 8) { log_error ("p15: error: ODF too short\n"); xfree (buffer); return gpg_error (GPG_ERR_INV_OBJ); } home_df = app->app_local->home_df; p = buffer; while (buflen && *p && *p != 0xff) { if ( buflen >= 8 && (p[0] & 0xf0) == 0xA0 && !memcmp (p+1, "\x06\x30\x04\x04\x02", 5) ) { offset = 6; } else if ( buflen >= 12 && (p[0] & 0xf0) == 0xA0 && !memcmp (p+1, "\x0a\x30\x08\x04\x06\x3F\x00", 7) && (!home_df || home_df == ((p[8]<<8)|p[9])) ) { /* FIXME: Is this hack still required? */ /* If we do not know the home DF, we take it from the first * ODF object. Here are sample values: * a0 0a 30 08 0406 3f00 5015 4401 * a1 0a 30 08 0406 3f00 5015 4411 * a4 0a 30 08 0406 3f00 5015 4441 * a5 0a 30 08 0406 3f00 5015 4451 * a8 0a 30 08 0406 3f00 5015 4481 * 00000000 */ if (!home_df) { home_df = ((p[8]<<8)|p[9]); app->app_local->home_df = home_df; log_info ("p15: application directory detected as 0x%04hX\n", home_df); /* We assume that direct path selection is possible. */ app->app_local->direct_path_selection = 1; } /* We only allow a full path if all files are at the same level and below the home directory. To extend this we would need to make use of new data type capable of keeping a full path. */ offset = 10; } else { log_printhex (p, buflen, "p15: ODF format not supported:"); xfree (buffer); return gpg_error (GPG_ERR_INV_OBJ); } switch ((p[0] & 0x0f)) { case 0: value = app->app_local->odf.private_keys; break; case 1: value = app->app_local->odf.public_keys; break; case 2: value = app->app_local->odf.trusted_public_keys; break; case 3: value = app->app_local->odf.secret_keys; break; case 4: value = app->app_local->odf.certificates; break; case 5: value = app->app_local->odf.trusted_certificates; break; case 6: value = app->app_local->odf.useful_certificates; break; case 7: value = app->app_local->odf.data_objects; break; case 8: value = app->app_local->odf.auth_objects; break; default: value = 0; break; } if (value) { log_error ("p15: duplicate object type %d in ODF ignored\n", (p[0]&0x0f)); continue; } value = ((p[offset] << 8) | p[offset+1]); switch ((p[0] & 0x0f)) { case 0: app->app_local->odf.private_keys = value; break; case 1: app->app_local->odf.public_keys = value; break; case 2: app->app_local->odf.trusted_public_keys = value; break; case 3: app->app_local->odf.secret_keys = value; break; case 4: app->app_local->odf.certificates = value; break; case 5: app->app_local->odf.trusted_certificates = value; break; case 6: app->app_local->odf.useful_certificates = value; break; case 7: app->app_local->odf.data_objects = value; break; case 8: app->app_local->odf.auth_objects = value; break; default: log_error ("p15: unknown object type %d in ODF ignored\n", (p[0]&0x0f)); } offset += 2; if (buflen < offset) break; p += offset; buflen -= offset; } if (buflen) { /* Print a warning if non-null garbage is left over. */ for (n=0; n < buflen && !p[n]; n++) ; if (n < buflen) { log_info ("p15: warning: garbage detected at end of ODF: "); log_printhex (p, buflen, ""); } } xfree (buffer); return 0; } /* Helper for the read_ef_foo functions to read the first record or * the entire data. */ static gpg_error_t read_first_record (app_t app, unsigned short fid, const char *fid_desc, unsigned char **r_buffer, size_t *r_buflen, int *r_use_read_record) { gpg_error_t err; int sw; *r_buffer = NULL; *r_buflen = 0; *r_use_read_record = 0; if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No such file. */ if (IS_CARDOS_5 (app)) { *r_use_read_record = 1; err = select_and_read_record (app, fid, 1, fid_desc, r_buffer, r_buflen, &sw); if (err && sw == SW_FILE_STRUCT) { *r_use_read_record = 0; err = select_and_read_binary (app, 0, fid_desc, r_buffer, r_buflen); } } else err = select_and_read_binary (app, fid, fid_desc, r_buffer, r_buflen); /* We get a not_found state in read_record mode if the select * succeeded but reading the record failed. Map that to no_data * which is what the caller of the read_ef_foo functions expect. */ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = gpg_error (GPG_ERR_NO_DATA); return err; } /* Parse the BIT STRING with the keyUsageFlags from the CommonKeyAttributes. */ static gpg_error_t parse_keyusage_flags (const unsigned char *der, size_t derlen, keyusage_flags_t *usageflags) { unsigned int bits, mask; int i, unused, full; memset (usageflags, 0, sizeof *usageflags); if (!derlen) return gpg_error (GPG_ERR_INV_OBJ); unused = *der++; derlen--; if ((!derlen && unused) || unused/8 > derlen) return gpg_error (GPG_ERR_ENCODING_PROBLEM); full = derlen - (unused+7)/8; unused %= 8; mask = 0; for (i=1; unused; i <<= 1, unused--) mask |= i; /* First octet */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; mask = 0; } } else bits = 0; if ((bits & 0x80)) usageflags->encrypt = 1; if ((bits & 0x40)) usageflags->decrypt = 1; if ((bits & 0x20)) usageflags->sign = 1; if ((bits & 0x10)) usageflags->sign_recover = 1; if ((bits & 0x08)) usageflags->wrap = 1; if ((bits & 0x04)) usageflags->unwrap = 1; if ((bits & 0x02)) usageflags->verify = 1; if ((bits & 0x01)) usageflags->verify_recover = 1; /* Second octet. */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; } } else bits = 0; if ((bits & 0x80)) usageflags->derive = 1; if ((bits & 0x40)) usageflags->non_repudiation = 1; return 0; } static void dump_keyusage_flags (keyusage_flags_t usageflags) { const char *s = ""; log_info ("p15: usage="); if (usageflags.encrypt) log_printf ("%sencrypt", s), s = ","; if (usageflags.decrypt) log_printf ("%sdecrypt", s), s = ","; if (usageflags.sign ) log_printf ("%ssign", s), s = ","; if (usageflags.sign_recover) log_printf ("%ssign_recover", s), s = ","; if (usageflags.wrap ) log_printf ("%swrap", s), s = ","; if (usageflags.unwrap ) log_printf ("%sunwrap", s), s = ","; if (usageflags.verify ) log_printf ("%sverify", s), s = ","; if (usageflags.verify_recover) log_printf ("%sverify_recover", s), s = ","; if (usageflags.derive ) log_printf ("%sderive", s), s = ","; if (usageflags.non_repudiation) log_printf ("%snon_repudiation", s), s = ","; } static void dump_keyaccess_flags (keyaccess_flags_t accessflags) { const char *s = ""; log_info ("p15: access="); if (accessflags.sensitive) log_printf ("%ssensitive", s), s = ","; if (accessflags.extractable) log_printf ("%sextractable", s), s = ","; if (accessflags.always_sensitive) log_printf ("%salways_sensitive", s), s = ","; if (accessflags.never_extractable) log_printf ("%snever_extractable", s), s = ","; if (accessflags.local) log_printf ("%slocal", s), s = ","; } static void dump_gpgusage_flags (gpgusage_flags_t gpgusage) { const char *s = ""; log_info ("p15: gpgusage="); if (gpgusage.cert) log_printf ("%scert", s), s = ","; if (gpgusage.sign) log_printf ("%ssign", s), s = ","; if (gpgusage.encr) log_printf ("%sencr", s), s = ","; if (gpgusage.auth) log_printf ("%sauth", s), s = ","; } /* Parse the BIT STRING with the keyAccessFlags from the CommonKeyAttributes. */ static gpg_error_t parse_keyaccess_flags (const unsigned char *der, size_t derlen, keyaccess_flags_t *accessflags) { unsigned int bits, mask; int i, unused, full; memset (accessflags, 0, sizeof *accessflags); if (!derlen) return gpg_error (GPG_ERR_INV_OBJ); unused = *der++; derlen--; if ((!derlen && unused) || unused/8 > derlen) return gpg_error (GPG_ERR_ENCODING_PROBLEM); full = derlen - (unused+7)/8; unused %= 8; mask = 0; for (i=1; unused; i <<= 1, unused--) mask |= i; /* First octet */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; mask = 0; } } else bits = 0; if ((bits & 0x10)) accessflags->local = 1; if ((bits & 0x08)) accessflags->never_extractable = 1; if ((bits & 0x04)) accessflags->always_sensitive = 1; if ((bits & 0x02)) accessflags->extractable = 1; if ((bits & 0x01)) accessflags->sensitive = 1; accessflags->any = 1; return 0; } /* Parse the commonObjectAttributes and store a malloced authid at * (r_authid,r_authidlen). (NULL,0) is stored on error or if no * authid is found. IF R_LABEL is not NULL the label is stored there * as a malloced string (spaces are replaced by underscores). * * Example data: * 2 30 17: SEQUENCE { -- commonObjectAttributes * 4 0C 8: UTF8String 'SK.CH.DS' -- label * 14 03 2: BIT STRING 6 unused bits * : '01'B (bit 0) * 18 04 1: OCTET STRING --authid * : 07 * : } */ static gpg_error_t parse_common_obj_attr (unsigned char const **buffer, size_t *size, unsigned char **r_authid, size_t *r_authidlen, char **r_label) { gpg_error_t err; int where; int class, tag, constructed, ndef; size_t objlen, hdrlen, nnn; const unsigned char *ppp; int ignore_eof = 0; char *p; *r_authid = NULL; *r_authidlen = 0; if (r_label) *r_label = NULL; where = __LINE__; err = parse_ber_header (buffer, size, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > *size || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; ppp = *buffer; nnn = objlen; *buffer += objlen; *size -= objlen; /* Search the optional AuthId. */ ignore_eof = 1; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; if (tag == TAG_UTF8_STRING) { if (r_label) { *r_label = xtrymalloc (objlen + 1); if (!*r_label) { err = gpg_error_from_syserror (); goto leave; } memcpy (*r_label, ppp, objlen); (*r_label)[objlen] = 0; /* We don't want spaces in the labels due to the properties * of CHV-LABEL. */ for (p = *r_label; *p; p++) if (ascii_isspace (*p)) *p = '_'; } ppp += objlen; nnn -= objlen; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } if (tag == TAG_BIT_STRING) { ppp += objlen; /* Skip the CommonObjectFlags. */ nnn -= objlen; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } if (tag == TAG_OCTET_STRING && objlen) { *r_authid = xtrymalloc (objlen); if (!*r_authid) { err = gpg_error_from_syserror (); goto leave; } memcpy (*r_authid, ppp, objlen); *r_authidlen = objlen; } leave: if (ignore_eof && gpg_err_code (err) == GPG_ERR_EOF) err = 0; else if (err) log_error ("p15: error parsing commonObjectAttributes at %d: %s\n", where, gpg_strerror (err)); if (err && r_label) { xfree (*r_label); *r_label = NULL; } return err; } /* Parse the commonKeyAttributes. On success store the objid at * (R_OBJID/R_OBJIDLEN), sets the key usage flags at USAGEFLAGS and * the optiona key refrence at R_KEY_REFERENCE. The latter is only * valid if true is also stored at R_KEY_REFERENCE_VALID. * * Example data: * * 21 30 12: SEQUENCE { -- commonKeyAttributes * 23 04 1: OCTET STRING * : 01 * 26 03 3: BIT STRING 6 unused bits * : '1000000000'B (bit 9) * 31 02 2: INTEGER 80 -- keyReference (optional) * : } */ static gpg_error_t parse_common_key_attr (unsigned char const **buffer, size_t *size, unsigned char **r_objid, size_t *r_objidlen, keyusage_flags_t *usageflags, keyaccess_flags_t *accessflags, unsigned long *r_key_reference, int *r_key_reference_valid) { gpg_error_t err; int where; int class, tag, constructed, ndef; size_t objlen, hdrlen, nnn; const unsigned char *ppp; int ignore_eof = 0; unsigned long ul; const unsigned char *objid = NULL; size_t objidlen; unsigned long key_reference = 0; int key_reference_valid = 0; *r_objid = NULL; *r_objidlen = 0; memset (usageflags, 0, sizeof *usageflags); memset (accessflags, 0, sizeof *accessflags); *r_key_reference_valid = 0; where = __LINE__; err = parse_ber_header (buffer, size, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > *size || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; ppp = *buffer; nnn = objlen; *buffer += objlen; *size -= objlen; /* Get the Id. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; objid = ppp; objidlen = objlen; ppp += objlen; nnn -= objlen; /* Get the KeyUsageFlags. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; err = parse_keyusage_flags (ppp, objlen, usageflags); if (err) goto leave; ppp += objlen; nnn -= objlen; ignore_eof = 1; /* Remaining items are optional. */ /* Find the keyReference */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; if (class == CLASS_UNIVERSAL && tag == TAG_BOOLEAN) { /* Skip the native element. */ ppp += objlen; nnn -= objlen; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING) { /* These are the keyAccessFlags. */ err = parse_keyaccess_flags (ppp, objlen, accessflags); if (err) goto leave; ppp += objlen; nnn -= objlen; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER) { /* This is the keyReference. */ for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*ppp++) & 0xff; nnn--; } key_reference = ul; key_reference_valid = 1; } leave: if (ignore_eof && gpg_err_code (err) == GPG_ERR_EOF) err = 0; if (!err) { if (!objid || !objidlen) err = gpg_error (GPG_ERR_INV_OBJ); else { *r_objid = xtrymalloc (objidlen); if (!*r_objid) err = gpg_error_from_syserror (); else { memcpy (*r_objid, objid, objidlen); *r_objidlen = objidlen; } } } if (!err && key_reference_valid) { *r_key_reference = key_reference; *r_key_reference_valid = 1; } if (err) log_error ("p15: error parsing commonKeyAttributes at %d: %s\n", where, gpg_strerror (err)); return err; } /* Read and parse the Private Key Directory Files. * * Sample object: * SEQUENCE { * SEQUENCE { -- commonObjectAttributes * UTF8String 'SK.CH.DS' * BIT STRING 6 unused bits * '01'B (bit 0) -- flags: non-modifiable,private * OCTET STRING --authid * 07 * } * SEQUENCE { -- commonKeyAttributes * OCTET STRING * 01 * BIT STRING 6 unused bits * '1000000000'B (bit 9) -- keyusage: non-repudiation * INTEGER 80 -- keyReference (optional) * } * [1] { -- keyAttributes * SEQUENCE { -- privateRSAKeyAttributes * SEQUENCE { -- objectValue * OCTET STRING --path * 3F 00 40 16 00 50 * } * INTEGER 1024 -- modulus * } * } * } * * Sample part for EC objects: * [1] { -- keyAttributes * [1] { -- privateECkeyAttributes * SEQUENCE { -- objectValue * SEQUENCE { --path * OCTET STRING 50 72 4B 03 * } * INTEGER 33 -- Not in PKCS#15v1.1, need to buy 7816-15? * } * } */ static gpg_error_t read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) { gpg_error_t err; unsigned char *buffer; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; prkdf_object_t prkdflist = NULL; int i; int recno = 1; unsigned char *authid = NULL; size_t authidlen = 0; unsigned char *objid = NULL; size_t objidlen = 0; char *label = NULL; int record_mode; err = read_first_record (app, fid, "PrKDF", &buffer, &buflen, &record_mode); if (err) return err; p = buffer; n = buflen; /* Loop over the records. We stop as soon as we detect a new record starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ while (n && *p && *p != 0xff) { const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; prkdf_object_t prkdf = NULL; unsigned long ul; keyusage_flags_t usageflags; keyaccess_flags_t accessflags; unsigned long key_reference = 0; int key_reference_valid = 0; int is_ecc = 0; where = __LINE__; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (objlen > n) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* PrivateRSAKeyAttributes */ else if (class == CLASS_CONTEXT) { switch (tag) { case 0: is_ecc = 1; break; /* PrivateECKeyAttributes */ case 1: errstr = "DH key objects are not supported"; break; case 2: errstr = "DSA key objects are not supported"; break; case 3: errstr = "KEA key objects are not supported"; break; default: errstr = "unknown privateKeyObject"; break; } if (errstr) goto parse_error; } else { err = gpg_error (GPG_ERR_INV_OBJ); goto parse_error; } if (err) { log_error ("p15: error parsing PrKDF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; nn = objlen; p += objlen; n -= objlen; /* Parse the commonObjectAttributes. */ where = __LINE__; xfree (authid); xfree (label); err = parse_common_obj_attr (&pp, &nn, &authid, &authidlen, &label); if (err) goto parse_error; /* Parse the commonKeyAttributes. */ where = __LINE__; xfree (objid); err = parse_common_key_attr (&pp, &nn, &objid, &objidlen, &usageflags, &accessflags, &key_reference, &key_reference_valid); if (err) goto parse_error; log_assert (objid); /* Skip commonPrivateKeyAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class == CLASS_CONTEXT && tag == 0) { pp += objlen; nn -= objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); } /* Parse the keyAttributes. */ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* A typeAttribute always starts with a sequence. */ else err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* Check that the reference is a Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { errstr = "unsupported reference type"; goto parse_error; } nn = objlen; /* Parse the Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* Make sure that the next element is a non zero path and of even length (FID are two bytes each). */ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING || !objlen || (objlen & 1) ) { errstr = "invalid path reference"; goto parse_error; } /* Create a new PrKDF list item. */ prkdf = xtrycalloc (1, (sizeof *prkdf - sizeof(unsigned short) + objlen/2 * sizeof(unsigned short))); if (!prkdf) { err = gpg_error_from_syserror (); goto leave; } prkdf->is_ecc = is_ecc; prkdf->objidlen = objidlen; prkdf->objid = objid; objid = NULL; if (authid) { prkdf->authidlen = authidlen; prkdf->authid = authid; authid = NULL; } if (label) { prkdf->label = label; label = NULL; } prkdf->pathlen = objlen/2; for (i=0; i < prkdf->pathlen; i++, pp += 2, nn -= 2) prkdf->path[i] = ((pp[0] << 8) | pp[1]); prkdf->usageflags = usageflags; prkdf->accessflags = accessflags; prkdf->key_reference = key_reference; prkdf->key_reference_valid = key_reference_valid; if (nn) { /* An index and length follows. */ prkdf->have_off = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } prkdf->off = ul; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 0)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } prkdf->len = ul; } /* The info is printed later in read_p15_info because we also * want to look at the certificates. */ /* Put it into the list. */ prkdf->next = prkdflist; prkdflist = prkdf; prkdf = NULL; goto next_record; /* Ready with this record. */ parse_error: log_error ("p15: error parsing PrKDF record at %d: %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); if (prkdf) { xfree (prkdf->objid); xfree (prkdf->authid); xfree (prkdf->label); xfree (prkdf); } err = 0; next_record: /* If the card uses a record oriented file structure, read the * next record. Otherwise we keep on parsing the current buffer. */ recno++; if (record_mode) { xfree (buffer); buffer = NULL; err = select_and_read_record (app, 0, recno, "PrKDF", &buffer, &buflen, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; goto leave; } p = buffer; n = buflen; } } /* End looping over all records. */ leave: xfree (authid); xfree (label); xfree (objid); xfree (buffer); if (err) release_prkdflist (prkdflist); else *result = prkdflist; return err; } /* Read and parse the Public Keys Directory File. */ static gpg_error_t read_ef_pukdf (app_t app, unsigned short fid, pukdf_object_t *result) { gpg_error_t err; unsigned char *buffer; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; pukdf_object_t pukdflist = NULL; int i; int recno = 1; unsigned char *authid = NULL; size_t authidlen = 0; unsigned char *objid = NULL; size_t objidlen = 0; char *label = NULL; int record_mode; err = read_first_record (app, fid, "PuKDF", &buffer, &buflen, &record_mode); if (err) return err; p = buffer; n = buflen; /* Loop over the records. We stop as soon as we detect a new record * starting with 0x00 or 0xff as these values are commonly used to * pad data blocks and are no valid ASN.1 encoding. Note the * special handling for record mode at the end of the loop. */ while (n && *p && *p != 0xff) { const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; pukdf_object_t pukdf = NULL; unsigned long ul; keyusage_flags_t usageflags; keyaccess_flags_t accessflags; unsigned long key_reference = 0; int key_reference_valid = 0; where = __LINE__; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (objlen > n) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* PublicRSAKeyAttributes */ else if (class == CLASS_CONTEXT) { switch (tag) { case 0: break; /* EC key object */ case 1: errstr = "DH key objects are not supported"; break; case 2: errstr = "DSA key objects are not supported"; break; case 3: errstr = "KEA key objects are not supported"; break; default: errstr = "unknown publicKeyObject"; break; } if (errstr) goto parse_error; } else { err = gpg_error (GPG_ERR_INV_OBJ); goto parse_error; } if (err) { log_error ("p15: error parsing PuKDF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; nn = objlen; p += objlen; n -= objlen; /* Parse the commonObjectAttributes. */ where = __LINE__; xfree (authid); xfree (label); err = parse_common_obj_attr (&pp, &nn, &authid, &authidlen, &label); if (err) goto parse_error; /* Parse the commonKeyAttributes. */ where = __LINE__; xfree (objid); err = parse_common_key_attr (&pp, &nn, &objid, &objidlen, &usageflags, &accessflags, &key_reference, &key_reference_valid); if (err) goto parse_error; log_assert (objid); /* Parse the subClassAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class == CLASS_CONTEXT && tag == 0) { /* Skip this CommonPublicKeyAttribute. */ pp += objlen; nn -= objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); } /* We expect a typeAttribute. */ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* No typeAttribute. */ nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* A typeAttribute always starts with a sequence. */ else err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* Check that the reference is a Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { errstr = "unsupported reference type"; goto parse_error; } nn = objlen; /* Parse the Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* Make sure that the next element is a non zero path and of even length (FID are two bytes each). */ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING || !objlen || (objlen & 1) ) { errstr = "invalid path reference"; goto parse_error; } /* Create a new PuKDF list item. */ pukdf = xtrycalloc (1, (sizeof *pukdf - sizeof(unsigned short) + objlen/2 * sizeof(unsigned short))); if (!pukdf) { err = gpg_error_from_syserror (); goto leave; } pukdf->objidlen = objidlen; pukdf->objid = objid; objid = NULL; if (authid) { pukdf->authidlen = authidlen; pukdf->authid = authid; authid = NULL; } if (label) { pukdf->label = label; label = NULL; } pukdf->pathlen = objlen/2; for (i=0; i < pukdf->pathlen; i++, pp += 2, nn -= 2) pukdf->path[i] = ((pp[0] << 8) | pp[1]); pukdf->usageflags = usageflags; pukdf->accessflags = accessflags; pukdf->key_reference = key_reference; pukdf->key_reference_valid = key_reference_valid; if (nn) { /* An index and length follows. */ pukdf->have_off = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } pukdf->off = ul; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 0)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } pukdf->len = ul; } if (opt.verbose) { log_info ("p15: PuKDF %04hX: id=", fid); for (i=0; i < pukdf->objidlen; i++) log_printf ("%02X", pukdf->objid[i]); if (pukdf->label) log_printf (" (%s)", pukdf->label); log_info ("p15: path="); for (i=0; i < pukdf->pathlen; i++) log_printf ("%s%04hX", i?"/":"",pukdf->path[i]); if (pukdf->have_off) log_printf ("[%lu/%lu]", pukdf->off, pukdf->len); if (pukdf->authid) { log_printf (" authid="); for (i=0; i < pukdf->authidlen; i++) log_printf ("%02X", pukdf->authid[i]); } if (pukdf->key_reference_valid) log_printf (" keyref=0x%02lX", pukdf->key_reference); if (pukdf->accessflags.any) dump_keyaccess_flags (pukdf->accessflags); dump_keyusage_flags (pukdf->usageflags); log_printf ("\n"); } /* Put it into the list. */ pukdf->next = pukdflist; pukdflist = pukdf; pukdf = NULL; goto next_record; /* Ready with this record. */ parse_error: log_error ("p15: error parsing PuKDF record at %d: %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); if (pukdf) { xfree (pukdf->objid); xfree (pukdf->authid); xfree (pukdf->label); xfree (pukdf); } err = 0; next_record: /* If the card uses a record oriented file structure, read the * next record. Otherwise we keep on parsing the current buffer. */ recno++; if (record_mode) { xfree (buffer); buffer = NULL; err = select_and_read_record (app, 0, recno, "PuKDF", &buffer, &buflen, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; goto leave; } p = buffer; n = buflen; } } /* End looping over all records. */ leave: xfree (authid); xfree (label); xfree (objid); xfree (buffer); if (err) release_pukdflist (pukdflist); else *result = pukdflist; return err; } /* Read and parse the Certificate Directory Files identified by FID. On success a newlist of CDF object gets stored at RESULT and the caller is then responsible of releasing this list. On error a error code is returned and RESULT won't get changed. */ static gpg_error_t read_ef_cdf (app_t app, unsigned short fid, int cdftype, cdf_object_t *result) { gpg_error_t err; unsigned char *buffer; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; cdf_object_t cdflist = NULL; int i; int recno = 1; unsigned char *authid = NULL; size_t authidlen = 0; char *label = NULL; int record_mode; err = read_first_record (app, fid, "CDF", &buffer, &buflen, &record_mode); if (err) return err; p = buffer; n = buflen; /* Loop over the records. We stop as soon as we detect a new record starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ while (n && *p && *p != 0xff) { const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; cdf_object_t cdf = NULL; unsigned long ul; const unsigned char *objid; size_t objidlen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { log_error ("p15: error parsing CDF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; nn = objlen; p += objlen; n -= objlen; /* Parse the commonObjectAttributes. */ where = __LINE__; xfree (authid); xfree (label); err = parse_common_obj_attr (&pp, &nn, &authid, &authidlen, &label); if (err) goto parse_error; /* Parse the commonCertificateAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; /* Get the Id. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; objid = ppp; objidlen = objlen; } /* Parse the certAttribute. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* Check that the reference is a Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { errstr = "unsupported reference type"; goto parse_error; } nn = objlen; /* Parse the Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* Make sure that the next element is a non zero path and of even length (FID are two bytes each). */ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING || !objlen || (objlen & 1) ) { errstr = "invalid path reference"; goto parse_error; } /* Create a new CDF list item. */ cdf = xtrycalloc (1, (sizeof *cdf - sizeof(unsigned short) + objlen/2 * sizeof(unsigned short))); if (!cdf) { err = gpg_error_from_syserror (); goto leave; } if (authid) { cdf->authidlen = authidlen; cdf->authid = authid; authid = NULL; } if (label) { cdf->label = label; label = NULL; } cdf->objidlen = objidlen; cdf->objid = xtrymalloc (objidlen); if (!cdf->objid) { err = gpg_error_from_syserror (); xfree (cdf); goto leave; } memcpy (cdf->objid, objid, objidlen); cdf->pathlen = objlen/2; for (i=0; i < cdf->pathlen; i++, pp += 2, nn -= 2) cdf->path[i] = ((pp[0] << 8) | pp[1]); if (nn) { /* An index and length follows. */ cdf->have_off = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } cdf->off = ul; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 0)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } cdf->len = ul; } if (opt.verbose) { log_info ("p15: CDF-%c %04hX: id=", cdftype, fid); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); if (cdf->label) log_printf (" (%s)", cdf->label); log_info ("p15: path="); for (i=0; i < cdf->pathlen; i++) log_printf ("%s%04hX", i?"/":"", cdf->path[i]); if (cdf->have_off) log_printf ("[%lu/%lu]", cdf->off, cdf->len); if (cdf->authid) { log_printf (" authid="); for (i=0; i < cdf->authidlen; i++) log_printf ("%02X", cdf->authid[i]); } log_printf ("\n"); } /* Put it into the list. */ cdf->next = cdflist; cdflist = cdf; cdf = NULL; goto next_record; /* Ready with this record. */ parse_error: log_error ("p15: error parsing CDF record at %d: %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); xfree (cdf); err = 0; next_record: xfree (authid); xfree (label); /* If the card uses a record oriented file structure, read the * next record. Otherwise we keep on parsing the current buffer. */ recno++; if (record_mode) { xfree (buffer); buffer = NULL; err = select_and_read_record (app, 0, recno, "CDF", &buffer, &buflen, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; goto leave; } p = buffer; n = buflen; } } /* End loop over all records. */ leave: xfree (authid); xfree (label); xfree (buffer); if (err) release_cdflist (cdflist); else *result = cdflist; return err; } /* SEQUENCE { SEQUENCE { -- CommonObjectAttributes UTF8String 'specific PIN for DS' BIT STRING 0 unused bits '00000011'B } SEQUENCE { -- CommonAuthenticationObjectAttributes OCTET STRING 07 -- iD } [1] { -- typeAttributes SEQUENCE { -- PinAttributes BIT STRING 0 unused bits '0000100000110010'B -- local,initialized,needs-padding -- exchangeRefData ENUMERATED 1 -- ascii-numeric INTEGER 6 -- minLength INTEGER 6 -- storedLength INTEGER 8 -- maxLength [0] 02 -- pinReference GeneralizedTime 19/04/2002 12:12 GMT -- lastPinChange SEQUENCE { OCTET STRING 3F 00 40 16 -- path to DF of PIN } } } } */ /* Read and parse an Authentication Object Directory File identified by FID. On success a newlist of AODF objects gets stored at RESULT and the caller is responsible of releasing this list. On error a error code is returned and RESULT won't get changed. */ static gpg_error_t read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) { gpg_error_t err; unsigned char *buffer; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; aodf_object_t aodflist = NULL; int i; int recno = 1; int record_mode; err = read_first_record (app, fid, "AODF", &buffer, &buflen, &record_mode); if (err) return err; p = buffer; n = buflen; /* Loop over the records. We stop as soon as we detect a new record starting with 0x00 or 0xff as these values are commonly used to pad data blocks and are no valid ASN.1 encoding. Note the special handling for record mode at the end of the loop. */ while (n && *p && *p != 0xff) { const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; aodf_object_t aodf = NULL; unsigned long ul; const char *s; where = __LINE__; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (objlen > n) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* PinAttributes */ else if (class == CLASS_CONTEXT) { switch (tag) { case 0: errstr = "biometric auth types are not supported"; break; case 1: errstr = "authKey auth types are not supported"; break; case 2: errstr = "external auth type are not supported"; break; default: errstr = "unknown privateKeyObject"; break; } goto parse_error; } else { err = gpg_error (GPG_ERR_INV_OBJ); goto parse_error; } if (err) { log_error ("p15: error parsing AODF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; nn = objlen; p += objlen; n -= objlen; /* Allocate memory for a new AODF list item. */ aodf = xtrycalloc (1, sizeof *aodf); if (!aodf) goto no_core; aodf->fid = fid; /* Parse the commonObjectAttributes. */ where = __LINE__; err = parse_common_obj_attr (&pp, &nn, &aodf->authid, &aodf->authidlen, &aodf->label); if (err) goto parse_error; /* Parse the CommonAuthenticationObjectAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; /* Get the Id. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; aodf->objidlen = objlen; aodf->objid = xtrymalloc (objlen); if (!aodf->objid) goto no_core; memcpy (aodf->objid, ppp, objlen); } /* Parse the typeAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) ; else if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); else if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE) ; /* A typeAttribute always starts with a sequence */ else err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* PinFlags */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || !objlen || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { unsigned int bits, mask; int unused, full; unused = *pp++; nn--; objlen--; if ((!objlen && unused) || unused/8 > objlen) { err = gpg_error (GPG_ERR_ENCODING_PROBLEM); goto parse_error; } full = objlen - (unused+7)/8; unused %= 8; mask = 0; for (i=1; unused; i <<= 1, unused--) mask |= i; /* The first octet */ bits = 0; if (objlen) { bits = *pp++; nn--; objlen--; if (full) full--; else { bits &= ~mask; mask = 0; } } if ((bits & 0x80)) /* ASN.1 bit 0. */ aodf->pinflags.case_sensitive = 1; if ((bits & 0x40)) /* ASN.1 bit 1. */ aodf->pinflags.local = 1; if ((bits & 0x20)) aodf->pinflags.change_disabled = 1; if ((bits & 0x10)) aodf->pinflags.unblock_disabled = 1; if ((bits & 0x08)) aodf->pinflags.initialized = 1; if ((bits & 0x04)) aodf->pinflags.needs_padding = 1; if ((bits & 0x02)) aodf->pinflags.unblocking_pin = 1; if ((bits & 0x01)) aodf->pinflags.so_pin = 1; /* The second octet. */ bits = 0; if (objlen) { bits = *pp++; nn--; objlen--; if (full) full--; else { bits &= ~mask; } } if ((bits & 0x80)) aodf->pinflags.disable_allowed = 1; if ((bits & 0x40)) aodf->pinflags.integrity_protected = 1; if ((bits & 0x20)) aodf->pinflags.confidentiality_protected = 1; if ((bits & 0x10)) aodf->pinflags.exchange_ref_data = 1; /* Skip remaining bits. */ pp += objlen; nn -= objlen; } /* PinType */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_ENUMERATED)) err = gpg_error (GPG_ERR_INV_OBJ); if (!err && objlen > sizeof (ul)) err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } aodf->pintype = ul; /* minLength */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (!err && objlen > sizeof (ul)) err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } aodf->min_length = ul; /* storedLength */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (!err && objlen > sizeof (ul)) err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } aodf->stored_length = ul; /* optional maxLength */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto ready; if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER) { if (objlen > sizeof (ul)) { err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING); goto parse_error; } for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } aodf->max_length = ul; aodf->max_length_valid = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto ready; if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } /* Optional pinReference. */ if (class == CLASS_CONTEXT && tag == 0) { if (objlen > sizeof (ul)) { err = gpg_error (GPG_ERR_UNSUPPORTED_ENCODING); goto parse_error; } for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*pp++) & 0xff; nn--; } aodf->pin_reference = ul; aodf->pin_reference_valid = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto ready; if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } /* Optional padChar. */ if (class == CLASS_UNIVERSAL && tag == TAG_OCTET_STRING) { if (objlen != 1) { errstr = "padChar is not of size(1)"; goto parse_error; } aodf->pad_char = *pp++; nn--; aodf->pad_char_valid = 1; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto ready; if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } /* Skip optional lastPinChange. */ if (class == CLASS_UNIVERSAL && tag == TAG_GENERALIZED_TIME) { pp += objlen; nn -= objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto ready; if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } /* Optional Path object. */ if (class == CLASS_UNIVERSAL || tag == TAG_SEQUENCE) { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* Make sure that the next element is a non zero FID and of even length (FID are two bytes each). */ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING || !objlen || (objlen & 1) ) { errstr = "invalid path reference"; goto parse_error; } aodf->pathlen = objlen/2; aodf->path = xtrycalloc (aodf->pathlen, sizeof *aodf->path); if (!aodf->path) goto no_core; for (i=0; i < aodf->pathlen; i++, ppp += 2, nnn -= 2) aodf->path[i] = ((ppp[0] << 8) | ppp[1]); if (nnn) { /* An index and length follows. */ aodf->have_off = 1; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*ppp++) & 0xff; nnn--; } aodf->off = ul; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_CONTEXT || tag != 0)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*ppp++) & 0xff; nnn--; } aodf->len = ul; } } /* Ignore further objects which might be there due to future extensions of pkcs#15. */ ready: if (gpg_err_code (err) == GPG_ERR_EOF) err = 0; if (opt.verbose) { log_info ("p15: AODF %04hX: id=", fid); for (i=0; i < aodf->objidlen; i++) log_printf ("%02X", aodf->objid[i]); if (aodf->label) log_printf (" (%s)", aodf->label); log_info ("p15: "); if (aodf->pathlen) { log_printf (" path="); for (i=0; i < aodf->pathlen; i++) log_printf ("%s%04hX", i?"/":"",aodf->path[i]); if (aodf->have_off) log_printf ("[%lu/%lu]", aodf->off, aodf->len); } if (aodf->authid) { log_printf (" authid="); for (i=0; i < aodf->authidlen; i++) log_printf ("%02X", aodf->authid[i]); } if (aodf->pin_reference_valid) log_printf (" pinref=0x%02lX", aodf->pin_reference); log_printf (" min=%lu", aodf->min_length); log_printf (" stored=%lu", aodf->stored_length); if (aodf->max_length_valid) log_printf (" max=%lu", aodf->max_length); if (aodf->pad_char_valid) log_printf (" pad=0x%02x", aodf->pad_char); log_info ("p15: flags="); s = ""; if (aodf->pinflags.case_sensitive) log_printf ("%scase_sensitive", s), s = ","; if (aodf->pinflags.local) log_printf ("%slocal", s), s = ","; if (aodf->pinflags.change_disabled) log_printf ("%schange_disabled", s), s = ","; if (aodf->pinflags.unblock_disabled) log_printf ("%sunblock_disabled", s), s = ","; if (aodf->pinflags.initialized) log_printf ("%sinitialized", s), s = ","; if (aodf->pinflags.needs_padding) log_printf ("%sneeds_padding", s), s = ","; if (aodf->pinflags.unblocking_pin) log_printf ("%sunblocking_pin", s), s = ","; if (aodf->pinflags.so_pin) log_printf ("%sso_pin", s), s = ","; if (aodf->pinflags.disable_allowed) log_printf ("%sdisable_allowed", s), s = ","; if (aodf->pinflags.integrity_protected) log_printf ("%sintegrity_protected", s), s = ","; if (aodf->pinflags.confidentiality_protected) log_printf ("%sconfidentiality_protected", s), s = ","; if (aodf->pinflags.exchange_ref_data) log_printf ("%sexchange_ref_data", s), s = ","; { char numbuf[50]; const char *s2; switch (aodf->pintype) { case PIN_TYPE_BCD: s2 = "bcd"; break; case PIN_TYPE_ASCII_NUMERIC: s2 = "ascii-numeric"; break; case PIN_TYPE_UTF8: s2 = "utf8"; break; case PIN_TYPE_HALF_NIBBLE_BCD: s2 = "half-nibble-bcd"; break; case PIN_TYPE_ISO9564_1: s2 = "iso9564-1"; break; default: sprintf (numbuf, "%lu", (unsigned long)aodf->pintype); s2 = numbuf; } log_printf ("%stype=%s", s, s2); s = ","; } log_printf ("\n"); } /* Put it into the list. */ aodf->next = aodflist; aodflist = aodf; aodf = NULL; goto next_record; /* Ready with this record. */ no_core: err = gpg_error_from_syserror (); release_aodf_object (aodf); goto leave; parse_error: log_error ("p15: error parsing AODF record at %d: %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); err = 0; release_aodf_object (aodf); next_record: /* If the card uses a record oriented file structure, read the * next record. Otherwise we keep on parsing the current buffer. */ recno++; if (record_mode) { xfree (buffer); buffer = NULL; err = select_and_read_record (app, 0, recno, "AODF", &buffer, &buflen, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) err = 0; goto leave; } p = buffer; n = buflen; } } /* End looping over all records. */ leave: xfree (buffer); if (err) release_aodflist (aodflist); else *result = aodflist; return err; } /* Print the BIT STRING with the tokenflags from the TokenInfo. */ static void print_tokeninfo_tokenflags (const unsigned char *der, size_t derlen) { unsigned int bits, mask; int i, unused, full; int other = 0; if (!derlen) { log_printf (" [invalid object]"); return; } unused = *der++; derlen--; if ((!derlen && unused) || unused/8 > derlen) { log_printf (" [wrong encoding]"); return; } full = derlen - (unused+7)/8; unused %= 8; mask = 0; for (i=1; unused; i <<= 1, unused--) mask |= i; /* First octet */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; mask = 0; } } else bits = 0; if ((bits & 0x80)) log_printf (" readonly"); if ((bits & 0x40)) log_printf (" loginRequired"); if ((bits & 0x20)) log_printf (" prnGeneration"); if ((bits & 0x10)) log_printf (" eidCompliant"); if ((bits & 0x08)) other = 1; if ((bits & 0x04)) other = 1; if ((bits & 0x02)) other = 1; if ((bits & 0x01)) other = 1; /* Next octet. */ if (derlen) other = 1; if (other) log_printf (" [unknown]"); } /* Read and parse the EF(TokenInfo). * * TokenInfo ::= SEQUENCE { * version INTEGER {v1(0)} (v1,...), * serialNumber OCTET STRING, * manufacturerID Label OPTIONAL, * label [0] Label OPTIONAL, * tokenflags TokenFlags, * seInfo SEQUENCE OF SecurityEnvironmentInfo OPTIONAL, * recordInfo [1] RecordInfo OPTIONAL, * supportedAlgorithms [2] SEQUENCE OF AlgorithmInfo OPTIONAL, * ..., * issuerId [3] Label OPTIONAL, * holderId [4] Label OPTIONAL, * lastUpdate [5] LastUpdate OPTIONAL, * preferredLanguage PrintableString OPTIONAL -- In accordance with * -- IETF RFC 1766 * } (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --}) * * TokenFlags ::= BIT STRING { * readOnly (0), * loginRequired (1), * prnGeneration (2), * eidCompliant (3) * } * * * Sample EF 5032: * 30 31 02 01 00 04 04 05 45 36 9F 0C 0C 44 2D 54 01......E6...D-T * 72 75 73 74 20 47 6D 62 48 80 14 4F 66 66 69 63 rust GmbH..Offic * 65 20 69 64 65 6E 74 69 74 79 20 63 61 72 64 03 e identity card. * 02 00 40 20 63 61 72 64 03 02 00 40 00 00 00 00 ..@ card...@.... * 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ * * 0 49: SEQUENCE { * 2 1: INTEGER 0 * 5 4: OCTET STRING 05 45 36 9F * 11 12: UTF8String 'D-Trust GmbH' * 25 20: [0] 'Office identity card' * 47 2: BIT STRING * : '00000010'B (bit 1) * : Error: Spurious zero bits in bitstring. * : } */ static gpg_error_t read_ef_tokeninfo (app_t app) { gpg_error_t err; unsigned char *buffer = NULL; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; unsigned long ul; xfree (app->app_local->manufacturer_id); app->app_local->manufacturer_id = NULL; app->app_local->card_product = CARD_PRODUCT_UNKNOWN; err = select_and_read_binary (app, 0x5032, "TokenInfo", &buffer, &buflen); if (err) return err; p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { log_error ("p15: error parsing TokenInfo: %s\n", gpg_strerror (err)); goto leave; } n = objlen; /* Version. */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_INTEGER)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*p++) & 0xff; n--; } if (ul) { log_error ("p15: invalid version %lu in TokenInfo\n", ul); err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } /* serialNumber. */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_OCTET_STRING || !objlen)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; xfree (app->app_local->serialno); app->app_local->serialno = xtrymalloc (objlen); if (!app->app_local->serialno) { err = gpg_error_from_syserror (); goto leave; } memcpy (app->app_local->serialno, p, objlen); app->app_local->serialnolen = objlen; p += objlen; n -= objlen; /* Is there an optional manufacturerID? */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || !objlen)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; if (class == CLASS_UNIVERSAL && tag == TAG_UTF8_STRING) { app->app_local->manufacturer_id = percent_data_escape (0, NULL, p, objlen); p += objlen; n -= objlen; /* Get next TLV. */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || !objlen)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } if (class == CLASS_CONTEXT && tag == 0) { app->app_local->token_label = percent_data_escape (0, NULL, p, objlen); p += objlen; n -= objlen; /* Get next TLV. */ err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || !objlen)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto leave; } /* The next is the mandatory tokenflags object. */ if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING) { app->app_local->tokenflagslen = objlen; app->app_local->tokenflags = xtrymalloc (objlen); if (!app->app_local->tokenflags) { err = gpg_error_from_syserror (); goto leave; } memcpy (app->app_local->tokenflags, p, objlen); p += objlen; n -= objlen; } leave: xfree (buffer); return err; } /* Get all the basic information from the pkcs#15 card, check the structure and initialize our local context. This is used once at application initialization. */ static gpg_error_t read_p15_info (app_t app) { gpg_error_t err; prkdf_object_t prkdf; unsigned int flag; if (!read_ef_tokeninfo (app)) { /* If we don't have a serial number yet but the TokenInfo provides one, use that. */ if (!APP_CARD(app)->serialno && app->app_local->serialno) { APP_CARD(app)->serialno = app->app_local->serialno; APP_CARD(app)->serialnolen = app->app_local->serialnolen; app->app_local->serialno = NULL; app->app_local->serialnolen = 0; err = app_munge_serialno (APP_CARD(app)); if (err) return err; } } /* Read the ODF so that we know the location of all directory files. */ /* Fixme: We might need to get a non-standard ODF FID from TokenInfo. */ err = read_ef_odf (app, 0x5031); if (err) return err; /* Read certificate information. */ - assert (!app->app_local->certificate_info); - assert (!app->app_local->trusted_certificate_info); - assert (!app->app_local->useful_certificate_info); + log_assert (!app->app_local->certificate_info); + log_assert (!app->app_local->trusted_certificate_info); + log_assert (!app->app_local->useful_certificate_info); err = read_ef_cdf (app, app->app_local->odf.certificates, 'c', &app->app_local->certificate_info); if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA) err = read_ef_cdf (app, app->app_local->odf.trusted_certificates, 't', &app->app_local->trusted_certificate_info); if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA) err = read_ef_cdf (app, app->app_local->odf.useful_certificates, 'u', &app->app_local->useful_certificate_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; if (err) return err; /* Read information about public keys. */ - assert (!app->app_local->public_key_info); + log_assert (!app->app_local->public_key_info); err = read_ef_pukdf (app, app->app_local->odf.public_keys, &app->app_local->public_key_info); if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA) err = read_ef_pukdf (app, app->app_local->odf.trusted_public_keys, &app->app_local->public_key_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; if (err) return err; /* Read information about private keys. */ - assert (!app->app_local->private_key_info); + log_assert (!app->app_local->private_key_info); err = read_ef_prkdf (app, app->app_local->odf.private_keys, &app->app_local->private_key_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; if (err) return err; /* Read information about authentication objects. */ - assert (!app->app_local->auth_object_info); + log_assert (!app->app_local->auth_object_info); err = read_ef_aodf (app, app->app_local->odf.auth_objects, &app->app_local->auth_object_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; /* See whether we can extend the private key information using * information from certificates. We use only the first matching * certificate; if we want to change this strategy we should walk * over the certificates and then find the corresponsing private key * objects. */ app->app_local->any_gpgusage = 0; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { cdf_object_t cdf; char *extusage; char *p, *pend; int seen; if (opt.debug) log_printhex (prkdf->objid, prkdf->objidlen, "p15: prkdf id="); if (cdf_object_from_objid (app, prkdf->objidlen, prkdf->objid, &cdf)) continue; /* No matching certificate. */ if (!cdf->cert) /* Read and parse the certificate. */ readcert_by_cdf (app, cdf, NULL, NULL); if (!cdf->cert) continue; /* Unsupported or broken certificate. */ if (ksba_cert_get_ext_key_usages (cdf->cert, &extusage)) continue; /* No extended key usage attribute. */ if (opt.debug) log_debug ("p15: ExtKeyUsages: %s\n", extusage); p = extusage; while (p && (pend=strchr (p, ':'))) { *pend++ = 0; if ( *pend == 'C' ) /* Look only at critical usages. */ { prkdf->extusage.valid = 1; seen = 1; if (!strcmp (p, oid_kp_codeSigning) || !strcmp (p, oid_kp_timeStamping) || !strcmp (p, oid_kp_ocspSigning) || !strcmp (p, oid_kp_ms_documentSigning) || !strcmp (p, oid_kp_ms_old_documentSigning)) prkdf->extusage.sign = 1; else if (!strcmp (p, oid_kp_emailProtection)) prkdf->extusage.encr = 1; else if (!strcmp (p, oid_kp_serverAuth) || !strcmp (p, oid_kp_clientAuth) || !strcmp (p, oid_kp_ms_smartcardLogon)) prkdf->extusage.auth = 1; else if (!strcmp (p, oid_kp_anyExtendedKeyUsage)) { prkdf->extusage.sign = 1; prkdf->extusage.encr = 1; prkdf->extusage.auth = 1; } else seen = 0; } else seen = 0; /* Now check the gpg Usage. Here we don't care about * critical or non-critical here. */ if (seen) ; /* No more need to look for other caps. */ else if (!strcmp (p, oid_kp_gpgUsageCert)) { prkdf->gpgusage.cert = 1; prkdf->gpgusage.any = 1; app->app_local->any_gpgusage = 1; } else if (!strcmp (p, oid_kp_gpgUsageSign)) { prkdf->gpgusage.sign = 1; prkdf->gpgusage.any = 1; app->app_local->any_gpgusage = 1; } else if (!strcmp (p, oid_kp_gpgUsageEncr)) { prkdf->gpgusage.encr = 1; prkdf->gpgusage.any = 1; app->app_local->any_gpgusage = 1; } else if (!strcmp (p, oid_kp_gpgUsageAuth)) { prkdf->gpgusage.auth = 1; prkdf->gpgusage.any = 1; app->app_local->any_gpgusage = 1; } /* Skip to next item. */ if ((p = strchr (pend, '\n'))) p++; } xfree (extusage); } /* See whether we can figure out something about the card. */ if (!app->app_local->card_product && app->app_local->manufacturer_id && !strcmp (app->app_local->manufacturer_id, "www.atos.net/cardos") && IS_CARDOS_5 (app)) { /* This is a modern CARDOS card. */ flag = 0; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { if (prkdf->label && !strcmp (prkdf->label, "IdentityKey") && prkdf->key_reference_valid && prkdf->key_reference == 1 && !prkdf->authid) flag |= 1; else if (prkdf->label && !strcmp (prkdf->label, "TransportKey") && prkdf->key_reference_valid && prkdf->key_reference==2 && prkdf->authid) flag |= 2; } if (flag == 3) app->app_local->card_product = CARD_PRODUCT_RSCS; } if (!app->app_local->card_product && app->app_local->token_label && !strcmp (app->app_local->token_label, "D-TRUST Card V3") && app->app_local->card_type == CARD_TYPE_CARDOS_50) { app->app_local->card_product = CARD_PRODUCT_DTRUST; } /* Now print the info about the PrKDF. */ if (opt.verbose) { int i; unsigned char *atr; size_t atrlen; const char *cardstr; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { log_info ("p15: PrKDF %04hX: id=", app->app_local->odf.private_keys); for (i=0; i < prkdf->objidlen; i++) log_printf ("%02X", prkdf->objid[i]); if (prkdf->label) log_printf (" (%s)", prkdf->label); log_info ("p15: path="); for (i=0; i < prkdf->pathlen; i++) log_printf ("%s%04hX", i?"/":"",prkdf->path[i]); if (prkdf->have_off) log_printf ("[%lu/%lu]", prkdf->off, prkdf->len); if (prkdf->authid) { log_printf (" authid="); for (i=0; i < prkdf->authidlen; i++) log_printf ("%02X", prkdf->authid[i]); } if (prkdf->key_reference_valid) log_printf (" keyref=0x%02lX", prkdf->key_reference); log_printf (" type=%s", prkdf->is_ecc? "ecc":"rsa"); if (prkdf->accessflags.any) dump_keyaccess_flags (prkdf->accessflags); dump_keyusage_flags (prkdf->usageflags); if (prkdf->extusage.valid) log_info ("p15: extusage=%s%s%s%s%s", prkdf->extusage.sign? "sign":"", (prkdf->extusage.sign && prkdf->extusage.encr)?",":"", prkdf->extusage.encr? "encr":"", ((prkdf->extusage.sign || prkdf->extusage.encr) && prkdf->extusage.auth)?",":"", prkdf->extusage.auth? "auth":""); if (prkdf->gpgusage.any) dump_gpgusage_flags (prkdf->gpgusage); log_printf ("\n"); } log_info ("p15: TokenInfo:\n"); if (app->app_local->serialno) { log_info ("p15: serialNumber .: "); log_printhex (app->app_local->serialno, app->app_local->serialnolen, ""); } else if (APP_CARD(app)->serialno) { log_info ("p15: serialNumber .: "); log_printhex (APP_CARD(app)->serialno, APP_CARD(app)->serialnolen, ""); } if (app->app_local->manufacturer_id) log_info ("p15: manufacturerID: %s\n", app->app_local->manufacturer_id); if (app->app_local->card_product) { cardstr = cardproduct2str (app->app_local->card_product); log_info ("p15: product ......: %d%s%s%s\n", app->app_local->card_product, *cardstr? " (":"", cardstr, *cardstr? ")":""); } if (app->app_local->token_label) log_info ("p15: label ........: %s\n", app->app_local->token_label); if (app->app_local->tokenflags) { log_info ("p15: tokenflags ...:"); print_tokeninfo_tokenflags (app->app_local->tokenflags, app->app_local->tokenflagslen); log_printf ("\n"); } log_info ("p15: atr ..........: "); atr = apdu_get_atr (app_get_slot (app), &atrlen); if (!atr) log_printf ("[error]\n"); else { log_printhex (atr, atrlen, ""); xfree (atr); } cardstr = cardtype2str (app->app_local->card_type); log_info ("p15: cardtype .....: %d%s%s%s\n", app->app_local->card_type, *cardstr? " (":"", cardstr, *cardstr? ")":""); } return err; } /* Helper to do_learn_status: Send information about all certificates listed in CERTINFO back. Use CERTTYPE as type of the certificate. */ static gpg_error_t send_certinfo (app_t app, ctrl_t ctrl, const char *certtype, cdf_object_t certinfo) { for (; certinfo; certinfo = certinfo->next) { char *buf, *p; const char *label; char *labelbuf; buf = xtrymalloc (9 + certinfo->objidlen*2 + 1); if (!buf) return gpg_error_from_syserror (); p = stpcpy (buf, "P15"); if (app->app_local->home_df != DEFAULT_HOME_DF) { snprintf (p, 6, "-%04X", (unsigned int)(app->app_local->home_df & 0xffff)); p += 5; } p = stpcpy (p, "."); bin2hex (certinfo->objid, certinfo->objidlen, p); label = (certinfo->label && *certinfo->label)? certinfo->label : "-"; labelbuf = percent_data_escape (0, NULL, label, strlen (label)); if (!labelbuf) { xfree (buf); return gpg_error_from_syserror (); } send_status_info (ctrl, "CERTINFO", certtype, strlen (certtype), buf, strlen (buf), labelbuf, strlen (labelbuf), NULL, (size_t)0); xfree (buf); } return 0; } /* Get the keygrip of the private key object PRKDF. On success the * keygrip, the algo and the length are stored in the KEYGRIP, * KEYALGO, and KEYNBITS fields of the PRKDF object. */ static gpg_error_t keygrip_from_prkdf (app_t app, prkdf_object_t prkdf) { gpg_error_t err; cdf_object_t cdf; unsigned char *der; size_t derlen; ksba_cert_t cert; gcry_sexp_t s_pkey = NULL; /* Easy if we got a cached version. */ if (prkdf->keygrip_valid) return 0; xfree (prkdf->common_name); prkdf->common_name = NULL; xfree (prkdf->serial_number); prkdf->serial_number = NULL; /* FIXME: We should check whether a public key directory file and a matching public key for PRKDF is available. This should make extraction of the key much easier. My current test card doesn't have one, so we can only use the fallback solution by looking for a matching certificate and extract the key from there. */ /* Look for a matching certificate. A certificate matches if the Id matches the one of the private key info. */ for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == prkdf->objidlen && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen)) break; if (!cdf) for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == prkdf->objidlen && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen)) break; if (!cdf) for (cdf = app->app_local->useful_certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == prkdf->objidlen && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen)) break; if (!cdf) { err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } err = readcert_by_cdf (app, cdf, &der, &derlen); if (err) goto leave; err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, der, derlen); xfree (der); if (!err) err = app_help_get_keygrip_string (cert, prkdf->keygrip, &s_pkey, NULL); if (!err && !prkdf->gpgusage.any) { /* Try to get the CN and the SerialNumber from the certificate; * we use a very simple approach here which should work in many * cases. Eventually we should add a rfc-2253 parser into * libksba to make it easier to parse such a string. * We don't do this if this is marked as gpg key and thus * has only a dummy certificate. * * First example string: * "CN=Otto Schily,O=Miniluv,C=DE" * Second example string: * "2.5.4.5=#445452323030303236333531,2.5.4.4=#4B6F6368," * "2.5.4.42=#5765726E6572,CN=Werner Koch,OU=For testing" * " purposes only!,O=Testorganisation,C=DE" */ char *dn = ksba_cert_get_subject (cert, 0); if (dn) { char *p, *pend, *buf; p = strstr (dn, "CN="); if (p && (p==dn || p[-1] == ',')) { p += 3; if (!(pend = strchr (p, ','))) pend = p + strlen (p); if (pend && pend > p && (prkdf->common_name = xtrymalloc ((pend - p) + 1))) { memcpy (prkdf->common_name, p, pend-p); prkdf->common_name[pend-p] = 0; } } p = strstr (dn, "2.5.4.5=#"); /* OID of the SerialNumber */ if (p && (p==dn || p[-1] == ',')) { p += 9; if (!(pend = strchr (p, ','))) pend = p + strlen (p); if (pend && pend > p && (buf = xtrymalloc ((pend - p) + 1))) { memcpy (buf, p, pend-p); buf[pend-p] = 0; if (!hex2str (buf, buf, strlen (buf)+1, NULL)) xfree (buf); /* Invalid hex encoding. */ else prkdf->serial_number = buf; } } ksba_free (dn); } } if (!err && !prkdf->keytime) { ksba_isotime_t isot; time_t t; ksba_cert_get_validity (cert, 0, isot); t = isotime2epoch (isot); prkdf->keytime = (t == (time_t)(-1))? 0 : (u32)t; } if (!err && !prkdf->keyalgostr) prkdf->keyalgostr = pubkey_algo_string (s_pkey, NULL); ksba_cert_release (cert); if (err) goto leave; prkdf->keyalgo = get_pk_algo_from_key (s_pkey); if (!prkdf->keyalgo) { err = gpg_error (GPG_ERR_PUBKEY_ALGO); goto leave; } prkdf->keynbits = gcry_pk_get_nbits (s_pkey); if (!prkdf->keynbits) { err = gpg_error (GPG_ERR_PUBKEY_ALGO); goto leave; } prkdf->keygrip_valid = 1; /* Yeah, got everything. */ leave: gcry_sexp_release (s_pkey); return err; } /* Return a malloced keyref string for PRKDF. Returns NULL on * malloc failure. */ static char * keyref_from_prkdf (app_t app, prkdf_object_t prkdf) { char *buf, *p; buf = xtrymalloc (4 + 5 + prkdf->objidlen*2 + 1); if (!buf) return NULL; p = stpcpy (buf, "P15"); if (app->app_local->home_df != DEFAULT_HOME_DF) { snprintf (p, 6, "-%04X", (unsigned int)(app->app_local->home_df & 0xffff)); p += 5; } p = stpcpy (p, "."); bin2hex (prkdf->objid, prkdf->objidlen, p); return buf; } /* Helper to do_learn_status: Send information about all known keypairs back. FIXME: much code duplication from send_certinfo(). */ static gpg_error_t send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t prkdf) { gpg_error_t err; for (; prkdf; prkdf = prkdf->next) { char *buf; int j; buf = keyref_from_prkdf (app, prkdf); if (!buf) return gpg_error_from_syserror (); err = keygrip_from_prkdf (app, prkdf); if (err) { log_error ("p15: error getting keygrip from "); for (j=0; j < prkdf->pathlen; j++) log_printf ("%s%04hX", j?"/":"", prkdf->path[j]); log_printf (": %s\n", gpg_strerror (err)); } else { char usage[5]; char keytime[20]; const char *algostr; size_t usagelen = 0; if (prkdf->gpgusage.any) { if (prkdf->gpgusage.sign) usage[usagelen++] = 's'; if (prkdf->gpgusage.cert) usage[usagelen++] = 'c'; if (prkdf->gpgusage.encr) usage[usagelen++] = 'e'; if (prkdf->gpgusage.auth) usage[usagelen++] = 'a'; } else { if ((prkdf->usageflags.sign || prkdf->usageflags.sign_recover || prkdf->usageflags.non_repudiation) && (!prkdf->extusage.valid || prkdf->extusage.sign)) usage[usagelen++] = 's'; if ((prkdf->usageflags.sign || prkdf->usageflags.sign_recover) && (!prkdf->extusage.valid || prkdf->extusage.sign)) usage[usagelen++] = 'c'; if ((prkdf->usageflags.decrypt || prkdf->usageflags.unwrap) && (!prkdf->extusage.valid || prkdf->extusage.encr)) usage[usagelen++] = 'e'; if ((prkdf->usageflags.sign || prkdf->usageflags.sign_recover) && (!prkdf->extusage.valid || prkdf->extusage.auth)) usage[usagelen++] = 'a'; } log_assert (strlen (prkdf->keygrip) == 40); if (prkdf->keytime) snprintf (keytime, sizeof keytime, "%lu", (unsigned long)prkdf->keytime); else strcpy (keytime, "-"); algostr = prkdf->keyalgostr; send_status_info (ctrl, "KEYPAIRINFO", prkdf->keygrip, 2*KEYGRIP_LEN, buf, strlen (buf), usage, usagelen, keytime, strlen (keytime), algostr, strlen (algostr?algostr:""), NULL, (size_t)0); } xfree (buf); } return 0; } /* This is the handler for the LEARN command. */ static gpg_error_t do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) { gpg_error_t err; if ((flags & APP_LEARN_FLAG_KEYPAIRINFO)) err = 0; else { err = do_getattr (app, ctrl, "MANUFACTURER"); if (!err) err = send_certinfo (app, ctrl, "100", app->app_local->certificate_info); if (!err) err = send_certinfo (app, ctrl, "101", app->app_local->trusted_certificate_info); if (!err) err = send_certinfo (app, ctrl, "102", app->app_local->useful_certificate_info); } if (!err) err = send_keypairinfo (app, ctrl, app->app_local->private_key_info); if (!err) err = do_getattr (app, ctrl, "CHV-STATUS"); if (!err) err = do_getattr (app, ctrl, "CHV-LABEL"); return err; } /* Read a certificate using the information in CDF and return the * certificate in a newly malloced buffer R_CERT and its length * R_CERTLEN. Also parses the certificate. R_CERT and R_CERTLEN may * be NULL to do just the caching. */ static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf, unsigned char **r_cert, size_t *r_certlen) { gpg_error_t err; unsigned char *buffer = NULL; const unsigned char *p, *save_p; size_t buflen, n; int class, tag, constructed, ndef; size_t totobjlen, objlen, hdrlen; int rootca; int i; if (r_cert) *r_cert = NULL; if (r_certlen) *r_certlen = 0; /* First check whether it has been cached. */ if (cdf->cert) { const unsigned char *image; size_t imagelen; if (!r_cert || !r_certlen) return 0; /* Caller does not actually want the result. */ image = ksba_cert_get_image (cdf->cert, &imagelen); if (!image) { log_error ("p15: ksba_cert_get_image failed\n"); return gpg_error (GPG_ERR_INTERNAL); } *r_cert = xtrymalloc (imagelen); if (!*r_cert) return gpg_error_from_syserror (); memcpy (*r_cert, image, imagelen); *r_certlen = imagelen; return 0; } /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ err = select_ef_by_path (app, cdf->path, cdf->pathlen); if (err) goto leave; err = iso7816_read_binary_ext (app_get_slot (app), 1, cdf->off, cdf->len, &buffer, &buflen, NULL); if (!err && (!buflen || *buffer == 0xff)) err = gpg_error (GPG_ERR_NOT_FOUND); if (err) { log_error ("p15: error reading certificate id="); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); log_printf (" at "); for (i=0; i < cdf->pathlen; i++) log_printf ("%s%04hX", i? "/":"", cdf->path[i]); log_printf (": %s\n", gpg_strerror (err)); goto leave; } /* Check whether this is really a certificate. */ p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) rootca = 0; else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed ) rootca = 1; else { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } totobjlen = objlen + hdrlen; log_assert (totobjlen <= buflen); err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if (!rootca && class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed) { /* The certificate seems to be contained in a userCertificate container. Skip this and assume the following sequence is the certificate. */ if (n < objlen) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } p += objlen; n -= objlen; save_p = p; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) ) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } totobjlen = objlen + hdrlen; log_assert (save_p + totobjlen <= buffer + buflen); memmove (buffer, save_p, totobjlen); } /* Try to parse and cache the certificate. */ err = ksba_cert_new (&cdf->cert); if (!err) { err = ksba_cert_init_from_mem (cdf->cert, buffer, totobjlen); if (!err) /* Call us to use the just cached cert object. */ err = readcert_by_cdf (app, cdf, r_cert, r_certlen); if (err) { ksba_cert_release (cdf->cert); cdf->cert = NULL; } } if (err) { log_error ("p15: caching certificate failed: %s\n", gpg_strerror (err)); /* We return the certificate anyway so that the caller has a * chance to get an even unsupported or broken certificate. */ if (r_cert && r_certlen) { *r_cert = buffer; buffer = NULL; *r_certlen = totobjlen; } } leave: xfree (buffer); return err; } /* Handler for the READCERT command. Read the certificate with id CERTID (as returned by learn_status in the CERTINFO status lines) and return it in the freshly allocated buffer to be stored at R_CERT and its length at R_CERTLEN. A error code will be returned on failure and R_CERT and R_CERTLEN will be set to (NULL,0). */ static gpg_error_t do_readcert (app_t app, const char *certid, unsigned char **r_cert, size_t *r_certlen) { gpg_error_t err; cdf_object_t cdf; *r_cert = NULL; *r_certlen = 0; err = cdf_object_from_certid (app, certid, &cdf); if (!err) err = readcert_by_cdf (app, cdf, r_cert, r_certlen); return err; } /* Sort helper for an array of authentication objects. */ static int compare_aodf_objid (const void *arg_a, const void *arg_b) { const aodf_object_t a = *(const aodf_object_t *)arg_a; const aodf_object_t b = *(const aodf_object_t *)arg_b; int rc; rc = memcmp (a->objid, b->objid, a->objidlen < b->objidlen? a->objidlen : b->objidlen); if (!rc) { if (a->objidlen < b->objidlen) rc = -1; else if (a->objidlen > b->objidlen) rc = 1; } return rc; } /* Implement the GETATTR command. This is similar to the LEARN command but returns just one value via the status interface. */ static gpg_error_t do_getattr (app_t app, ctrl_t ctrl, const char *name) { gpg_error_t err; prkdf_object_t prkdf; if (!strcmp (name, "$AUTHKEYID") || !strcmp (name, "$ENCRKEYID") || !strcmp (name, "$SIGNKEYID")) { char *buf; /* We return the ID of the first private key capable of the * requested action. If any gpgusage flag has been set for the * card we consult the gpgusage flags and not the regualr usage * flags. */ /* FIXME: This changed: Note that we do not yet return * non_repudiation keys for $SIGNKEYID because our D-Trust * testcard uses rsaPSS, which is not supported by gpgsm and not * covered by the VS-NfD approval. */ for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { if (app->app_local->any_gpgusage) { if ((name[1] == 'A' && prkdf->gpgusage.auth) || (name[1] == 'E' && prkdf->gpgusage.encr) || (name[1] == 'S' && prkdf->gpgusage.sign)) break; } else { if ((name[1] == 'A' && (prkdf->usageflags.sign || prkdf->usageflags.sign_recover)) || (name[1] == 'E' && (prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)) || (name[1] == 'S' && (prkdf->usageflags.sign || prkdf->usageflags.sign_recover))) break; } } if (prkdf) { buf = keyref_from_prkdf (app, prkdf); if (!buf) return gpg_error_from_syserror (); send_status_info (ctrl, name, buf, strlen (buf), NULL, 0); xfree (buf); } return 0; } else if (!strcmp (name, "$DISPSERIALNO")) { /* For certain cards we return special IDs. There is no general rule for it so we need to decide case by case. */ if (app->app_local->card_type == CARD_TYPE_BELPIC) { /* The eID card has a card number printed on the front matter which seems to be a good indication. */ unsigned char *buffer; const unsigned char *p; size_t buflen, n; unsigned short path[] = { 0x3F00, 0xDF01, 0x4031 }; err = select_ef_by_path (app, path, DIM(path) ); if (!err) err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen); if (err) { log_error ("p15: error accessing EF(ID): %s\n", gpg_strerror (err)); return err; } p = find_tlv (buffer, buflen, 1, &n); if (p && n == 12) { char tmp[12+2+1]; memcpy (tmp, p, 3); tmp[3] = '-'; memcpy (tmp+4, p+3, 7); tmp[11] = '-'; memcpy (tmp+12, p+10, 2); tmp[14] = 0; send_status_info (ctrl, name, tmp, strlen (tmp), NULL, 0); xfree (buffer); return 0; } xfree (buffer); } else { /* We use the first private key object which has a serial * number set. If none was found, we parse the first * object and see whether this has then a serial number. */ for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) if (prkdf->serial_number) break; if (!prkdf && app->app_local->private_key_info) { prkdf = app->app_local->private_key_info; keygrip_from_prkdf (app, prkdf); if (!prkdf->serial_number) prkdf = NULL; } if (prkdf) { char *sn = get_dispserialno (app, prkdf); /* Unless there is a bogus S/N in the cert we should * have a suitable one from the cert here now. */ err = send_status_printf (ctrl, name, "%s", sn); xfree (sn); return err; } } /* No abbreviated serial number. */ } else if (!strcmp (name, "MANUFACTURER")) { if (app->app_local->manufacturer_id) return send_status_printf (ctrl, "MANUFACTURER", "0 %s", app->app_local->manufacturer_id); else return 0; } else if (!strcmp (name, "CHV-STATUS") || !strcmp (name, "CHV-LABEL")) { int is_label = (name[4] == 'L'); aodf_object_t aodf; aodf_object_t aodfarray[16]; int naodf = 0; membuf_t mb; char *p; int i; /* Put the AODFs into an array for easier sorting. Note that we * handle onl the first 16 encountrer which should be more than * enough. */ for (aodf = app->app_local->auth_object_info; aodf && naodf < DIM(aodfarray); aodf = aodf->next) if (aodf->objidlen && aodf->pin_reference_valid) aodfarray[naodf++] = aodf; qsort (aodfarray, naodf, sizeof *aodfarray, compare_aodf_objid); init_membuf (&mb, 256); for (i = 0; i < naodf; i++) { /* int j; */ /* log_debug ("p15: AODF[%d] pinref=%lu id=", */ /* i, aodfarray[i]->pin_reference); */ /* for (j=0; j < aodfarray[i]->objidlen; j++) */ /* log_printf ("%02X", aodfarray[i]->objid[j]); */ /* Note that there is no need to percent escape the label * because all white space have been replaced by '_'. */ if (is_label) put_membuf_printf (&mb, "%s%s", i? " ":"", (aodfarray[i]->label && *aodfarray[i]->label)? aodfarray[i]->label:"X"); else put_membuf_printf (&mb, "%s%d", i? " ":"", iso7816_verify_status (app_get_slot (app), aodfarray[i]->pin_reference)); } put_membuf( &mb, "", 1); p = get_membuf (&mb, NULL); if (!p) return gpg_error_from_syserror (); err = send_status_direct (ctrl, is_label? "CHV-LABEL":"CHV-STATUS", p); xfree (p); return err; } else if (!strcmp (name, "KEY-LABEL")) { /* Send KEY-LABEL lines for all private key objects. */ const char *label; char *idbuf, *labelbuf; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { idbuf = keyref_from_prkdf (app, prkdf); if (!idbuf) return gpg_error_from_syserror (); label = (prkdf->label && *prkdf->label)? prkdf->label : "-"; labelbuf = percent_data_escape (0, NULL, label, strlen (label)); if (!labelbuf) { xfree (idbuf); return gpg_error_from_syserror (); } send_status_info (ctrl, name, idbuf, strlen (idbuf), labelbuf, strlen(labelbuf), NULL, 0); xfree (idbuf); xfree (labelbuf); } return 0; } return gpg_error (GPG_ERR_INV_NAME); } /* Micardo cards require special treatment. This is a helper for the crypto functions to manage the security environment. We expect that the key file has already been selected. FID is the one of the selected key. */ static gpg_error_t micardo_mse (app_t app, unsigned short fid) { gpg_error_t err; int recno; unsigned short refdata = 0; int se_num; unsigned char msebuf[10]; /* Read the KeyD file containing extra information on keys. */ err = iso7816_select_file (app_get_slot (app), 0x0013, 0); if (err) { log_error ("p15: error reading EF_keyD: %s\n", gpg_strerror (err)); return err; } for (recno = 1, se_num = -1; ; recno++) { unsigned char *buffer; size_t buflen; size_t n, nn; const unsigned char *p, *pp; err = iso7816_read_record (app_get_slot (app), recno, 1, 0, &buffer, &buflen); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) break; /* ready */ if (err) { log_error ("p15: error reading EF_keyD record: %s\n", gpg_strerror (err)); return err; } if (opt.verbose) { log_info (buffer, buflen, "p15: keyD record: "); log_printhex (buffer, buflen, ""); } p = find_tlv (buffer, buflen, 0x83, &n); if (p && n == 4 && ((p[2]<<8)|p[3]) == fid) { refdata = ((p[0]<<8)|p[1]); /* Locate the SE DO and the there included sec env number. */ p = find_tlv (buffer, buflen, 0x7b, &n); if (p && n) { pp = find_tlv (p, n, 0x80, &nn); if (pp && nn == 1) { se_num = *pp; xfree (buffer); break; /* found. */ } } } xfree (buffer); } if (se_num == -1) { log_error ("p15: CRT for keyfile %04hX not found\n", fid); return gpg_error (GPG_ERR_NOT_FOUND); } /* Restore the security environment to SE_NUM if needed */ if (se_num) { err = iso7816_manage_security_env (app_get_slot (app), 0xf3, se_num, NULL, 0); if (err) { log_error ("p15: restoring SE to %d failed: %s\n", se_num, gpg_strerror (err)); return err; } } /* Set the DST reference data. */ msebuf[0] = 0x83; msebuf[1] = 0x03; msebuf[2] = 0x80; msebuf[3] = (refdata >> 8); msebuf[4] = refdata; err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xb6, msebuf, 5); if (err) { log_error ("p15: setting SE to reference file %04hX failed: %s\n", refdata, gpg_strerror (err)); return err; } return 0; } /* Prepare the verification of the PIN for the key PRKDF by checking * the AODF and selecting the key file. KEYREF is used for error * messages. AODF may be NULL if no verification needs to be done. */ static gpg_error_t prepare_verify_pin (app_t app, const char *keyref, prkdf_object_t prkdf, aodf_object_t aodf) { gpg_error_t err; int i; if (aodf) { if (opt.verbose) { log_info ("p15: using AODF %04hX id=", aodf->fid); for (i=0; i < aodf->objidlen; i++) log_printf ("%02X", aodf->objid[i]); log_printf ("\n"); } if (aodf->authid && opt.verbose) log_info ("p15: PIN is controlled by another authentication token\n"); if (aodf->pinflags.integrity_protected || aodf->pinflags.confidentiality_protected) { log_error ("p15: PIN verification requires" " unsupported protection method\n"); return gpg_error (GPG_ERR_BAD_PIN_METHOD); } if (!aodf->stored_length && aodf->pinflags.needs_padding) { log_error ("p15: PIN verification requires" " padding but no length known\n"); return gpg_error (GPG_ERR_INV_CARD); } } if (app->app_local->card_product == CARD_PRODUCT_DTRUST) { /* According to our protocol analysis we need to select a * special AID here. Before that the master file needs to be * selected. (RID A000000167 is assigned to IBM) */ static char const dtrust_aid[] = { 0xA0, 0x00, 0x00, 0x01, 0x67, 0x45, 0x53, 0x49, 0x47, 0x4E }; err = iso7816_select_mf (app_get_slot (app)); if (!err) err = iso7816_select_application (app_get_slot (app), dtrust_aid, sizeof dtrust_aid, 0); if (err) log_error ("p15: error selecting D-TRUST's AID for key %s: %s\n", keyref, gpg_strerror (err)); } else if (prkdf) { /* Standard case: Select the key file. Note that this may * change the security environment thus we need to do it before * PIN verification. */ err = select_ef_by_path (app, prkdf->path, prkdf->pathlen); if (err) log_error ("p15: error selecting file for key %s: %s\n", keyref, gpg_strerror (err)); } else { log_info ("p15: skipping EF selection for auth object '%s'\n", keyref); err = 0; } return err; } static int any_control_or_space (const char *string) { const unsigned char *s; for (s = string; *string; string++) if (*s <= 0x20 || *s >= 0x7f) return 1; return 0; } /* Return a malloced serial number to be shown to the user. PRKDF is * used to get it from a certificate; PRKDF may be NULL. */ static char * get_dispserialno (app_t app, prkdf_object_t prkdf) { char *serial; /* We prefer the SerialNumber RDN from the Subject-DN but we don't * use it if it features a percent sign (special character in pin * prompts) or has any control character. */ if (prkdf && prkdf->serial_number && *prkdf->serial_number && !strchr (prkdf->serial_number, '%') && !any_control_or_space (prkdf->serial_number)) { serial = xtrystrdup (prkdf->serial_number); } else { serial = app_get_serialno (app); } return serial; } /* Return an allocated string to be used as prompt. PRKDF may be * NULL. Returns NULL on malloc error. */ static char * make_pin_prompt (app_t app, int remaining, const char *firstline, prkdf_object_t prkdf) { char *serial, *tmpbuf, *result; const char *holder; serial = get_dispserialno (app, prkdf); if (prkdf && prkdf->common_name) holder = prkdf->common_name; else if (app->app_local->token_label) holder = app->app_local->token_label; else holder = ""; /* TRANSLATORS: Put a \x1f right before a colon. This can be * used by pinentry to nicely align the names and values. Keep * the %s at the start and end of the string. */ result = xtryasprintf (_("%s" "Number\x1f: %s%%0A" "Holder\x1f: %s" "%s"), "\x1e", serial, holder, ""); xfree (serial); if (!result) return NULL; /* Out of core. */ /* Append a "remaining attempts" info if needed. */ if (remaining != -1 && remaining < 3) { char *rembuf; /* TRANSLATORS: This is the number of remaining attempts to * enter a PIN. Use %%0A (double-percent,0A) for a linefeed. */ rembuf = xtryasprintf (_("Remaining attempts: %d"), remaining); if (rembuf) { tmpbuf = strconcat (firstline, "%0A%0A", result, "%0A%0A", rembuf, NULL); xfree (rembuf); } else tmpbuf = NULL; xfree (result); result = tmpbuf; } else { tmpbuf = strconcat (firstline, "%0A%0A", result, NULL); xfree (result); result = tmpbuf; } return result; } /* Given the private key object PRKDF and its authentication object * AODF ask for the PIN and verify that PIN. If AODF is NULL, no * authentication is done. */ static gpg_error_t verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, prkdf_object_t prkdf, aodf_object_t aodf) { gpg_error_t err; char *pinvalue; size_t pinvaluelen; const char *label; const char *errstr; const char *s; int remaining; int pin_reference; int verified = 0; int i; if (!aodf) return 0; pin_reference = aodf->pin_reference_valid? aodf->pin_reference : 0; if (IS_CARDOS_5 (app)) { /* We know that this card supports a verify status check. Note * that in contrast to PIV cards ISO7816_VERIFY_NOT_NEEDED is * not supported. Noet that we don't use the pin_verified cache * status because that is not as reliable than to ask the card * about its state. */ if (prkdf) /* Clear the cache which we don't use. */ prkdf->pin_verified = 0; remaining = iso7816_verify_status (app_get_slot (app), pin_reference); if (remaining == ISO7816_VERIFY_NOT_NEEDED) { verified = 1; remaining = -1; } else if (remaining < 0) remaining = -1; /* We don't care about the concrete error. */ else if (remaining < 3) log_info ("p15: PIN has %d attempts left\n", remaining); } else remaining = -1; /* Unknown. */ /* Check whether we already verified it. */ if (prkdf && (prkdf->pin_verified || verified)) return 0; /* Already done. */ if (prkdf && prkdf->usageflags.non_repudiation && (app->app_local->card_type == CARD_TYPE_BELPIC || app->app_local->card_product == CARD_PRODUCT_DTRUST)) label = _("||Please enter the PIN for the key to create " "qualified signatures."); else if (aodf->pinflags.so_pin) label = _("|A|Please enter the Admin PIN"); else if (aodf->pinflags.unblocking_pin) label = _("|P|Please enter the PIN Unblocking Code (PUK) " "for the standard keys."); else label = _("||Please enter the PIN for the standard keys."); { char *prompt = make_pin_prompt (app, remaining, label, prkdf); if (!prompt) err = gpg_error_from_syserror (); else err = pincb (pincb_arg, prompt, &pinvalue); xfree (prompt); } if (err) { log_info ("p15: PIN callback returned error: %s\n", gpg_strerror (err)); return err; } /* We might need to cope with UTF8 things here. Not sure how min_length etc. are exactly defined, for now we take them as a plain octet count. */ if (strlen (pinvalue) < aodf->min_length) { log_error ("p15: PIN is too short; minimum length is %lu\n", aodf->min_length); err = gpg_error (GPG_ERR_BAD_PIN); } else if (aodf->stored_length && strlen (pinvalue) > aodf->stored_length) { /* This would otherwise truncate the PIN silently. */ log_error ("p15: PIN is too large; maximum length is %lu\n", aodf->stored_length); err = gpg_error (GPG_ERR_BAD_PIN); } else if (aodf->max_length_valid && strlen (pinvalue) > aodf->max_length) { log_error ("p15: PIN is too large; maximum length is %lu\n", aodf->max_length); err = gpg_error (GPG_ERR_BAD_PIN); } if (err) { xfree (pinvalue); return err; } errstr = NULL; err = 0; switch (aodf->pintype) { case PIN_TYPE_BCD: case PIN_TYPE_ASCII_NUMERIC: for (s=pinvalue; digitp (s); s++) ; if (*s) { errstr = "Non-numeric digits found in PIN"; err = gpg_error (GPG_ERR_BAD_PIN); } break; case PIN_TYPE_UTF8: break; case PIN_TYPE_HALF_NIBBLE_BCD: errstr = "PIN type Half-Nibble-BCD is not supported"; break; case PIN_TYPE_ISO9564_1: errstr = "PIN type ISO9564-1 is not supported"; break; default: errstr = "Unknown PIN type"; break; } if (errstr) { log_error ("p15: can't verify PIN: %s\n", errstr); xfree (pinvalue); return err? err : gpg_error (GPG_ERR_BAD_PIN_METHOD); } if (aodf->pintype == PIN_TYPE_BCD ) { char *paddedpin; int ndigits; for (ndigits=0, s=pinvalue; *s; ndigits++, s++) ; paddedpin = xtrymalloc (aodf->stored_length+1); if (!paddedpin) { err = gpg_error_from_syserror (); xfree (pinvalue); return err; } i = 0; paddedpin[i++] = 0x20 | (ndigits & 0x0f); for (s=pinvalue; i < aodf->stored_length && *s && s[1]; s = s+2 ) paddedpin[i++] = (((*s - '0') << 4) | ((s[1] - '0') & 0x0f)); if (i < aodf->stored_length && *s) paddedpin[i++] = (((*s - '0') << 4) |((aodf->pad_char_valid?aodf->pad_char:0)&0x0f)); if (aodf->pinflags.needs_padding) { while (i < aodf->stored_length) paddedpin[i++] = aodf->pad_char_valid? aodf->pad_char : 0; } xfree (pinvalue); pinvalue = paddedpin; pinvaluelen = i; } else if (aodf->pinflags.needs_padding) { char *paddedpin; paddedpin = xtrymalloc (aodf->stored_length+1); if (!paddedpin) { err = gpg_error_from_syserror (); xfree (pinvalue); return err; } for (i=0, s=pinvalue; i < aodf->stored_length && *s; i++, s++) paddedpin[i] = *s; /* Not sure what padding char to use if none has been set. For now we use 0x00; maybe a space would be better. */ for (; i < aodf->stored_length; i++) paddedpin[i] = aodf->pad_char_valid? aodf->pad_char : 0; paddedpin[i] = 0; pinvaluelen = i; xfree (pinvalue); pinvalue = paddedpin; } else pinvaluelen = strlen (pinvalue); /* log_printhex (pinvalue, pinvaluelen, */ /* "about to verify with ref %lu pin:", pin_reference); */ err = iso7816_verify (app_get_slot (app), pin_reference, pinvalue, pinvaluelen); xfree (pinvalue); if (err) { log_error ("p15: PIN verification failed: %s\n", gpg_strerror (err)); return err; } if (opt.verbose) log_info ("p15: PIN verification succeeded\n"); if (prkdf) prkdf->pin_verified = 1; return 0; } /* Handler for the PKSIGN command. Create the signature and return the allocated result in OUTDATA. If a PIN is required, the PINCB will be used to ask for the PIN; that callback should return the PIN in an allocated buffer and store that as the 3rd argument. */ static gpg_error_t do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; prkdf_object_t prkdf; /* The private key object. */ aodf_object_t aodf; /* The associated authentication object. */ int mse_done = 0; /* Set to true if the MSE has been done. */ unsigned int digestlen; /* Length of the hash. */ int exmode, le_value; unsigned char oidbuf[64]; size_t oidbuflen; size_t n; unsigned char *indata_buffer = NULL; /* Malloced helper. */ (void)ctrl; if (!keyidstr || !*keyidstr || !indatalen) return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover || prkdf->usageflags.non_repudiation || prkdf->gpgusage.cert || prkdf->gpgusage.sign || prkdf->gpgusage.auth )) { log_error ("p15: key %s may not be used for signing\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } if (!prkdf->authid) { log_error ("p15: no authentication object defined for %s\n", keyidstr); /* fixme: we might want to go ahead and do without PIN verification. */ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); } /* Find the authentication object to this private key object. */ for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next) if (aodf->objidlen == prkdf->authidlen && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen)) break; if (!aodf) log_info ("p15: no authentication for %s needed\n", keyidstr); /* We need some more info about the key - get the keygrip to * populate these fields. */ err = keygrip_from_prkdf (app, prkdf); if (err) { log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err)); return err; } digestlen = gcry_md_get_algo_dlen (hashalgo); /* We handle ECC separately from RSA so that we do not need to touch * working code. In particular we prepare the input data before the * verify and a possible MSE. */ if (prkdf->is_ecc) { if (digestlen != 32 && digestlen != 48 && digestlen != 64) { log_error ("p15: ECC signing not possible: dlen=%u\n", digestlen); err = gpg_error (GPG_ERR_DIGEST_ALGO); goto leave; } if (indatalen == digestlen) ; /* Already prepared. */ else if (indatalen > digestlen) { /* Assume a PKCS#1 prefix and remove it. */ oidbuflen = sizeof oidbuf; err = gcry_md_get_asnoid (hashalgo, &oidbuf, &oidbuflen); if (err) { log_error ("p15: no OID for hash algo %d\n", hashalgo); err = gpg_error (GPG_ERR_INTERNAL); goto leave; } if (indatalen != oidbuflen + digestlen || memcmp (indata, oidbuf, oidbuflen)) { log_error ("p15: input data too long for ECC: len=%zu\n", indatalen); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } indata = (const char*)indata + oidbuflen; indatalen -= oidbuflen; } else { log_error ("p15: input data too short for ECC: len=%zu\n", indatalen); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } } else /* Prepare RSA input. */ { unsigned int framelen; unsigned char *frame; int i; framelen = (prkdf->keynbits+7) / 8; if (!framelen) { log_error ("p15: key length unknown" " - can't prepare PKCS#v1.5 frame\n"); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } oidbuflen = sizeof oidbuf; if (!hashalgo) { /* We assume that indata already has the required * digestinfo; thus merely prepend the padding below. */ } else if ((err = gcry_md_get_asnoid (hashalgo, &oidbuf, &oidbuflen))) { log_debug ("p15: no OID for hash algo %d\n", hashalgo); goto leave; } else { if (indatalen == digestlen) { /* Plain hash in INDATA; prepend the digestinfo. */ indata_buffer = xtrymalloc (oidbuflen + indatalen); if (!indata_buffer) { err = gpg_error_from_syserror (); goto leave; } memcpy (indata_buffer, oidbuf, oidbuflen); memcpy (indata_buffer+oidbuflen, indata, indatalen); indata = indata_buffer; indatalen = oidbuflen + indatalen; } else if (indatalen == oidbuflen + digestlen && !memcmp (indata, oidbuf, oidbuflen)) ; /* We already got the correct prefix. */ else { err = gpg_error (GPG_ERR_INV_VALUE); log_error ("p15: bad input for signing with RSA and hash %d\n", hashalgo); goto leave; } } /* Now prepend the pkcs#v1.5 padding. We require at least 8 * byte of padding and 3 extra bytes for the prefix and the * delimiting nul. */ if (!indatalen || indatalen + 8 + 4 > framelen) { err = gpg_error (GPG_ERR_INV_VALUE); log_error ("p15: input does not fit into a %u bit PKCS#v1.5 frame\n", 8*framelen); goto leave; } frame = xtrymalloc (framelen); if (!frame) { err = gpg_error_from_syserror (); goto leave; } if (app->app_local->card_type == CARD_TYPE_BELPIC) { /* This card wants only the plain hash w/o any prefix. */ /* FIXME: We may want to remove this code because it is unlikely * that such cards are still in use. */ memcpy (frame, indata, indatalen); framelen = indatalen; } else { n = 0; frame[n++] = 0; frame[n++] = 1; /* Block type. */ i = framelen - indatalen - 3 ; memset (frame+n, 0xff, i); n += i; frame[n++] = 0; /* Delimiter. */ memcpy (frame+n, indata, indatalen); n += indatalen; log_assert (n == framelen); } /* And now put it into the indata_buffer. */ xfree (indata_buffer); indata_buffer = frame; indata = indata_buffer; indatalen = framelen; } /* Prepare PIN verification. This is split so that we can do * MSE operation for some task after having selected the key file but * before sending the verify APDU. */ err = prepare_verify_pin (app, keyidstr, prkdf, aodf); if (err) return err; /* Due to the fact that the non-repudiation signature on a BELPIC card requires a verify immediately before the DSO we set the MSE before we do the verification. Other cards might also allow this but I don't want to break anything, thus we do it only for the BELPIC card here. FIXME: see comment above about these cards. */ if (app->app_local->card_type == CARD_TYPE_BELPIC) { unsigned char mse[5]; mse[0] = 4; /* Length of the template. */ mse[1] = 0x80; /* Algorithm reference tag. */ if (hashalgo == MD_USER_TLS_MD5SHA1) mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */ else mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */ mse[3] = 0x84; /* Private key reference tag. */ mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82; err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, mse, sizeof mse); mse_done = 1; } if (err) { log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } /* Now that we have all the information available run the actual PIN * verification.*/ err = verify_pin (app, pincb, pincb_arg, prkdf, aodf); if (err) return err; /* Manage security environment needs to be tweaked for certain cards. */ if (mse_done) err = 0; else if (app->app_local->card_type == CARD_TYPE_TCOS) { /* TCOS creates signatures always using the local key 0. MSE may not be used. */ } else if (app->app_local->card_type == CARD_TYPE_MICARDO) { if (!prkdf->pathlen) err = gpg_error (GPG_ERR_BUG); else err = micardo_mse (app, prkdf->path[prkdf->pathlen-1]); } else if (prkdf->key_reference_valid) { unsigned char mse[3]; mse[0] = 0x84; /* Select asym. key. */ mse[1] = 1; mse[2] = prkdf->key_reference; err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, mse, sizeof mse); } if (err) { log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048) { exmode = 1; le_value = prkdf->keynbits / 8; } else { exmode = 0; le_value = 0; } err = iso7816_compute_ds (app_get_slot (app), exmode, indata, indatalen, le_value, outdata, outdatalen); leave: xfree (indata_buffer); return err; } /* Handler for the PKAUTH command. This is basically the same as the PKSIGN command but we first check that the requested key is suitable for authentication; that is, it must match the criteria used for the attribute $AUTHKEYID. See do_sign for calling conventions; there is no HASHALGO, though. */ static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; prkdf_object_t prkdf; int algo; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!(prkdf->usageflags.sign || prkdf->gpgusage.auth)) { log_error ("p15: key %s may not be used for authentication\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); } /* Handler for the PKDECRYPT command. Decrypt the data in INDATA and * return the allocated result in OUTDATA. If a PIN is required the * PINCB will be used to ask for the PIN; it should return the PIN in * an allocated buffer and put it into PIN. */ static gpg_error_t do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen, unsigned int *r_info) { gpg_error_t err; prkdf_object_t prkdf; /* The private key object. */ aodf_object_t aodf; /* The associated authentication object. */ int exmode, le_value, padind; (void)ctrl; (void)r_info; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (!indatalen || !indata || !outdatalen || !outdata) return gpg_error (GPG_ERR_INV_ARG); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap || prkdf->gpgusage.encr )) { log_error ("p15: key %s may not be used for decryption\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } /* Find the authentication object to this private key object. */ if (!prkdf->authid) { log_error ("p15: no authentication object defined for %s\n", keyidstr); /* fixme: we might want to go ahead and do without PIN verification. */ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); } for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next) if (aodf->objidlen == prkdf->authidlen && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen)) break; if (!aodf) log_info ("p15: no authentication for %s needed\n", keyidstr); /* We need some more info about the key - get the keygrip to * populate these fields. */ err = keygrip_from_prkdf (app, prkdf); if (err) { log_error ("p15: keygrip_from_prkdf failed: %s\n", gpg_strerror (err)); return err; } /* Verify the PIN. */ err = prepare_verify_pin (app, keyidstr, prkdf, aodf); if (!err) err = verify_pin (app, pincb, pincb_arg, prkdf, aodf); if (err) return err; if (prkdf->is_ecc && IS_CARDOS_5(app)) { err = iso7816_manage_security_env (app_get_slot (app), 0xF3, 0x01, NULL, 0); if (err) { log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } } /* The next is guess work for CardOS. */ if (app->app_local->card_product == CARD_PRODUCT_DTRUST) { /* From analyzing an USB trace of a Windows signing application * we see that the SE is simply reset to 0x14. It seems to be * sufficient to do this for decryption; signing still works * with the standard code despite that our trace showed that * there the SE is restored to 0x09. Note that the special * D-Trust AID is in any case select by prepare_verify_pin. * * Hey, D-Trust please hand over the specs so that you can * actually sell your cards and we can properly implement it; * other vendors understand this and do not demand ridiculous * paper work or complicated procedures to get samples. */ err = iso7816_manage_security_env (app_get_slot (app), 0xF3, 0x14, NULL, 0); } else if (prkdf->key_reference_valid) { unsigned char mse[9]; int i; /* Note: This works with CardOS but the D-Trust card has the * problem that the next created signature would be broken. */ i = 0; if (!prkdf->is_ecc) { mse[i++] = 0x80; /* Algorithm reference. */ mse[i++] = 1; mse[i++] = 0x0a; /* RSA, no padding. */ } mse[i++] = 0x84; /* Key reference. */ mse[i++] = 1; mse[i++] = prkdf->key_reference; if (prkdf->is_ecc && IS_CARDOS_5(app)) { mse[i++] = 0x95; /* ???. */ mse[i++] = 1; mse[i++] = 0x40; } log_assert (i <= DIM(mse)); err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB8, mse, i); } /* Check for MSE error. */ if (err) { log_error ("p15: MSE failed: %s\n", gpg_strerror (err)); return err; } exmode = le_value = 0; padind = 0; if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048) { exmode = 1; /* Extended length w/o a limit. */ le_value = prkdf->keynbits / 8; } if (app->app_local->card_product == CARD_PRODUCT_DTRUST) padind = 0x81; if (prkdf->is_ecc && IS_CARDOS_5(app)) { if ((indatalen & 1) && *(const char *)indata == 0x04) { /* Strip indicator byte. */ indatalen--; indata = (const char *)indata + 1; } err = iso7816_pso_csv (app_get_slot (app), exmode, indata, indatalen, le_value, outdata, outdatalen); } else { err = iso7816_decipher (app_get_slot (app), exmode, indata, indatalen, le_value, padind, outdata, outdatalen); } return err; } /* Perform a simple verify operation for the PIN specified by * KEYIDSTR. Note that we require a key reference which is then used * to select the authentication object. Return GPG_ERR_NO_PIN if a * PIN is not required for using the private key KEYIDSTR. */ static gpg_error_t do_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; prkdf_object_t prkdf; /* The private key object. */ aodf_object_t aodf; /* The associated authentication object. */ (void)ctrl; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err && gpg_err_code (err) != GPG_ERR_INV_ID && gpg_err_code (err) != GPG_ERR_NOT_FOUND) return err; if (err) /* Not found or invalid - assume it is the label. */ { prkdf = NULL; for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next) if (aodf->label && !ascii_strcasecmp (aodf->label, keyidstr)) break; if (!aodf) return err; /* Re-use the original error code. */ } else /* Find the authentication object to this private key object. */ { if (!prkdf->authid) { log_error ("p15: no authentication object defined for %s\n", keyidstr); return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); } for (aodf = app->app_local->auth_object_info; aodf; aodf = aodf->next) if (aodf->objidlen == prkdf->authidlen && !memcmp (aodf->objid, prkdf->authid, prkdf->authidlen)) break; if (!aodf) /* None found. */ return gpg_error (GPG_ERR_NO_PIN); } err = prepare_verify_pin (app, keyidstr, prkdf, aodf); if (!err) err = verify_pin (app, pincb, pincb_arg, prkdf, aodf); return err; } /* Process the various keygrip based info requests. */ static gpg_error_t do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *want_keygripstr, int capability) { gpg_error_t err; char *serialno = NULL; int as_data = 0; prkdf_object_t prkdf; /* First a quick check for valid parameters. */ switch (action) { case KEYGRIP_ACTION_LOOKUP: if (!want_keygripstr) { err = gpg_error (GPG_ERR_NOT_FOUND); goto leave; } break; case KEYGRIP_ACTION_SEND_DATA: as_data = 1; break; case KEYGRIP_ACTION_WRITE_STATUS: break; default: err = gpg_error (GPG_ERR_INV_ARG); goto leave; } /* Allocate the s/n string if needed. */ if (action != KEYGRIP_ACTION_LOOKUP) { serialno = app_get_serialno (app); if (!serialno) { err = gpg_error_from_syserror (); goto leave; } } for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) { if (keygrip_from_prkdf (app, prkdf)) continue; if (action == KEYGRIP_ACTION_LOOKUP) { if (!strcmp (prkdf->keygrip, want_keygripstr)) { err = 0; /* Found */ goto leave; } } else if (!want_keygripstr || !strcmp (prkdf->keygrip, want_keygripstr)) { char *keyref; if (capability == GCRY_PK_USAGE_SIGN) { if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover || prkdf->usageflags.non_repudiation)) continue; } else if (capability == GCRY_PK_USAGE_ENCR) { if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)) continue; } else if (capability == GCRY_PK_USAGE_AUTH) { if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover)) continue; } keyref = keyref_from_prkdf (app, prkdf); if (!keyref) { err = gpg_error_from_syserror (); goto leave; } send_keyinfo (ctrl, as_data, prkdf->keygrip, serialno, keyref); xfree (keyref); if (want_keygripstr) { err = 0; /* Found */ goto leave; } } } /* Return an error so that the dispatcher keeps on looping over the * other applications. For clarity we use a different error code * when listing all keys. Note that in lookup mode WANT_KEYGRIPSTR * is not NULL. */ if (!want_keygripstr) err = gpg_error (GPG_ERR_TRUE); else err = gpg_error (GPG_ERR_NOT_FOUND); leave: xfree (serialno); return err; } /* Assume that EF(DIR) has been selected. Read its content and figure out the home EF of pkcs#15. Return that home DF or 0 if not found and the value at the address of BELPIC indicates whether it was found by the belpic aid. */ static unsigned short read_home_df (int slot, int *r_belpic) { gpg_error_t err; unsigned char *buffer; const unsigned char *p, *pp; size_t buflen, n, nn; unsigned short result = 0; *r_belpic = 0; err = iso7816_read_binary (slot, 0, 0, &buffer, &buflen); if (err) { log_error ("p15: error reading EF(DIR): %s\n", gpg_strerror (err)); return 0; } /* FIXME: We need to scan all records. */ p = find_tlv (buffer, buflen, 0x61, &n); if (p && n) { pp = find_tlv (p, n, 0x4f, &nn); if (pp && ((nn == sizeof pkcs15_aid && !memcmp (pp, pkcs15_aid, nn)) || (*r_belpic = (nn == sizeof pkcs15be_aid && !memcmp (pp, pkcs15be_aid, nn))))) { pp = find_tlv (p, n, 0x50, &nn); if (pp && opt.verbose) log_info ("p15: application label from EF(DIR) is '%.*s'\n", (int)nn, pp); pp = find_tlv (p, n, 0x51, &nn); if (pp && nn == 4 && *pp == 0x3f && !pp[1]) { result = ((pp[2] << 8) | pp[3]); if (opt.verbose) log_info ("p15: application directory is 0x%04hX\n", result); } } } xfree (buffer); return result; } /* Select the PKCS#15 application on the card in SLOT. */ gpg_error_t app_select_p15 (app_t app) { int slot = app_get_slot (app); int rc; unsigned short def_home_df = 0; card_type_t card_type = CARD_TYPE_UNKNOWN; int direct = 0; int is_belpic = 0; unsigned char *fci = NULL; size_t fcilen; rc = iso7816_select_application_ext (slot, pkcs15_aid, sizeof pkcs15_aid, 1, &fci, &fcilen); if (rc) { /* Not found: Try to locate it from 2F00. We use direct path selection here because it seems that the Belgian eID card does only allow for that. Many other cards supports this selection method too. Note, that we don't use select_application above for the Belgian card - the call works but it seems that it does not switch to the correct DF. Using the 2f02 just works. */ unsigned short path[1] = { 0x2f00 }; rc = iso7816_select_path (slot, path, 1, 0); if (!rc) { direct = 1; def_home_df = read_home_df (slot, &is_belpic); if (def_home_df) { path[0] = def_home_df; rc = iso7816_select_path (slot, path, 1, 0); } } } if (rc) { /* Still not found: Try the default DF. */ def_home_df = DEFAULT_HOME_DF; rc = iso7816_select_file (slot, def_home_df, 1); } if (!rc) { /* Determine the type of the card. The general case is to look it up from the ATR table. For the Belgian eID card we know it instantly from the AID. */ if (is_belpic) { card_type = CARD_TYPE_BELPIC; } else { unsigned char *atr; size_t atrlen; int i; atr = apdu_get_atr (app_get_slot (app), &atrlen); if (!atr) rc = gpg_error (GPG_ERR_INV_CARD); else { for (i=0; card_atr_list[i].atrlen; i++) if (card_atr_list[i].atrlen == atrlen && !memcmp (card_atr_list[i].atr, atr, atrlen)) { card_type = card_atr_list[i].type; break; } xfree (atr); } } } if (!rc) { app->apptype = APPTYPE_P15; app->app_local = xtrycalloc (1, sizeof *app->app_local); if (!app->app_local) { rc = gpg_error_from_syserror (); goto leave; } /* Set the home DF from the FCI returned by the select. */ if (!def_home_df && fci) { const unsigned char *s; size_t n; s = find_tlv (fci, fcilen, 0x83, &n); if (s && n == 2) def_home_df = buf16_to_ushort (s); else log_error ("p15: select(AID) did not return the DF\n"); } app->app_local->home_df = def_home_df; /* Store the card type. FIXME: We might want to put this into the common APP structure. */ app->app_local->card_type = card_type; app->app_local->card_product = CARD_PRODUCT_UNKNOWN; /* Store whether we may and should use direct path selection. */ switch (card_type) { case CARD_TYPE_CARDOS_50: case CARD_TYPE_CARDOS_53: direct = 1; break; default: /* Use whatever has been determined above. */ break; } app->app_local->direct_path_selection = direct; /* Read basic information and thus check whether this is a real card. */ rc = read_p15_info (app); if (rc) goto leave; /* Special serial number munging. We need to check for a German prototype card right here because we need to access to EF(TokenInfo). We mark such a serial number by the using a prefix of FF0100. */ if (APP_CARD(app)->serialnolen == 12 && !memcmp (APP_CARD(app)->serialno, "\xD2\x76\0\0\0\0\0\0\0\0\0\0", 12)) { /* This is a German card with a silly serial number. Try to get the serial number from the EF(TokenInfo). . */ unsigned char *p; /* FIXME: actually get it from EF(TokenInfo). */ p = xtrymalloc (3 + APP_CARD(app)->serialnolen); if (!p) rc = gpg_error (gpg_err_code_from_errno (errno)); else { memcpy (p, "\xff\x01", 3); memcpy (p+3, APP_CARD(app)->serialno, APP_CARD(app)->serialnolen); APP_CARD(app)->serialnolen += 3; xfree (APP_CARD(app)->serialno); APP_CARD(app)->serialno = p; } } app->fnc.deinit = do_deinit; app->fnc.prep_reselect = NULL; app->fnc.reselect = NULL; app->fnc.learn_status = do_learn_status; app->fnc.readcert = do_readcert; app->fnc.getattr = do_getattr; app->fnc.setattr = NULL; app->fnc.genkey = NULL; app->fnc.sign = do_sign; app->fnc.auth = do_auth; app->fnc.decipher = do_decipher; app->fnc.change_pin = NULL; app->fnc.check_pin = do_check_pin; app->fnc.with_keygrip = do_with_keygrip; leave: if (rc) do_deinit (app); } xfree (fci); return rc; } diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c index 583a34fed..1ca709f72 100644 --- a/scd/app-sc-hsm.c +++ b/scd/app-sc-hsm.c @@ -1,2095 +1,2094 @@ /* app-sc-hsm.c - The SmartCard-HSM card application (www.smartcard-hsm.com). * Copyright (C) 2005 Free Software Foundation, Inc. * Copyright (C) 2014 Andreas Schwier * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* Code in this driver is based on app-p15.c with modifications. */ #include #include #include #include #include -#include #include #include "scdaemon.h" #include "iso7816.h" #include "../common/tlv.h" #include "apdu.h" /* The AID of the SmartCard-HSM applet. */ static char const sc_hsm_aid[] = { 0xE8, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81, 0xC3, 0x1F, 0x02, 0x01 }; /* Special file identifier for SmartCard-HSM */ typedef enum { SC_HSM_PRKD_PREFIX = 0xC4, SC_HSM_CD_PREFIX = 0xC8, SC_HSM_DCOD_PREFIX = 0xC9, SC_HSM_CA_PREFIX = 0xCA, SC_HSM_KEY_PREFIX = 0xCC, SC_HSM_EE_PREFIX = 0xCE } fid_prefix_type_t; /* The key types supported by the SmartCard-HSM */ typedef enum { KEY_TYPE_RSA, KEY_TYPE_ECC } key_type_t; /* A bit array with for the key usage flags from the commonKeyAttributes. */ struct keyusage_flags_s { unsigned int encrypt: 1; unsigned int decrypt: 1; unsigned int sign: 1; unsigned int sign_recover: 1; unsigned int wrap: 1; unsigned int unwrap: 1; unsigned int verify: 1; unsigned int verify_recover: 1; unsigned int derive: 1; unsigned int non_repudiation: 1; }; typedef struct keyusage_flags_s keyusage_flags_t; /* This is an object to store information about a Certificate Directory File (CDF) in a format suitable for further processing by us. To keep memory management, simple we use a linked list of items; i.e. one such object represents one certificate and the list the entire CDF. */ struct cdf_object_s { /* Link to next item when used in a linked list. */ struct cdf_object_s *next; /* Length and allocated buffer with the Id of this object. */ size_t objidlen; unsigned char *objid; /* To avoid reading a certificate more than once, we cache it in an allocated memory IMAGE of IMAGELEN. */ size_t imagelen; unsigned char *image; /* EF containing certificate */ unsigned short fid; }; typedef struct cdf_object_s *cdf_object_t; /* This is an object to store information about a Private Key Directory File (PrKDF) in a format suitable for further processing by us. To keep memory management, simple we use a linked list of items; i.e. one such object represents one certificate and the list the entire PrKDF. */ struct prkdf_object_s { /* Link to next item when used in a linked list. */ struct prkdf_object_s *next; /* Key type */ key_type_t keytype; /* Key size in bits or 0 if unknown */ size_t keysize; /* Length and allocated buffer with the Id of this object. */ size_t objidlen; unsigned char *objid; /* The key's usage flags. */ keyusage_flags_t usageflags; /* The keyReference */ unsigned char key_reference; }; typedef struct prkdf_object_s *prkdf_object_t; /* Context local to this application. */ struct app_local_s { /* Information on all certificates. */ cdf_object_t certificate_info; /* Information on all trusted certificates. */ cdf_object_t trusted_certificate_info; /* Information on all private keys. */ prkdf_object_t private_key_info; }; /*** Local prototypes. ***/ static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf, unsigned char **r_cert, size_t *r_certlen); /* Release the CDF object A */ static void release_cdflist (cdf_object_t a) { while (a) { cdf_object_t tmp = a->next; xfree (a->image); xfree (a->objid); xfree (a); a = tmp; } } /* Release the PrKDF object A. */ static void release_prkdflist (prkdf_object_t a) { while (a) { prkdf_object_t tmp = a->next; xfree (a->objid); xfree (a); a = tmp; } } /* Release all local resources. */ static void do_deinit (app_t app) { if (app && app->app_local) { release_cdflist (app->app_local->certificate_info); release_cdflist (app->app_local->trusted_certificate_info); release_prkdflist (app->app_local->private_key_info); xfree (app->app_local); app->app_local = NULL; } } /* Get the list of EFs from the SmartCard-HSM. * On success a dynamically buffer containing the EF list is returned. * The caller is responsible for freeing the buffer. */ static gpg_error_t list_ef (int slot, unsigned char **result, size_t *resultlen) { int sw; if (!result || !resultlen) return gpg_error (GPG_ERR_INV_VALUE); *result = NULL; *resultlen = 0; sw = apdu_send_le (slot, 1, 0x80, 0x58, 0x00, 0x00, -1, NULL, 65536, result, resultlen); if (sw != SW_SUCCESS) { /* Make sure that pending buffers are released. */ xfree (*result); *result = NULL; *resultlen = 0; } return iso7816_map_sw (sw); } /* Do a select and a read for the file with EFID. EFID_DESC is a description of the EF to be used with error messages. On success BUFFER and BUFLEN contain the entire content of the EF. The caller must free BUFFER only on success. */ static gpg_error_t select_and_read_binary (int slot, unsigned short efid, const char *efid_desc, unsigned char **buffer, size_t *buflen, int maxread) { gpg_error_t err; unsigned char cdata[4]; int sw; cdata[0] = 0x54; /* Create ISO 7861-4 odd ins READ BINARY */ cdata[1] = 0x02; cdata[2] = 0x00; cdata[3] = 0x00; sw = apdu_send_le(slot, 1, 0x00, 0xB1, efid >> 8, efid & 0xFF, 4, cdata, maxread, buffer, buflen); if (sw == SW_EOF_REACHED) sw = SW_SUCCESS; err = iso7816_map_sw (sw); if (err) { log_error ("error reading %s (0x%04X): %s\n", efid_desc, efid, gpg_strerror (err)); return err; } return 0; } /* Parse a cert Id string (or a key Id string) and return the binary object Id string in a newly allocated buffer stored at R_OBJID and R_OBJIDLEN. On Error NULL will be stored there and an error code returned. On success caller needs to free the buffer at R_OBJID. */ static gpg_error_t parse_certid (const char *certid, unsigned char **r_objid, size_t *r_objidlen) { const char *s; size_t objidlen; unsigned char *objid; int i; *r_objid = NULL; *r_objidlen = 0; if (strncmp (certid, "HSM.", 4)) return gpg_error (GPG_ERR_INV_ID); certid += 4; for (s=certid, objidlen=0; hexdigitp (s); s++, objidlen++) ; if (*s || !objidlen || (objidlen%2)) return gpg_error (GPG_ERR_INV_ID); objidlen /= 2; objid = xtrymalloc (objidlen); if (!objid) return gpg_error_from_syserror (); for (s=certid, i=0; i < objidlen; i++, s+=2) objid[i] = xtoi_2 (s); *r_objid = objid; *r_objidlen = objidlen; return 0; } /* Find a certificate object by the certificate ID CERTID and store a pointer to it at R_CDF. */ static gpg_error_t cdf_object_from_certid (app_t app, const char *certid, cdf_object_t *r_cdf) { gpg_error_t err; size_t objidlen; unsigned char *objid; cdf_object_t cdf; err = parse_certid (certid, &objid, &objidlen); if (err) return err; for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen)) break; if (!cdf) for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen)) break; xfree (objid); if (!cdf) return gpg_error (GPG_ERR_NOT_FOUND); *r_cdf = cdf; return 0; } /* Find a private key object by the key Id string KEYIDSTR and store a pointer to it at R_PRKDF. */ static gpg_error_t prkdf_object_from_keyidstr (app_t app, const char *keyidstr, prkdf_object_t *r_prkdf) { gpg_error_t err; size_t objidlen; unsigned char *objid; prkdf_object_t prkdf; err = parse_certid (keyidstr, &objid, &objidlen); if (err) return err; for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) if (prkdf->objidlen == objidlen && !memcmp (prkdf->objid, objid, objidlen)) break; xfree (objid); if (!prkdf) return gpg_error (GPG_ERR_NOT_FOUND); *r_prkdf = prkdf; return 0; } /* Parse the BIT STRING with the keyUsageFlags from the CommonKeyAttributes. */ static gpg_error_t parse_keyusage_flags (const unsigned char *der, size_t derlen, keyusage_flags_t *usageflags) { unsigned int bits, mask; int i, unused, full; memset (usageflags, 0, sizeof *usageflags); if (!derlen) return gpg_error (GPG_ERR_INV_OBJ); unused = *der++; derlen--; if ((!derlen && unused) || unused/8 > derlen) return gpg_error (GPG_ERR_ENCODING_PROBLEM); full = derlen - (unused+7)/8; unused %= 8; mask = 0; for (i=1; unused; i <<= 1, unused--) mask |= i; /* First octet */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; mask = 0; } } else bits = 0; if ((bits & 0x80)) usageflags->encrypt = 1; if ((bits & 0x40)) usageflags->decrypt = 1; if ((bits & 0x20)) usageflags->sign = 1; if ((bits & 0x10)) usageflags->sign_recover = 1; if ((bits & 0x08)) usageflags->wrap = 1; if ((bits & 0x04)) usageflags->unwrap = 1; if ((bits & 0x02)) usageflags->verify = 1; if ((bits & 0x01)) usageflags->verify_recover = 1; /* Second octet. */ if (derlen) { bits = *der++; derlen--; if (full) full--; else { bits &= ~mask; } } else bits = 0; if ((bits & 0x80)) usageflags->derive = 1; if ((bits & 0x40)) usageflags->non_repudiation = 1; return 0; } /* Read and parse a Private Key Directory File containing a single key description in PKCS#15 format. For each private key a matching certificate description is created, if the certificate EF exists and contains a X.509 certificate. Example data: 0000 30 2A 30 13 0C 11 4A 6F 65 20 44 6F 65 20 28 52 0*0...Joe Doe (R 0010 53 41 32 30 34 38 29 30 07 04 01 01 03 02 02 74 SA2048)0.......t 0020 A1 0A 30 08 30 02 04 00 02 02 08 00 ..0.0....... Decoded example: SEQUENCE SIZE( 42 ) SEQUENCE SIZE( 19 ) UTF8-STRING SIZE( 17 ) -- label 0000 4A 6F 65 20 44 6F 65 20 28 52 53 41 32 30 34 38 Joe Doe (RSA2048 0010 29 ) SEQUENCE SIZE( 7 ) OCTET-STRING SIZE( 1 ) -- id 0000 01 BIT-STRING SIZE( 2 ) -- key usage 0000 02 74 A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 10 ) SEQUENCE SIZE( 8 ) SEQUENCE SIZE( 2 ) OCTET-STRING SIZE( 0 ) -- empty path, req object in PKCS#15 INTEGER SIZE( 2 ) -- modulus size in bits 0000 08 00 */ static gpg_error_t read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult, cdf_object_t *cdresult) { gpg_error_t err; unsigned char *buffer = NULL; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; int i; const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; prkdf_object_t prkdf = NULL; cdf_object_t cdf = NULL; unsigned long ul; const unsigned char *objid; size_t objidlen; keyusage_flags_t usageflags; const char *s; key_type_t keytype; size_t keysize; if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */ err = select_and_read_binary (app_get_slot (app), fid, "PrKDF", &buffer, &buflen, 255); if (err) return err; p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || (tag != TAG_SEQUENCE && tag != 0x00))) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err)); goto leave; } keytype = tag == 0x00 ? KEY_TYPE_ECC : KEY_TYPE_RSA; pp = p; nn = objlen; p += objlen; n -= objlen; /* Parse the commonObjectAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; /* Search the optional AuthId. We need to skip the optional Label (UTF8STRING) and the optional CommonObjectFlags (BITSTRING). */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (gpg_err_code (err) == GPG_ERR_EOF) goto no_authid; if (err) goto parse_error; if (tag == TAG_UTF8_STRING) { ppp += objlen; /* Skip the Label. */ nnn -= objlen; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (gpg_err_code (err) == GPG_ERR_EOF) goto no_authid; if (err) goto parse_error; } if (tag == TAG_BIT_STRING) { ppp += objlen; /* Skip the CommonObjectFlags. */ nnn -= objlen; where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL)) err = gpg_error (GPG_ERR_INV_OBJ); if (gpg_err_code (err) == GPG_ERR_EOF) goto no_authid; if (err) goto parse_error; } if (tag == TAG_OCTET_STRING && objlen) { /* AuthId ignored */ } no_authid: ; } /* Parse the commonKeyAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; /* Get the Id. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; objid = ppp; objidlen = objlen; ppp += objlen; nnn -= objlen; /* Get the KeyUsageFlags. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; err = parse_keyusage_flags (ppp, objlen, &usageflags); if (err) goto parse_error; ppp += objlen; nnn -= objlen; /* Find the keyReference */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto leave_cki; if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class == CLASS_UNIVERSAL && tag == TAG_BOOLEAN) { /* Skip the native element. */ ppp += objlen; nnn -= objlen; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto leave_cki; if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING) { /* Skip the accessFlags. */ ppp += objlen; nnn -= objlen; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (gpg_err_code (err) == GPG_ERR_EOF) goto leave_cki; if (!err && objlen > nnn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; } if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER) { /* Yep, this is the keyReference. Note: UL is currently not used. */ for (ul=0; objlen; objlen--) { ul <<= 8; ul |= (*ppp++) & 0xff; nnn--; } } leave_cki: ; } /* Skip subClassAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class == CLASS_CONTEXT && tag == 0) { pp += objlen; nn -= objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); } /* Parse the keyAttributes. */ if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* Check that the reference is a Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { errstr = "unsupported reference type"; goto parse_error; } pp += objlen; nn -= objlen; /* Parse the key size object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; keysize = 0; if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER && objlen == 2) { keysize = *pp++ << 8; keysize += *pp++; } /* Create a new PrKDF list item. */ prkdf = xtrycalloc (1, sizeof *prkdf); if (!prkdf) { err = gpg_error_from_syserror (); goto leave; } prkdf->keytype = keytype; prkdf->keysize = keysize; prkdf->objidlen = objidlen; prkdf->objid = xtrymalloc (objidlen); if (!prkdf->objid) { err = gpg_error_from_syserror (); xfree (prkdf); prkdf = NULL; goto leave; } memcpy (prkdf->objid, objid, objidlen); prkdf->usageflags = usageflags; prkdf->key_reference = fid & 0xFF; log_debug ("PrKDF %04hX: id=", fid); for (i=0; i < prkdf->objidlen; i++) log_printf ("%02X", prkdf->objid[i]); log_printf (" keyref=0x%02X", prkdf->key_reference); log_printf (" keysize=%zu", prkdf->keysize); log_printf (" usage="); s = ""; if (prkdf->usageflags.encrypt) { log_printf ("%sencrypt", s); s = ","; } if (prkdf->usageflags.decrypt) { log_printf ("%sdecrypt", s); s = ","; } if (prkdf->usageflags.sign) { log_printf ("%ssign", s); s = ","; } if (prkdf->usageflags.sign_recover) { log_printf ("%ssign_recover", s); s = ","; } if (prkdf->usageflags.wrap ) { log_printf ("%swrap", s); s = ","; } if (prkdf->usageflags.unwrap ) { log_printf ("%sunwrap", s); s = ","; } if (prkdf->usageflags.verify ) { log_printf ("%sverify", s); s = ","; } if (prkdf->usageflags.verify_recover) { log_printf ("%sverify_recover", s); s = ","; } if (prkdf->usageflags.derive ) { log_printf ("%sderive", s); s = ","; } if (prkdf->usageflags.non_repudiation) { log_printf ("%snon_repudiation", s); } log_printf ("\n"); xfree (buffer); buffer = NULL; buflen = 0; err = select_and_read_binary (app_get_slot (app), ((SC_HSM_EE_PREFIX << 8) | (fid & 0xFF)), "CertEF", &buffer, &buflen, 1); if (!err && buffer[0] == 0x30) { /* Create a matching CDF list item. */ cdf = xtrycalloc (1, sizeof *cdf); if (!cdf) { err = gpg_error_from_syserror (); goto leave; } cdf->objidlen = prkdf->objidlen; cdf->objid = xtrymalloc (cdf->objidlen); if (!cdf->objid) { err = gpg_error_from_syserror (); xfree (cdf); cdf = NULL; goto leave; } memcpy (cdf->objid, prkdf->objid, objidlen); cdf->fid = (SC_HSM_EE_PREFIX << 8) | (fid & 0xFF); log_debug ("CDF %04hX: id=", fid); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); log_printf (" fid=%04X\n", cdf->fid); } goto leave; /* Ready. */ parse_error: log_error ("error parsing PrKDF record (%d): %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); err = 0; leave: xfree (buffer); if (err) { if (prkdf) { if (prkdf->objid) xfree (prkdf->objid); xfree (prkdf); } if (cdf) { if (cdf->objid) xfree (cdf->objid); xfree (cdf); } } else { if (prkdf) prkdf->next = *prkdresult; *prkdresult = prkdf; if (cdf) { cdf->next = *cdresult; *cdresult = cdf; } } return err; } /* Read and parse the Certificate Description File identified by FID. On success a the CDF list gets stored at RESULT and the caller is then responsible of releasing the object. Example data: 0000 30 35 30 11 0C 0B 43 65 72 74 69 66 69 63 61 74 050...Certificat 0010 65 03 02 06 40 30 16 04 14 C2 01 7C 2F BA A4 4A e...@0.....|/..J 0020 4A BB B8 49 11 DB 4A CA AA 7E 6A 2D 1B A1 08 30 J..I..J..~j-...0 0030 06 30 04 04 02 CA 00 .0..... Decoded example: SEQUENCE SIZE( 53 ) SEQUENCE SIZE( 17 ) UTF8-STRING SIZE( 11 ) -- label 0000 43 65 72 74 69 66 69 63 61 74 65 Certificate BIT-STRING SIZE( 2 ) -- common object attributes 0000 06 40 SEQUENCE SIZE( 22 ) OCTET-STRING SIZE( 20 ) -- id 0000 C2 01 7C 2F BA A4 4A 4A BB B8 49 11 DB 4A CA AA 0010 7E 6A 2D 1B A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 8 ) SEQUENCE SIZE( 6 ) SEQUENCE SIZE( 4 ) OCTET-STRING SIZE( 2 ) -- path 0000 CA 00 .. */ static gpg_error_t read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result) { gpg_error_t err; unsigned char *buffer = NULL; size_t buflen; const unsigned char *p; size_t n, objlen, hdrlen; int class, tag, constructed, ndef; int i; const unsigned char *pp; size_t nn; int where; const char *errstr = NULL; cdf_object_t cdf = NULL; const unsigned char *objid; size_t objidlen; if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */ err = select_and_read_binary (app_get_slot (app), fid, "CDF", &buffer, &buflen, 255); if (err) return err; p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { log_error ("error parsing CDF record: %s\n", gpg_strerror (err)); goto leave; } pp = p; nn = objlen; p += objlen; n -= objlen; /* Skip the commonObjectAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; pp += objlen; nn -= objlen; /* Parse the commonCertificateAttributes. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; { const unsigned char *ppp = pp; size_t nnn = objlen; pp += objlen; nn -= objlen; /* Get the Id. */ where = __LINE__; err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nnn || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; objid = ppp; objidlen = objlen; } /* Parse the certAttribute. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; nn = objlen; /* Check that the reference is a Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { err = gpg_error (GPG_ERR_INV_OBJ); goto parse_error; } nn = objlen; /* Parse the Path object. */ where = __LINE__; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && objlen > nn) err = gpg_error (GPG_ERR_INV_OBJ); if (err) goto parse_error; /* Make sure that the next element is a non zero path and of even length (FID are two bytes each). */ if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING || (objlen & 1) ) { errstr = "invalid path reference"; goto parse_error; } /* Create a new CDF list item. */ cdf = xtrycalloc (1, sizeof *cdf); if (!cdf) { err = gpg_error_from_syserror (); goto leave; } cdf->objidlen = objidlen; cdf->objid = xtrymalloc (objidlen); if (!cdf->objid) { err = gpg_error_from_syserror (); xfree (cdf); cdf = NULL; goto leave; } memcpy (cdf->objid, objid, objidlen); cdf->fid = (SC_HSM_CA_PREFIX << 8) | (fid & 0xFF); log_debug ("CDF %04hX: id=", fid); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); goto leave; parse_error: log_error ("error parsing CDF record (%d): %s - skipped\n", where, errstr? errstr : gpg_strerror (err)); err = 0; leave: xfree (buffer); if (err) { if (cdf) { if (cdf->objid) xfree (cdf->objid); xfree (cdf); } } else { if (cdf) cdf->next = *result; *result = cdf; } return err; } /* Read the device certificate and extract the serial number. EF.C_DevAut (2F02) contains two CVCs, the first is the device certificate, the second is the issuer certificate. Example data: 0000 7F 21 81 E2 7F 4E 81 9B 5F 29 01 00 42 0B 55 54 .!...N.._)..B.UT 0010 43 43 30 32 30 30 30 30 32 7F 49 4F 06 0A 04 00 CC0200002.IO.... 0020 7F 00 07 02 02 02 02 03 86 41 04 6D FF D6 85 57 .........A.m...W 0030 40 FB 10 5D 94 71 8A 94 D2 5E 50 33 E7 1E C0 6C @..].q...^P3...l 0040 63 D5 C8 FC BA F3 02 1D 70 23 F6 47 E8 35 48 EF c.......p#.G.5H. 0050 B5 94 72 3C 6F BE C0 EB 9A C7 FB 06 59 26 CF 65 ..r...<. 0150 6B AC 06 EA 5F 20 0B 55 54 43 43 30 32 30 30 30 k..._ .UTCC02000 0160 30 32 7F 4C 10 06 0B 2B 06 01 04 01 81 C3 1F 03 02.L...+........ 0170 01 01 53 01 80 5F 25 06 01 03 00 03 02 08 5F 24 ..S.._%......._$ 0180 06 02 01 00 03 02 07 5F 37 40 93 C1 42 8B B3 8E ......._7@..B... 0190 42 61 6F 2C 19 E6 98 41 BD AA 60 BD E0 DD 4E F0 Bao,...A..`...N. 01A0 15 D5 4F 71 B7 BB C3 3A F2 AD 27 5E DD EE 6D 12 ..Oq...:..'^..m. 01B0 76 E6 2B A0 4C 01 CA C1 26 0C 45 6D C6 CB EC 92 v.+.L...&.Em.... 01C0 BF 38 18 AD 8F B2 29 40 A9 51 .8....)@.Q The certificate format is defined in BSI TR-03110: 7F21 [ APPLICATION 33 ] IMPLICIT SEQUENCE SIZE( 226 ) 7F4E [ APPLICATION 78 ] IMPLICIT SEQUENCE SIZE( 155 ) 5F29 [ APPLICATION 41 ] SIZE( 1 ) -- profile id 0000 00 42 [ APPLICATION 2 ] SIZE( 11 ) -- CAR 0000 55 54 43 43 30 32 30 30 30 30 32 UTCC0200002 7F49 [ APPLICATION 73 ] IMPLICIT SEQUENCE SIZE( 79 ) -- public key OBJECT IDENTIFIER = { id-TA-ECDSA-SHA-256 } 86 [ CONTEXT 6 ] SIZE( 65 ) 0000 04 6D FF D6 85 57 40 FB 10 5D 94 71 8A 94 D2 5E 0010 50 33 E7 1E C0 6C 63 D5 C8 FC BA F3 02 1D 70 23 0020 F6 47 E8 35 48 EF B5 94 72 3C 6F BE C0 EB 9A C7 0030 FB 06 59 26 CF 65 EF A1 72 E0 98 F3 F0 44 1B B7 0040 71 5F20 [ APPLICATION 32 ] SIZE( 16 ) -- CHR 0000 55 54 43 43 30 32 30 30 30 31 33 30 30 30 30 30 UTCC020001300000 7F4C [ APPLICATION 76 ] IMPLICIT SEQUENCE SIZE( 16 ) -- CHAT OBJECT IDENTIFIER = { 1 3 6 1 4 1 24991 3 1 1 } 53 [ APPLICATION 19 ] SIZE( 1 ) 0000 00 5F25 [ APPLICATION 37 ] SIZE( 6 ) -- Valid from 0000 01 04 00 07 01 01 5F24 [ APPLICATION 36 ] SIZE( 6 ) -- Valid to 0000 02 01 00 03 02 07 5F37 [ APPLICATION 55 ] SIZE( 64 ) -- Signature 0000 7F 73 04 3B 06 63 79 41 BE 1A 9F FC F6 77 67 2B 0010 8A 41 D1 11 F6 9B 54 44 AD 19 FB B8 0C C6 2F 34 0020 71 8E 4F F6 92 59 34 61 D9 4F 4A 86 36 A8 D8 9A 0030 C6 3C 17 7E 71 CE A8 26 D0 C5 25 61 78 9D 01 F8 The serial number is contained in tag 5F20, while the last 5 digits are truncated. */ static gpg_error_t read_serialno(app_t app) { gpg_error_t err; unsigned char *buffer = NULL; size_t buflen; const unsigned char *p,*chr; size_t n, objlen, hdrlen, chrlen; int class, tag, constructed, ndef; err = select_and_read_binary (app_get_slot (app), 0x2F02, "EF.C_DevAut", &buffer, &buflen, 512); if (err) return err; p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != 0x21)) err = gpg_error (GPG_ERR_INV_OBJ); if (err) { log_error ("error parsing C_DevAut: %s\n", gpg_strerror (err)); goto leave; } chr = find_tlv (p, objlen, 0x5F20, &chrlen); if (!chr || chrlen <= 5) { err = gpg_error (GPG_ERR_INV_OBJ); log_error ("CHR not found in CVC\n"); goto leave; } chrlen -= 5; app->card->serialno = xtrymalloc (chrlen); if (!app->card->serialno) { err = gpg_error_from_syserror (); goto leave; } app->card->serialnolen = chrlen; memcpy (app->card->serialno, chr, chrlen); leave: xfree (buffer); return err; } /* Get all the basic information from the SmartCard-HSM, check the structure and initialize our local context. This is used once at application initialization. */ static gpg_error_t read_meta (app_t app) { gpg_error_t err; unsigned char *eflist = NULL; size_t eflistlen = 0; int i; err = read_serialno(app); if (err) return err; err = list_ef (app_get_slot (app), &eflist, &eflistlen); if (err) return err; for (i = 0; i < eflistlen; i += 2) { switch(eflist[i]) { case SC_HSM_KEY_PREFIX: if (eflist[i + 1] == 0) /* No key with ID=0 */ break; err = read_ef_prkd (app, ((SC_HSM_PRKD_PREFIX << 8) | eflist[i + 1]), &app->app_local->private_key_info, &app->app_local->certificate_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; if (err) return err; break; case SC_HSM_CD_PREFIX: err = read_ef_cd (app, ((eflist[i] << 8) | eflist[i + 1]), &app->app_local->trusted_certificate_info); if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = 0; if (err) return err; break; } } xfree (eflist); return err; } /* Helper to do_learn_status: Send information about all certificates listed in CERTINFO back. Use CERTTYPE as type of the certificate. */ static gpg_error_t send_certinfo (ctrl_t ctrl, const char *certtype, cdf_object_t certinfo) { for (; certinfo; certinfo = certinfo->next) { char *buf, *p; buf = xtrymalloc (4 + certinfo->objidlen*2 + 1); if (!buf) return gpg_error_from_syserror (); p = stpcpy (buf, "HSM."); bin2hex (certinfo->objid, certinfo->objidlen, p); send_status_info (ctrl, "CERTINFO", certtype, strlen (certtype), buf, strlen (buf), NULL, (size_t)0); xfree (buf); } return 0; } /* Get the keygrip of the private key object PRKDF. On success the keygrip gets returned in the caller provided 41 byte buffer R_GRIPSTR. */ static gpg_error_t keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr) { gpg_error_t err; cdf_object_t cdf; unsigned char *der; size_t derlen; ksba_cert_t cert; /* Look for a matching certificate. A certificate matches if the Id matches the one of the private key info. */ for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next) if (cdf->objidlen == prkdf->objidlen && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen)) break; if (!cdf) return gpg_error (GPG_ERR_NOT_FOUND); err = readcert_by_cdf (app, cdf, &der, &derlen); if (err) return err; err = ksba_cert_new (&cert); if (!err) err = ksba_cert_init_from_mem (cert, der, derlen); xfree (der); if (!err) err = app_help_get_keygrip_string (cert, r_gripstr, NULL, NULL); ksba_cert_release (cert); return err; } /* Helper to do_learn_status: Send information about all known keypairs back. */ static gpg_error_t send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo) { gpg_error_t err; for (; keyinfo; keyinfo = keyinfo->next) { char gripstr[40+1]; char *buf, *p; buf = xtrymalloc (4 + keyinfo->objidlen*2 + 1); if (!buf) return gpg_error_from_syserror (); p = stpcpy (buf, "HSM."); bin2hex (keyinfo->objid, keyinfo->objidlen, p); err = keygripstr_from_prkdf (app, keyinfo, gripstr); if (err) { log_error ("can't get keygrip from %04X\n", keyinfo->key_reference); } else { - assert (strlen (gripstr) == 40); + log_assert (strlen (gripstr) == 40); send_status_info (ctrl, "KEYPAIRINFO", gripstr, 40, buf, strlen (buf), NULL, (size_t)0); } xfree (buf); } return 0; } /* This is the handler for the LEARN command. */ static gpg_error_t do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) { gpg_error_t err; if ((flags & APP_LEARN_FLAG_KEYPAIRINFO)) err = 0; else { err = send_certinfo (ctrl, "100", app->app_local->certificate_info); if (!err) err = send_certinfo (ctrl, "101", app->app_local->trusted_certificate_info); } if (!err) err = send_keypairinfo (app, ctrl, app->app_local->private_key_info); return err; } /* Read a certificate using the information in CDF and return the certificate in a newly allocated buffer R_CERT and its length R_CERTLEN. */ static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf, unsigned char **r_cert, size_t *r_certlen) { gpg_error_t err; unsigned char *buffer = NULL; const unsigned char *p, *save_p; size_t buflen, n; int class, tag, constructed, ndef; size_t totobjlen, objlen, hdrlen; int rootca; int i; *r_cert = NULL; *r_certlen = 0; /* First check whether it has been cached. */ if (cdf->image) { *r_cert = xtrymalloc (cdf->imagelen); if (!*r_cert) return gpg_error_from_syserror (); memcpy (*r_cert, cdf->image, cdf->imagelen); *r_certlen = cdf->imagelen; return 0; } err = select_and_read_binary (app_get_slot (app), cdf->fid, "CD", &buffer, &buflen, 4096); if (err) { log_error ("error reading certificate with Id "); for (i=0; i < cdf->objidlen; i++) log_printf ("%02X", cdf->objid[i]); log_printf (": %s\n", gpg_strerror (err)); goto leave; } /* Check whether this is really a certificate. */ p = buffer; n = buflen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) rootca = 0; else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed ) rootca = 1; else { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } totobjlen = objlen + hdrlen; - assert (totobjlen <= buflen); + log_assert (totobjlen <= buflen); err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if (!rootca && class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed) { /* The certificate seems to be contained in a userCertificate container. Skip this and assume the following sequence is the certificate. */ if (n < objlen) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } p += objlen; n -= objlen; save_p = p; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (err) goto leave; if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) ) { err = gpg_error (GPG_ERR_INV_OBJ); goto leave; } totobjlen = objlen + hdrlen; - assert (save_p + totobjlen <= buffer + buflen); + log_assert (save_p + totobjlen <= buffer + buflen); memmove (buffer, save_p, totobjlen); } *r_cert = buffer; buffer = NULL; *r_certlen = totobjlen; /* Try to cache it. */ if (!cdf->image && (cdf->image = xtrymalloc (*r_certlen))) { memcpy (cdf->image, *r_cert, *r_certlen); cdf->imagelen = *r_certlen; } leave: xfree (buffer); return err; } /* Handler for the READCERT command. Read the certificate with id CERTID (as returned by learn_status in the CERTINFO status lines) and return it in the freshly allocated buffer to be stored at R_CERT and its length at R_CERTLEN. A error code will be returned on failure and R_CERT and R_CERTLEN will be set to (NULL,0). */ static gpg_error_t do_readcert (app_t app, const char *certid, unsigned char **r_cert, size_t *r_certlen) { gpg_error_t err; cdf_object_t cdf; *r_cert = NULL; *r_certlen = 0; err = cdf_object_from_certid (app, certid, &cdf); if (!err) err = readcert_by_cdf (app, cdf, r_cert, r_certlen); return err; } /* Implement the GETATTR command. This is similar to the LEARN command but returns just one value via the status interface. */ static gpg_error_t do_getattr (app_t app, ctrl_t ctrl, const char *name) { if (!strcmp (name, "$AUTHKEYID")) { char *buf, *p; prkdf_object_t prkdf; /* We return the ID of the first private key capable of signing. */ for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next) if (prkdf->usageflags.sign) break; if (prkdf) { buf = xtrymalloc (4 + prkdf->objidlen*2 + 1); if (!buf) return gpg_error_from_syserror (); p = stpcpy (buf, "HSM."); bin2hex (prkdf->objid, prkdf->objidlen, p); send_status_info (ctrl, name, buf, strlen (buf), NULL, 0); xfree (buf); return 0; } } else if (!strcmp (name, "$DISPSERIALNO")) { send_status_info (ctrl, name, app->card->serialno, app->card->serialnolen, NULL, 0); return 0; } return gpg_error (GPG_ERR_INV_NAME); } /* Apply PKCS#1 V1.5 padding for signature operation. The function * combines padding, digest info and the hash value. The buffer must * be allocated by the caller matching the key size. */ static void apply_PKCS_padding(const unsigned char *dig, int diglen, const unsigned char *prefix, int prefixlen, unsigned char *buff, int bufflen) { int i, n_ff; /* Caller must ensure a sufficient buffer. */ if (diglen + prefixlen + 4 > bufflen) return; n_ff = bufflen - diglen - prefixlen - 3; *buff++ = 0x00; *buff++ = 0x01; for (i=0; i < n_ff; i++) *buff++ = 0xFF; *buff++ = 0x00; if (prefix) memcpy (buff, prefix, prefixlen); buff += prefixlen; memcpy (buff, dig, diglen); } /* Decode a digest info structure (DI,DILEN) to extract the hash * value. The buffer HASH to receive the digest must be provided by * the caller with HASHLEN pointing to the inbound length. HASHLEN is * updated to the outbound length. */ static int hash_from_digestinfo (const unsigned char *di, size_t dilen, unsigned char *hash, size_t *hashlen) { const unsigned char *p,*pp; size_t n, nn, objlen, hdrlen; int class, tag, constructed, ndef; gpg_error_t err; p = di; n = dilen; err = parse_ber_header (&p, &n, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > n || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if ( err ) return err; pp = p; nn = objlen; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_SEQUENCE)) err = gpg_error (GPG_ERR_INV_OBJ); if ( err ) return err; pp += objlen; nn -= objlen; err = parse_ber_header (&pp, &nn, &class, &tag, &constructed, &ndef, &objlen, &hdrlen); if (!err && (objlen > nn || tag != TAG_OCTET_STRING)) err = gpg_error (GPG_ERR_INV_OBJ); if ( err ) return err; if (*hashlen < objlen) return gpg_error (GPG_ERR_TOO_SHORT); memcpy (hash, pp, objlen); *hashlen = objlen; return 0; } /* Perform PIN verification */ static gpg_error_t verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; pininfo_t pininfo; char *pinvalue; char *prompt; int sw; sw = apdu_send_simple (app_get_slot (app), 0, 0x00, ISO7816_VERIFY, 0x00, 0x81, -1, NULL); if (sw == SW_SUCCESS) return 0; /* PIN already verified */ if (sw == SW_REF_DATA_INV) { log_error ("SmartCard-HSM not initialized. Run sc-hsm-tool first\n"); return gpg_error (GPG_ERR_NO_PIN); } if (sw == SW_CHV_BLOCKED) { log_error ("PIN Blocked\n"); return gpg_error (GPG_ERR_PIN_BLOCKED); } memset (&pininfo, 0, sizeof pininfo); pininfo.fixedlen = 0; pininfo.minlen = 6; pininfo.maxlen = 15; prompt = "||Please enter the PIN"; if (!opt.disable_pinpad && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) ) { err = pincb (pincb_arg, prompt, NULL); if (err) { log_info ("PIN callback returned error: %s\n", gpg_strerror (err)); return err; } err = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else { err = pincb (pincb_arg, prompt, &pinvalue); if (err) { log_info ("PIN callback returned error: %s\n", gpg_strerror (err)); return err; } err = iso7816_verify (app_get_slot (app), 0x81, pinvalue, strlen(pinvalue)); xfree (pinvalue); } if (err) { log_error ("PIN verification failed: %s\n", gpg_strerror (err)); return err; } log_debug ("PIN verification succeeded\n"); return err; } /* Handler for the PKSIGN command. Create the signature and return the allocated result in OUTDATA. If a PIN is required, the PINCB will be used to ask for the PIN; that callback should return the PIN in an allocated buffer and store that as the 3rd argument. The API is somewhat inconsistent: The caller can either supply a plain hash and the algorithm in hashalgo or a complete DigestInfo structure. The former is detect by characteristic length of the provided data (20,28,32,48 or 64 byte). The function returns the RSA block in the size of the modulus or the ECDSA signature in X9.62 format (SEQ/INT(r)/INT(s)) */ static gpg_error_t do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */ { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */ { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; gpg_error_t err; unsigned char cdsblk[256]; /* Raw PKCS#1 V1.5 block with padding (RSA) or hash. */ prkdf_object_t prkdf; /* The private key object. */ size_t cdsblklen; unsigned char algoid; int sw; (void)ctrl; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); if (indatalen > 124) /* Limit for 1024 bit key */ return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover ||prkdf->usageflags.non_repudiation)) { log_error ("key %s may not be used for signing\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } if (prkdf->keytype == KEY_TYPE_RSA) { algoid = 0x20; cdsblklen = prkdf->keysize >> 3; if (!cdsblklen) cdsblklen = 256; if (hashalgo == GCRY_MD_SHA1 && indatalen == 20) apply_PKCS_padding (indata, indatalen, sha1_prefix, sizeof(sha1_prefix), cdsblk, cdsblklen); else if (hashalgo == GCRY_MD_MD5 && indatalen == 20) apply_PKCS_padding (indata, indatalen, rmd160_prefix, sizeof(rmd160_prefix), cdsblk, cdsblklen); else if (hashalgo == GCRY_MD_SHA224 && indatalen == 28) apply_PKCS_padding (indata, indatalen, sha224_prefix, sizeof(sha224_prefix), cdsblk, cdsblklen); else if (hashalgo == GCRY_MD_SHA256 && indatalen == 32) apply_PKCS_padding (indata, indatalen, sha256_prefix, sizeof(sha256_prefix), cdsblk, cdsblklen); else if (hashalgo == GCRY_MD_SHA384 && indatalen == 48) apply_PKCS_padding (indata, indatalen, sha384_prefix, sizeof(sha384_prefix), cdsblk, cdsblklen); else if (hashalgo == GCRY_MD_SHA512 && indatalen == 64) apply_PKCS_padding (indata, indatalen, sha512_prefix, sizeof(sha512_prefix), cdsblk, cdsblklen); else /* Assume it's already a digest info or TLS_MD5SHA1 */ apply_PKCS_padding (indata, indatalen, NULL, 0, cdsblk, cdsblklen); } else { algoid = 0x70; if (indatalen != 20 && indatalen != 28 && indatalen != 32 && indatalen != 48 && indatalen != 64) { cdsblklen = sizeof(cdsblk); err = hash_from_digestinfo (indata, indatalen, cdsblk, &cdsblklen); if (err) { log_error ("DigestInfo invalid: %s\n", gpg_strerror (err)); return err; } } else { memcpy (cdsblk, indata, indatalen); cdsblklen = indatalen; } } err = verify_pin (app, pincb, pincb_arg); if (err) return err; sw = apdu_send_le (app_get_slot (app), 1, 0x80, 0x68, prkdf->key_reference, algoid, cdsblklen, cdsblk, 0, outdata, outdatalen); return iso7816_map_sw (sw); } /* Handler for the PKAUTH command. This is basically the same as the PKSIGN command but we first check that the requested key is suitable for authentication; that is, it must match the criteria used for the attribute $AUTHKEYID. See do_sign for calling conventions; there is no HASHALGO, though. */ static gpg_error_t do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; prkdf_object_t prkdf; int algo; if (!keyidstr || !*keyidstr) return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!prkdf->usageflags.sign) { log_error ("key %s may not be used for authentication\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1; return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); } /* Check PKCS#1 V1.5 padding and extract plain text. The function * allocates a buffer for the plain text. The caller must release the * buffer. */ static gpg_error_t strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst, size_t *dstlen) { unsigned char *p; if (srclen < 2) return gpg_error (GPG_ERR_DECRYPT_FAILED); if (*src++ != 0x00) return gpg_error (GPG_ERR_DECRYPT_FAILED); if (*src++ != 0x02) return gpg_error (GPG_ERR_DECRYPT_FAILED); srclen -= 2; while ((srclen > 0) && *src) { src++; srclen--; } if (srclen < 2) return gpg_error (GPG_ERR_DECRYPT_FAILED); src++; srclen--; p = xtrymalloc (srclen); if (!p) return gpg_error_from_syserror (); memcpy (p, src, srclen); *dst = p; *dstlen = srclen; return 0; } /* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced key. */ static gpg_error_t do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen, unsigned int *r_info) { gpg_error_t err; unsigned char p1blk[256]; /* Enciphered P1 block */ prkdf_object_t prkdf; /* The private key object. */ unsigned char *rspdata; size_t rspdatalen; size_t p1blklen; int sw; (void)ctrl; if (!keyidstr || !*keyidstr || !indatalen) return gpg_error (GPG_ERR_INV_VALUE); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); if (err) return err; if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap)) { log_error ("key %s may not be used for deciphering\n", keyidstr); return gpg_error (GPG_ERR_WRONG_KEY_USAGE); } if (prkdf->keytype != KEY_TYPE_RSA) return gpg_error (GPG_ERR_NOT_SUPPORTED); p1blklen = prkdf->keysize >> 3; if (!p1blklen) p1blklen = 256; /* The input may be shorter (due to MPIs not storing leading zeroes) or longer than the block size. We put INDATA right aligned into the buffer. If INDATA is longer than the block size we truncate it on the left. */ memset (p1blk, 0, sizeof(p1blk)); if (indatalen > p1blklen) memcpy (p1blk, (unsigned char *)indata + (indatalen - p1blklen), p1blklen); else memcpy (p1blk + (p1blklen - indatalen), indata, indatalen); err = verify_pin(app, pincb, pincb_arg); if (err) return err; sw = apdu_send_le (app_get_slot (app), 1, 0x80, 0x62, prkdf->key_reference, 0x21, p1blklen, p1blk, 0, &rspdata, &rspdatalen); err = iso7816_map_sw (sw); if (err) { log_error ("Decrypt failed: %s\n", gpg_strerror (err)); return err; } err = strip_PKCS15_padding (rspdata, rspdatalen, outdata, outdatalen); xfree (rspdata); if (!err) *r_info |= APP_DECIPHER_INFO_NOPAD; return err; } /* * Select the SmartCard-HSM application on the card in SLOT. */ gpg_error_t app_select_sc_hsm (app_t app) { int slot = app_get_slot (app); int rc; rc = iso7816_select_application (slot, sc_hsm_aid, sizeof sc_hsm_aid, 0); if (!rc) { app->apptype = APPTYPE_SC_HSM; app->app_local = xtrycalloc (1, sizeof *app->app_local); if (!app->app_local) { rc = gpg_error_from_syserror (); goto leave; } rc = read_meta (app); if (rc) goto leave; app->fnc.deinit = do_deinit; app->fnc.prep_reselect = NULL; app->fnc.reselect = NULL; app->fnc.learn_status = do_learn_status; app->fnc.readcert = do_readcert; app->fnc.getattr = do_getattr; app->fnc.setattr = NULL; app->fnc.genkey = NULL; app->fnc.sign = do_sign; app->fnc.auth = do_auth; app->fnc.decipher = do_decipher; app->fnc.change_pin = NULL; app->fnc.check_pin = NULL; leave: if (rc) do_deinit (app); } return rc; } diff --git a/scd/atr.c b/scd/atr.c index 4f5a3b82c..4cdc7c448 100644 --- a/scd/atr.c +++ b/scd/atr.c @@ -1,290 +1,289 @@ /* atr.c - ISO 7816 ATR functions * Copyright (C) 2003, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ #include #include #include #include #include -#include #include #include "../common/logging.h" #include "atr.h" static int const fi_table[16] = { 0, 372, 558, 744, 1116,1488, 1860, -1, -1, 512, 768, 1024, 1536, 2048, -1, -1 }; static int const di_table[16] = { -1, 1, 2, 4, 8, 16, -1, -1, 0, -1, -2, -4, -8, -16, -32, -64}; /* Dump the ATR in (BUFFER,BUFLEN) to a human readable format and return that as a malloced buffer. The caller must release this buffer using es_free! On error this function returns NULL and sets ERRNO. */ char * atr_dump (const void *buffer, size_t buflen) { const unsigned char *atr = buffer; size_t atrlen = buflen; estream_t fp; int have_ta, have_tb, have_tc, have_td; int n_historical; int idx, val; unsigned char chksum; char *result; fp = es_fopenmem (0, "rwb,samethread"); if (!fp) return NULL; if (!atrlen) { es_fprintf (fp, "error: empty ATR\n"); goto bailout; } for (idx=0; idx < atrlen ; idx++) es_fprintf (fp, "%s%02X", idx?" ":"", atr[idx]); es_putc ('\n', fp); if (*atr == 0x3b) es_fputs ("Direct convention\n", fp); else if (*atr == 0x3f) es_fputs ("Inverse convention\n", fp); else es_fprintf (fp,"error: invalid TS character 0x%02x\n", *atr); if (!--atrlen) goto bailout; atr++; chksum = *atr; for (idx=1; idx < atrlen-1; idx++) chksum ^= atr[idx]; have_ta = !!(*atr & 0x10); have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); n_historical = (*atr & 0x0f); es_fprintf (fp, "%d historical characters indicated\n", n_historical); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) es_fputs ("error: ATR shorter than indicated by format character\n", fp); if (!--atrlen) goto bailout; atr++; if (have_ta) { es_fputs ("TA1: F=", fp); val = fi_table[(*atr >> 4) & 0x0f]; if (!val) es_fputs ("internal clock", fp); else if (val == -1) es_fputs ("RFU", fp); else es_fprintf (fp, "%d", val); es_fputs (" D=", fp); val = di_table[*atr & 0x0f]; if (!val) es_fputs ("[impossible value]\n", fp); else if (val == -1) es_fputs ("RFU\n", fp); else if (val < 0 ) es_fprintf (fp, "1/%d\n", val); else es_fprintf (fp, "%d\n", val); if (!--atrlen) goto bailout; atr++; } if (have_tb) { es_fprintf (fp, "TB1: II=%d PI1=%d%s\n", ((*atr >> 5) & 3), (*atr & 0x1f), (*atr & 0x80)? " [high bit not cleared]":""); if (!--atrlen) goto bailout; atr++; } if (have_tc) { if (*atr == 255) es_fputs ("TC1: guard time shortened to 1 etu\n", fp); else es_fprintf (fp, "TC1: (extra guard time) N=%d\n", *atr); if (!--atrlen) goto bailout; atr++; } if (have_td) { have_ta = !!(*atr & 0x10); have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); es_fprintf (fp, "TD1: protocol T%d supported\n", (*atr & 0x0f)); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) es_fputs ("error: ATR shorter than indicated by format character\n", fp); if (!--atrlen) goto bailout; atr++; } else have_ta = have_tb = have_tc = have_td = 0; if (have_ta) { es_fprintf (fp, "TA2: (PTS) %stoggle, %splicit, T=%02X\n", (*atr & 0x80)? "no-":"", (*atr & 0x10)? "im": "ex", (*atr & 0x0f)); if ((*atr & 0x60)) es_fprintf (fp, "note: reserved bits are set (TA2=0x%02X)\n", *atr); if (!--atrlen) goto bailout; atr++; } if (have_tb) { es_fprintf (fp, "TB2: PI2=%d\n", *atr); if (!--atrlen) goto bailout; atr++; } if (have_tc) { es_fprintf (fp, "TC2: PWI=%d\n", *atr); if (!--atrlen) goto bailout; atr++; } if (have_td) { have_ta = !!(*atr & 0x10); have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); es_fprintf (fp, "TD2: protocol T%d supported\n", *atr & 0x0f); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) es_fputs ("error: ATR shorter than indicated by format character\n", fp); if (!--atrlen) goto bailout; atr++; } else have_ta = have_tb = have_tc = have_td = 0; for (idx = 3; have_ta || have_tb || have_tc || have_td; idx++) { if (have_ta) { es_fprintf (fp, "TA%d: IFSC=%d\n", idx, *atr); if (!--atrlen) goto bailout; atr++; } if (have_tb) { es_fprintf (fp, "TB%d: BWI=%d CWI=%d\n", idx, (*atr >> 4) & 0x0f, *atr & 0x0f); if (!--atrlen) goto bailout; atr++; } if (have_tc) { es_fprintf (fp, "TC%d: 0x%02X\n", idx, *atr); if (!--atrlen) goto bailout; atr++; } if (have_td) { have_ta = !!(*atr & 0x10); have_tb = !!(*atr & 0x20); have_tc = !!(*atr & 0x40); have_td = !!(*atr & 0x80); es_fprintf (fp, "TD%d: protocol T%d supported\n", idx, *atr & 0x0f); if (have_ta + have_tb + have_tc + have_td + n_historical > atrlen) es_fputs ("error: " "ATR shorter than indicated by format character\n", fp); if (!--atrlen) goto bailout; atr++; } else have_ta = have_tb = have_tc = have_td = 0; } if (n_historical + 1 > atrlen) es_fputs ("error: ATR shorter than required for historical bytes " "and checksum\n", fp); if (n_historical) { es_fputs ("HCH:", fp); for (; n_historical && atrlen ; n_historical--, atrlen--, atr++) es_fprintf (fp, " %02X", *atr); es_putc ('\n', fp); } if (!atrlen) es_fputs ("error: checksum missing\n", fp); else if (*atr == chksum) es_fprintf (fp, "TCK: %02X (good)\n", *atr); else es_fprintf (fp, "TCK: %02X (bad; computed %02X)\n", *atr, chksum); atrlen--; if (atrlen) es_fprintf (fp, "error: %u bytes garbage at end of ATR\n", (unsigned int)atrlen ); bailout: es_putc ('\0', fp); /* We want a string. */ if (es_fclose_snatch (fp, (void**)&result, NULL)) { log_error ("oops: es_fclose_snatch failed: %s\n", strerror (errno)); return NULL; } return result; } diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 6e4d10b2b..603c0cdbc 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1,4036 +1,4035 @@ /* ccid-driver.c - USB ChipCardInterfaceDevices driver * Copyright (C) 2003, 2004, 2005, 2006, 2007 * 2008, 2009, 2013 Free Software Foundation, Inc. * Written by Werner Koch. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * * ALTERNATIVELY, this file may be distributed under the terms of the * following license, in which case the provisions of this license are * required INSTEAD OF the GNU General Public License. If you wish to * allow use of your version of this file only under the terms of the * GNU General Public License, and not to allow others to use your * version of this file under the terms of the following license, * indicate your decision by deleting this paragraph and the license * below. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ /* CCID (ChipCardInterfaceDevices) is a specification for accessing smartcard via a reader connected to the USB. This is a limited driver allowing to use some CCID drivers directly without any other specila drivers. This is a fallback driver to be used when nothing else works or the system should be kept minimal for security reasons. It makes use of the libusb library to gain portable access to USB. This driver has been tested with the SCM SCR335 and SPR532 smartcard readers and requires that a reader implements APDU or TPDU level exchange and does fully automatic initialization. */ #ifdef HAVE_CONFIG_H # include #endif #if defined(HAVE_LIBUSB) || defined(TEST) #include #include #include #include -#include #include #include #include #include #include #ifdef HAVE_NPTH # include #endif /*HAVE_NPTH*/ #include #include "scdaemon.h" #include "iso7816.h" #define CCID_DRIVER_INCLUDE_USB_IDS 1 #include "ccid-driver.h" #define DRVNAME "ccid-driver: " /* Max length of buffer with out CCID message header of 10-byte Sending: 547 for RSA-4096 key import APDU size = 540 (24+4+256+256) command + lc + le = 4 + 3 + 0 Sending: write data object of cardholder certificate APDU size = 2048 command + lc + le = 4 + 3 + 0 Receiving: 2048 for cardholder certificate */ #define CCID_MAX_BUF (2048+7+10) /* CCID command timeout. */ #define CCID_CMD_TIMEOUT (5*1000) /* Depending on how this source is used we either define our error * output to go to stderr or to the GnuPG based logging functions. We * use the latter when GNUPG_MAJOR_VERSION is defined. */ #if defined(GNUPG_MAJOR_VERSION) # include "scdaemon.h" # define DEBUGOUT(t) do { if (debug_level) \ log_debug (DRVNAME t); } while (0) # define DEBUGOUT_1(t,a) do { if (debug_level) \ log_debug (DRVNAME t,(a)); } while (0) # define DEBUGOUT_2(t,a,b) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b)); } while (0) # define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b),(c));} while (0) # define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b),(c),(d));} while (0) # define DEBUGOUT_CONT(t) do { if (debug_level) \ log_printf (t); } while (0) # define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \ log_printf (t,(a)); } while (0) # define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \ log_printf (t,(a),(b)); } while (0) # define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \ log_printf (t,(a),(b),(c)); } while (0) # define DEBUGOUT_LF() do { if (debug_level) \ log_printf ("\n"); } while (0) #else /* Other usage of this source - don't use gnupg specifics. */ # define DEBUGOUT(t) do { if (debug_level) \ fprintf (stderr, DRVNAME t); } while (0) # define DEBUGOUT_1(t,a) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a)); } while (0) # define DEBUGOUT_2(t,a,b) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b)); } while (0) # define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b), (c)); } while (0) # define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b), (c), (d));} while(0) # define DEBUGOUT_CONT(t) do { if (debug_level) \ fprintf (stderr, t); } while (0) # define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \ fprintf (stderr, t, (a)); } while (0) # define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \ fprintf (stderr, t, (a), (b)); } while (0) # define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \ fprintf (stderr, t, (a), (b), (c)); } while (0) # define DEBUGOUT_LF() do { if (debug_level) \ putc ('\n', stderr); } while (0) #endif /* This source is not used by scdaemon. */ #ifndef EAGAIN #define EAGAIN EWOULDBLOCK #endif enum { RDR_to_PC_NotifySlotChange= 0x50, RDR_to_PC_HardwareError = 0x51, PC_to_RDR_SetParameters = 0x61, PC_to_RDR_IccPowerOn = 0x62, PC_to_RDR_IccPowerOff = 0x63, PC_to_RDR_GetSlotStatus = 0x65, PC_to_RDR_Secure = 0x69, PC_to_RDR_T0APDU = 0x6a, PC_to_RDR_Escape = 0x6b, PC_to_RDR_GetParameters = 0x6c, PC_to_RDR_ResetParameters = 0x6d, PC_to_RDR_IccClock = 0x6e, PC_to_RDR_XfrBlock = 0x6f, PC_to_RDR_Mechanical = 0x71, PC_to_RDR_Abort = 0x72, PC_to_RDR_SetDataRate = 0x73, RDR_to_PC_DataBlock = 0x80, RDR_to_PC_SlotStatus = 0x81, RDR_to_PC_Parameters = 0x82, RDR_to_PC_Escape = 0x83, RDR_to_PC_DataRate = 0x84 }; /* Two macro to detect whether a CCID command has failed and to get the error code. These macros assume that we can access the mandatory first 10 bytes of a CCID message in BUF. */ #define CCID_COMMAND_FAILED(buf) ((buf)[7] & 0x40) #define CCID_ERROR_CODE(buf) (((unsigned char *)(buf))[8]) /* Store information on the driver's state. A pointer to such a structure is used as handle for most functions. */ struct ccid_driver_s { libusb_device_handle *idev; unsigned int bai; unsigned short id_vendor; unsigned short id_product; int ifc_no; int ep_bulk_out; int ep_bulk_in; int ep_intr; int seqno; unsigned char t1_ns; unsigned char t1_nr; unsigned char nonnull_nad; int max_ifsd; int max_ccid_msglen; int ifsc; unsigned char apdu_level:2; /* Reader supports short APDU level exchange. With a value of 2 short and extended level is supported.*/ unsigned int auto_voltage:1; unsigned int auto_param:1; unsigned int auto_pps:1; unsigned int auto_ifsd:1; unsigned int has_pinpad:2; unsigned int enodev_seen:1; int powered_off; time_t last_progress; /* Last time we sent progress line. */ /* The progress callback and its first arg as supplied to ccid_set_progress_cb. */ void (*progress_cb)(void *, const char *, int, int, int); void *progress_cb_arg; void (*prompt_cb)(void *, int); void *prompt_cb_arg; unsigned char intr_buf[64]; struct libusb_transfer *transfer; }; static int initialized_usb; /* Tracks whether USB has been initialized. */ static int debug_level; /* Flag to control the debug output. 0 = No debugging 1 = USB I/O info 2 = Level 1 + T=1 protocol tracing 3 = Level 2 + USB/I/O tracing of SlotStatus. */ static int ccid_usb_thread_is_alive; static unsigned int compute_edc (const unsigned char *data, size_t datalen, int use_crc); static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen, int no_debug); static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug); static int abort_cmd (ccid_driver_t handle, int seqno, int init); static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, size_t datalen, unsigned char *result, size_t resultmax, size_t *resultlen); static int map_libusb_error (int usberr) { switch (usberr) { case 0: return 0; case LIBUSB_ERROR_IO: return CCID_DRIVER_ERR_USB_IO; case LIBUSB_ERROR_ACCESS: return CCID_DRIVER_ERR_USB_ACCESS; case LIBUSB_ERROR_NO_DEVICE:return CCID_DRIVER_ERR_USB_NO_DEVICE; case LIBUSB_ERROR_BUSY: return CCID_DRIVER_ERR_USB_BUSY; case LIBUSB_ERROR_TIMEOUT: return CCID_DRIVER_ERR_USB_TIMEOUT; case LIBUSB_ERROR_OVERFLOW: return CCID_DRIVER_ERR_USB_OVERFLOW; } return CCID_DRIVER_ERR_USB_OTHER; } /* Convert a little endian stored 4 byte value into an unsigned integer. */ static unsigned int convert_le_u32 (const unsigned char *buf) { return buf[0] | (buf[1] << 8) | (buf[2] << 16) | ((unsigned int)buf[3] << 24); } /* Convert a little endian stored 2 byte value into an unsigned integer. */ static unsigned int convert_le_u16 (const unsigned char *buf) { return buf[0] | (buf[1] << 8); } static void set_msg_len (unsigned char *msg, unsigned int length) { msg[1] = length; msg[2] = length >> 8; msg[3] = length >> 16; msg[4] = length >> 24; } static void print_progress (ccid_driver_t handle) { time_t ct = time (NULL); /* We don't want to print progress lines too often. */ if (ct == handle->last_progress) return; if (handle->progress_cb) handle->progress_cb (handle->progress_cb_arg, "card_busy", 'w', 0, 0); handle->last_progress = ct; } /* Pint an error message for a failed CCID command including a textual error code. MSG shall be the CCID message at a minimum of 10 bytes. */ static void print_command_failed (const unsigned char *msg) { const char *t; char buffer[100]; int ec; if (!debug_level) return; ec = CCID_ERROR_CODE (msg); switch (ec) { case 0x00: t = "Command not supported"; break; case 0xE0: t = "Slot busy"; break; case 0xEF: t = "PIN cancelled"; break; case 0xF0: t = "PIN timeout"; break; case 0xF2: t = "Automatic sequence ongoing"; break; case 0xF3: t = "Deactivated Protocol"; break; case 0xF4: t = "Procedure byte conflict"; break; case 0xF5: t = "ICC class not supported"; break; case 0xF6: t = "ICC protocol not supported"; break; case 0xF7: t = "Bad checksum in ATR"; break; case 0xF8: t = "Bad TS in ATR"; break; case 0xFB: t = "An all inclusive hardware error occurred"; break; case 0xFC: t = "Overrun error while talking to the ICC"; break; case 0xFD: t = "Parity error while talking to the ICC"; break; case 0xFE: t = "CCID timed out while talking to the ICC"; break; case 0xFF: t = "Host aborted the current activity"; break; default: if (ec > 0 && ec < 128) sprintf (buffer, "Parameter error at offset %d", ec); else sprintf (buffer, "Error code %02X", ec); t = buffer; break; } DEBUGOUT_1 ("CCID command failed: %s\n", t); } static void print_pr_data (const unsigned char *data, size_t datalen, size_t off) { int any = 0; for (; off < datalen; off++) { if (!any || !(off % 16)) { if (any) DEBUGOUT_LF (); DEBUGOUT_1 (" [%04lu] ", (unsigned long) off); } DEBUGOUT_CONT_1 (" %02X", data[off]); any = 1; } if (any && (off % 16)) DEBUGOUT_LF (); } static void print_p2r_header (const char *name, const unsigned char *msg, size_t msglen) { DEBUGOUT_1 ("%s:\n", name); if (msglen < 7) return; DEBUGOUT_1 (" dwLength ..........: %u\n", convert_le_u32 (msg+1)); DEBUGOUT_1 (" bSlot .............: %u\n", msg[5]); DEBUGOUT_1 (" bSeq ..............: %u\n", msg[6]); } static void print_p2r_iccpoweron (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_IccPowerOn", msg, msglen); if (msglen < 10) return; DEBUGOUT_2 (" bPowerSelect ......: 0x%02x (%s)\n", msg[7], msg[7] == 0? "auto": msg[7] == 1? "5.0 V": msg[7] == 2? "3.0 V": msg[7] == 3? "1.8 V":""); print_pr_data (msg, msglen, 8); } static void print_p2r_iccpoweroff (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_IccPowerOff", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_getslotstatus (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_GetSlotStatus", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_xfrblock (const unsigned char *msg, size_t msglen) { unsigned int val; print_p2r_header ("PC_to_RDR_XfrBlock", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bBWI ..............: 0x%02x\n", msg[7]); val = convert_le_u16 (msg+8); DEBUGOUT_2 (" wLevelParameter ...: 0x%04x%s\n", val, val == 1? " (continued)": val == 2? " (continues+ends)": val == 3? " (continues+continued)": val == 16? " (DataBlock-expected)":""); print_pr_data (msg, msglen, 10); } static void print_p2r_getparameters (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_GetParameters", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_resetparameters (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_ResetParameters", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_setparameters (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_SetParameters", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bProtocolNum ......: 0x%02x\n", msg[7]); print_pr_data (msg, msglen, 8); } static void print_p2r_escape (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_Escape", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_iccclock (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_IccClock", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bClockCommand .....: 0x%02x\n", msg[7]); print_pr_data (msg, msglen, 8); } static void print_p2r_to0apdu (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_T0APDU", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bmChanges .........: 0x%02x\n", msg[7]); DEBUGOUT_1 (" bClassGetResponse .: 0x%02x\n", msg[8]); DEBUGOUT_1 (" bClassEnvelope ....: 0x%02x\n", msg[9]); print_pr_data (msg, msglen, 10); } static void print_p2r_secure (const unsigned char *msg, size_t msglen) { unsigned int val; print_p2r_header ("PC_to_RDR_Secure", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bBMI ..............: 0x%02x\n", msg[7]); val = convert_le_u16 (msg+8); DEBUGOUT_2 (" wLevelParameter ...: 0x%04x%s\n", val, val == 1? " (continued)": val == 2? " (continues+ends)": val == 3? " (continues+continued)": val == 16? " (DataBlock-expected)":""); print_pr_data (msg, msglen, 10); } static void print_p2r_mechanical (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_Mechanical", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bFunction .........: 0x%02x\n", msg[7]); print_pr_data (msg, msglen, 8); } static void print_p2r_abort (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_Abort", msg, msglen); print_pr_data (msg, msglen, 7); } static void print_p2r_setdatarate (const unsigned char *msg, size_t msglen) { print_p2r_header ("PC_to_RDR_SetDataRate", msg, msglen); if (msglen < 10) return; print_pr_data (msg, msglen, 7); } static void print_p2r_unknown (const unsigned char *msg, size_t msglen) { print_p2r_header ("Unknown PC_to_RDR command", msg, msglen); if (msglen < 10) return; print_pr_data (msg, msglen, 0); } static void print_r2p_header (const char *name, const unsigned char *msg, size_t msglen) { DEBUGOUT_1 ("%s:\n", name); if (msglen < 9) return; DEBUGOUT_1 (" dwLength ..........: %u\n", convert_le_u32 (msg+1)); DEBUGOUT_1 (" bSlot .............: %u\n", msg[5]); DEBUGOUT_1 (" bSeq ..............: %u\n", msg[6]); DEBUGOUT_1 (" bStatus ...........: %u\n", msg[7]); if (msg[8]) DEBUGOUT_1 (" bError ............: %u\n", msg[8]); } static void print_r2p_datablock (const unsigned char *msg, size_t msglen) { print_r2p_header ("RDR_to_PC_DataBlock", msg, msglen); if (msglen < 10) return; if (msg[9]) DEBUGOUT_2 (" bChainParameter ...: 0x%02x%s\n", msg[9], msg[9] == 1? " (continued)": msg[9] == 2? " (continues+ends)": msg[9] == 3? " (continues+continued)": msg[9] == 16? " (XferBlock-expected)":""); print_pr_data (msg, msglen, 10); } static void print_r2p_slotstatus (const unsigned char *msg, size_t msglen) { print_r2p_header ("RDR_to_PC_SlotStatus", msg, msglen); if (msglen < 10) return; DEBUGOUT_2 (" bClockStatus ......: 0x%02x%s\n", msg[9], msg[9] == 0? " (running)": msg[9] == 1? " (stopped-L)": msg[9] == 2? " (stopped-H)": msg[9] == 3? " (stopped)":""); print_pr_data (msg, msglen, 10); } static void print_r2p_parameters (const unsigned char *msg, size_t msglen) { print_r2p_header ("RDR_to_PC_Parameters", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" protocol ..........: T=%d\n", msg[9]); if (msglen == 17 && msg[9] == 1) { /* Protocol T=1. */ DEBUGOUT_1 (" bmFindexDindex ....: %02X\n", msg[10]); DEBUGOUT_1 (" bmTCCKST1 .........: %02X\n", msg[11]); DEBUGOUT_1 (" bGuardTimeT1 ......: %02X\n", msg[12]); DEBUGOUT_1 (" bmWaitingIntegersT1: %02X\n", msg[13]); DEBUGOUT_1 (" bClockStop ........: %02X\n", msg[14]); DEBUGOUT_1 (" bIFSC .............: %d\n", msg[15]); DEBUGOUT_1 (" bNadValue .........: %d\n", msg[16]); } else print_pr_data (msg, msglen, 10); } static void print_r2p_escape (const unsigned char *msg, size_t msglen) { print_r2p_header ("RDR_to_PC_Escape", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" buffer[9] .........: %02X\n", msg[9]); print_pr_data (msg, msglen, 10); } static void print_r2p_datarate (const unsigned char *msg, size_t msglen) { print_r2p_header ("RDR_to_PC_DataRate", msg, msglen); if (msglen < 10) return; if (msglen >= 18) { DEBUGOUT_1 (" dwClockFrequency ..: %u\n", convert_le_u32 (msg+10)); DEBUGOUT_1 (" dwDataRate ..... ..: %u\n", convert_le_u32 (msg+14)); print_pr_data (msg, msglen, 18); } else print_pr_data (msg, msglen, 10); } static void print_r2p_unknown (const unsigned char *msg, size_t msglen) { print_r2p_header ("Unknown RDR_to_PC command", msg, msglen); if (msglen < 10) return; DEBUGOUT_1 (" bMessageType ......: %02X\n", msg[0]); DEBUGOUT_1 (" buffer[9] .........: %02X\n", msg[9]); print_pr_data (msg, msglen, 10); } /* Parse a CCID descriptor, optionally print all available features and test whether this reader is usable by this driver. Returns 0 if it is usable. Note, that this code is based on the one in lsusb.c of the usb-utils package, I wrote on 2003-09-01. -wk. */ static int parse_ccid_descriptor (ccid_driver_t handle, unsigned short bcd_device, const unsigned char *buf, size_t buflen) { unsigned int i; unsigned int us; int have_t1 = 0, have_tpdu=0; handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; handle->has_pinpad = 0; handle->apdu_level = 0; handle->auto_voltage = 0; handle->auto_param = 0; handle->auto_pps = 0; DEBUGOUT_3 ("idVendor: %04X idProduct: %04X bcdDevice: %04X\n", handle->id_vendor, handle->id_product, bcd_device); if (buflen < 54 || buf[0] < 54) { DEBUGOUT ("CCID device descriptor is too short\n"); return -1; } DEBUGOUT ("ChipCard Interface Descriptor:\n"); DEBUGOUT_1 (" bLength %5u\n", buf[0]); DEBUGOUT_1 (" bDescriptorType %5u\n", buf[1]); DEBUGOUT_2 (" bcdCCID %2x.%02x", buf[3], buf[2]); if (buf[3] != 1 || buf[2] != 0) DEBUGOUT_CONT(" (Warning: Only accurate for version 1.0)"); DEBUGOUT_LF (); DEBUGOUT_1 (" nMaxSlotIndex %5u\n", buf[4]); DEBUGOUT_2 (" bVoltageSupport %5u %s\n", buf[5], (buf[5] == 1? "5.0V" : buf[5] == 2? "3.0V" : buf[5] == 3? "1.8V":"?")); us = convert_le_u32 (buf+6); DEBUGOUT_1 (" dwProtocols %5u ", us); if ((us & 1)) DEBUGOUT_CONT (" T=0"); if ((us & 2)) { DEBUGOUT_CONT (" T=1"); have_t1 = 1; } if ((us & ~3)) DEBUGOUT_CONT (" (Invalid values detected)"); DEBUGOUT_LF (); us = convert_le_u32(buf+10); DEBUGOUT_1 (" dwDefaultClock %5u\n", us); us = convert_le_u32(buf+14); DEBUGOUT_1 (" dwMaxiumumClock %5u\n", us); DEBUGOUT_1 (" bNumClockSupported %5u\n", buf[18]); us = convert_le_u32(buf+19); DEBUGOUT_1 (" dwDataRate %7u bps\n", us); us = convert_le_u32(buf+23); DEBUGOUT_1 (" dwMaxDataRate %7u bps\n", us); DEBUGOUT_1 (" bNumDataRatesSupp. %5u\n", buf[27]); us = convert_le_u32(buf+28); DEBUGOUT_1 (" dwMaxIFSD %5u\n", us); handle->max_ifsd = us; us = convert_le_u32(buf+32); DEBUGOUT_1 (" dwSyncProtocols %08X ", us); if ((us&1)) DEBUGOUT_CONT ( " 2-wire"); if ((us&2)) DEBUGOUT_CONT ( " 3-wire"); if ((us&4)) DEBUGOUT_CONT ( " I2C"); DEBUGOUT_LF (); us = convert_le_u32(buf+36); DEBUGOUT_1 (" dwMechanical %08X ", us); if ((us & 1)) DEBUGOUT_CONT (" accept"); if ((us & 2)) DEBUGOUT_CONT (" eject"); if ((us & 4)) DEBUGOUT_CONT (" capture"); if ((us & 8)) DEBUGOUT_CONT (" lock"); DEBUGOUT_LF (); us = convert_le_u32(buf+40); DEBUGOUT_1 (" dwFeatures %08X\n", us); if ((us & 0x0002)) { DEBUGOUT (" Auto configuration based on ATR (assumes auto voltage)\n"); handle->auto_voltage = 1; } if ((us & 0x0004)) DEBUGOUT (" Auto activation on insert\n"); if ((us & 0x0008)) { DEBUGOUT (" Auto voltage selection\n"); handle->auto_voltage = 1; } if ((us & 0x0010)) DEBUGOUT (" Auto clock change\n"); if ((us & 0x0020)) DEBUGOUT (" Auto baud rate change\n"); if ((us & 0x0040)) { DEBUGOUT (" Auto parameter negotiation made by CCID\n"); handle->auto_param = 1; } else if ((us & 0x0080)) { DEBUGOUT (" Auto PPS made by CCID\n"); handle->auto_pps = 1; } if ((us & (0x0040 | 0x0080)) == (0x0040 | 0x0080)) DEBUGOUT (" WARNING: conflicting negotiation features\n"); if ((us & 0x0100)) DEBUGOUT (" CCID can set ICC in clock stop mode\n"); if ((us & 0x0200)) { DEBUGOUT (" NAD value other than 0x00 accepted\n"); handle->nonnull_nad = 1; } if ((us & 0x0400)) { DEBUGOUT (" Auto IFSD exchange\n"); handle->auto_ifsd = 1; } if ((us & 0x00010000)) { DEBUGOUT (" TPDU level exchange\n"); have_tpdu = 1; } else if ((us & 0x00020000)) { DEBUGOUT (" Short APDU level exchange\n"); handle->apdu_level = 1; } else if ((us & 0x00040000)) { DEBUGOUT (" Short and extended APDU level exchange\n"); handle->apdu_level = 2; } else if ((us & 0x00070000)) DEBUGOUT (" WARNING: conflicting exchange levels\n"); us = convert_le_u32(buf+44); DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us); handle->max_ccid_msglen = us; DEBUGOUT ( " bClassGetResponse "); if (buf[48] == 0xff) DEBUGOUT_CONT ("echo\n"); else DEBUGOUT_CONT_1 (" %02X\n", buf[48]); DEBUGOUT ( " bClassEnvelope "); if (buf[49] == 0xff) DEBUGOUT_CONT ("echo\n"); else DEBUGOUT_CONT_1 (" %02X\n", buf[48]); DEBUGOUT ( " wlcdLayout "); if (!buf[50] && !buf[51]) DEBUGOUT_CONT ("none\n"); else DEBUGOUT_CONT_2 ("%u cols %u lines\n", buf[50], buf[51]); DEBUGOUT_1 (" bPINSupport %5u ", buf[52]); if ((buf[52] & 1)) { DEBUGOUT_CONT ( " verification"); handle->has_pinpad |= 1; } if ((buf[52] & 2)) { DEBUGOUT_CONT ( " modification"); handle->has_pinpad |= 2; } DEBUGOUT_LF (); DEBUGOUT_1 (" bMaxCCIDBusySlots %5u\n", buf[53]); if (buf[0] > 54) { DEBUGOUT (" junk "); for (i=54; i < buf[0]-54; i++) DEBUGOUT_CONT_1 (" %02X", buf[i]); DEBUGOUT_LF (); } if (!have_t1 || !(have_tpdu || handle->apdu_level)) { DEBUGOUT ("this drivers requires that the reader supports T=1, " "TPDU or APDU level exchange - this is not available\n"); return -1; } /* SCM drivers get stuck in their internal USB stack if they try to send a frame of n*wMaxPacketSize back to us. Given that wMaxPacketSize is 64 for these readers we set the IFSD to a value lower than that: 64 - 10 CCID header - 4 T1frame - 2 reserved = 48 Product Ids: 0xe001 - SCR 331 0x5111 - SCR 331-DI 0x5115 - SCR 335 0xe003 - SPR 532 The 0x5117 - SCR 3320 USB ID-000 reader seems to be very slow but enabling this workaround boosts the performance to a more or less acceptable level (tested by David). */ if (handle->id_vendor == VENDOR_SCM && handle->max_ifsd > 48 && ( (handle->id_product == SCM_SCR331 && bcd_device < 0x0516) ||(handle->id_product == SCM_SCR331DI && bcd_device < 0x0620) ||(handle->id_product == SCM_SCR335 && bcd_device < 0x0514) ||(handle->id_product == SCM_SPR532 && bcd_device < 0x0504) ||(handle->id_product == SCM_SCR3320 && bcd_device < 0x0522) )) { DEBUGOUT ("enabling workaround for buggy SCM readers\n"); handle->max_ifsd = 48; } if (handle->id_vendor == VENDOR_GEMPC) { DEBUGOUT ("enabling product quirk: disable non-null NAD\n"); handle->nonnull_nad = 0; } return 0; } static char * get_escaped_usb_string (libusb_device_handle *idev, int idx, const char *prefix, const char *suffix) { int rc; unsigned char buf[280]; unsigned char *s; unsigned int langid; size_t i, n, len; char *result; if (!idx) return NULL; /* Fixme: The next line is for the current Valgrid without support for USB IOCTLs. */ memset (buf, 0, sizeof buf); /* First get the list of supported languages and use the first one. If we do don't find it we try to use English. Note that this is all in a 2 bute Unicode encoding using little endian. */ #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN, LIBUSB_REQUEST_GET_DESCRIPTOR, (LIBUSB_DT_STRING << 8), 0, buf, sizeof buf, 1000 /* ms timeout */); #ifdef USE_NPTH npth_protect (); #endif if (rc < 4) langid = 0x0409; /* English. */ else langid = (buf[3] << 8) | buf[2]; #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_control_transfer (idev, LIBUSB_ENDPOINT_IN, LIBUSB_REQUEST_GET_DESCRIPTOR, (LIBUSB_DT_STRING << 8) + idx, langid, buf, sizeof buf, 1000 /* ms timeout */); #ifdef USE_NPTH npth_protect (); #endif if (rc < 2 || buf[1] != LIBUSB_DT_STRING) return NULL; /* Error or not a string. */ len = buf[0]; if (len > rc) return NULL; /* Larger than our buffer. */ for (s=buf+2, i=2, n=0; i+1 < len; i += 2, s += 2) { if (s[1]) n++; /* High byte set. */ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':') n += 3 ; else n++; } result = malloc (strlen (prefix) + n + strlen (suffix) + 1); if (!result) return NULL; strcpy (result, prefix); n = strlen (prefix); for (s=buf+2, i=2; i+1 < len; i += 2, s += 2) { if (s[1]) result[n++] = '\xff'; /* High byte set. */ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':') { sprintf (result+n, "%%%02X", *s); n += 3; } else result[n++] = *s; } strcpy (result+n, suffix); return result; } /* This function creates an reader id to be used to find the same physical reader after a reset. It returns an allocated and possibly percent escaped string or NULL if not enough memory is available. */ static char * make_reader_id (libusb_device_handle *idev, unsigned int vendor, unsigned int product, unsigned char serialno_index) { char *rid; char prefix[20]; sprintf (prefix, "%04X:%04X:", (vendor & 0xffff), (product & 0xffff)); rid = get_escaped_usb_string (idev, serialno_index, prefix, ":0"); if (!rid) { rid = malloc (strlen (prefix) + 3 + 1); if (!rid) return NULL; strcpy (rid, prefix); strcat (rid, "X:0"); } return rid; } /* Helper to find the endpoint from an interface descriptor. */ static int find_endpoint (const struct libusb_interface_descriptor *ifcdesc, int mode) { int no; int want_bulk_in = 0; if (mode == 1) want_bulk_in = 0x80; for (no=0; no < ifcdesc->bNumEndpoints; no++) { const struct libusb_endpoint_descriptor *ep = ifcdesc->endpoint + no; if (ep->bDescriptorType != LIBUSB_DT_ENDPOINT) ; else if (mode == 2 && ((ep->bmAttributes & LIBUSB_TRANSFER_TYPE_MASK) == LIBUSB_TRANSFER_TYPE_INTERRUPT) && (ep->bEndpointAddress & 0x80)) return ep->bEndpointAddress; else if ((mode == 0 || mode == 1) && ((ep->bmAttributes & LIBUSB_TRANSFER_TYPE_MASK) == LIBUSB_TRANSFER_TYPE_BULK) && (ep->bEndpointAddress & 0x80) == want_bulk_in) return ep->bEndpointAddress; } return -1; } /* Helper for scan_devices. This function returns true if a requested device has been found or the caller should stop scanning for other reasons. */ static void scan_usb_device (int *count, char **rid_list, struct libusb_device *dev) { int ifc_no; int set_no; const struct libusb_interface_descriptor *ifcdesc; char *rid; libusb_device_handle *idev = NULL; int err; struct libusb_config_descriptor *config; struct libusb_device_descriptor desc; char *p; err = libusb_get_device_descriptor (dev, &desc); if (err) return; err = libusb_get_active_config_descriptor (dev, &config); if (err) return; for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++) for (set_no=0; set_no < config->interface[ifc_no].num_altsetting; set_no++) { ifcdesc = (config->interface[ifc_no].altsetting + set_no); /* The second condition is for older SCM SPR 532 who did not know about the assigned CCID class. The third condition does the same for a Cherry SmartTerminal ST-2000. Instead of trying to interpret the strings we simply check the product ID. */ if (ifcdesc && ifcdesc->extra && ((ifcdesc->bInterfaceClass == 11 && ifcdesc->bInterfaceSubClass == 0 && ifcdesc->bInterfaceProtocol == 0) || (ifcdesc->bInterfaceClass == 255 && desc.idVendor == VENDOR_SCM && desc.idProduct == SCM_SPR532) || (ifcdesc->bInterfaceClass == 255 && desc.idVendor == VENDOR_CHERRY && desc.idProduct == CHERRY_ST2000))) { ++*count; err = libusb_open (dev, &idev); if (err) { DEBUGOUT_1 ("usb_open failed: %s\n", libusb_error_name (err)); continue; /* with next setting. */ } rid = make_reader_id (idev, desc.idVendor, desc.idProduct, desc.iSerialNumber); if (!rid) { libusb_free_config_descriptor (config); return; } /* We are collecting infos about all available CCID readers. Store them and continue. */ DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", *count, rid); p = malloc ((*rid_list? strlen (*rid_list):0) + 1 + strlen (rid) + 1); if (p) { *p = 0; if (*rid_list) { strcat (p, *rid_list); free (*rid_list); } strcat (p, rid); strcat (p, "\n"); *rid_list = p; } else /* Out of memory. */ { libusb_free_config_descriptor (config); free (rid); return; } free (rid); libusb_close (idev); idev = NULL; } } libusb_free_config_descriptor (config); } /* Scan all CCID devices. The function returns 0 if a reader has been found or when a scan returned without error. R_RID should be the address where to store the list of reader_ids we found. If on return this list is empty, no CCID device has been found; otherwise it points to an allocated linked list of reader IDs. */ static int scan_devices (char **r_rid) { char *rid_list = NULL; int count = 0; libusb_device **dev_list = NULL; libusb_device *dev; int i; ssize_t n; /* Set return values to a default. */ if (r_rid) *r_rid = NULL; n = libusb_get_device_list (NULL, &dev_list); for (i = 0; i < n; i++) { dev = dev_list[i]; scan_usb_device (&count, &rid_list, dev); } libusb_free_device_list (dev_list, 1); *r_rid = rid_list; return 0; } /* Set the level of debugging to LEVEL and return the old level. -1 just returns the old level. A level of 0 disables debugging, 1 enables debugging, 2 enables additional tracing of the T=1 protocol, 3 additionally enables debugging for GetSlotStatus, other values are not yet defined. Note that libusb may provide its own debugging feature which is enabled by setting the envvar USB_DEBUG. */ int ccid_set_debug_level (int level) { int old = debug_level; if (level != -1) debug_level = level; return old; } char * ccid_get_reader_list (void) { char *reader_list; if (!initialized_usb) { int rc; if ((rc = libusb_init (NULL))) { DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc)); return NULL; } initialized_usb = 1; } if (scan_devices (&reader_list)) return NULL; /* Error. */ return reader_list; } /* Vendor specific custom initialization. */ static int ccid_vendor_specific_init (ccid_driver_t handle) { int r = 0; if (handle->id_vendor == VENDOR_VEGA && handle->id_product == VEGA_ALPHA) { /* * Vega alpha has a feature to show retry counter on the pinpad * display. But it assumes that the card returns the value of * retry counter by VERIFY with empty data (return code of * 63Cx). Unfortunately, existing OpenPGP cards don't support * VERIFY command with empty data. This vendor specific command * sequence is to disable the feature. */ const unsigned char cmd[] = { '\xb5', '\x01', '\x00', '\x03', '\x00' }; r = send_escape_cmd (handle, cmd, sizeof (cmd), NULL, 0, NULL); } else if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532) { /* * It seems that SEQ may be out of sync between host and the card reader, * and SET_INTERFACE doesn't reset it. Make sure it works at the init. */ abort_cmd (handle, 0, 1); } if (r != 0 && r != CCID_DRIVER_ERR_CARD_INACTIVE && r != CCID_DRIVER_ERR_NO_CARD) return r; else return 0; } static int ccid_vendor_specific_setup (ccid_driver_t handle) { if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532) { DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n"); send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3, NULL, 0, NULL); libusb_clear_halt (handle->idev, handle->ep_intr); } return 0; } #define MAX_DEVICE 16 /* See MAX_READER in apdu.c. */ struct ccid_dev_table { int n; /* Index to ccid_usb_dev_list */ int interface_number; int setting_number; unsigned char *ifcdesc_extra; int ep_bulk_out; int ep_bulk_in; int ep_intr; size_t ifcdesc_extra_len; }; static libusb_device **ccid_usb_dev_list; static struct ccid_dev_table ccid_dev_table[MAX_DEVICE]; gpg_error_t ccid_dev_scan (int *idx_max_p, void **t_p) { ssize_t n; libusb_device *dev; int i; int ifc_no; int set_no; int idx = 0; int err = 0; *idx_max_p = 0; *t_p = NULL; if (!initialized_usb) { int rc; if ((rc = libusb_init (NULL))) { DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc)); return gpg_error (GPG_ERR_ENODEV); } initialized_usb = 1; } n = libusb_get_device_list (NULL, &ccid_usb_dev_list); for (i = 0; i < n; i++) { struct libusb_config_descriptor *config; struct libusb_device_descriptor desc; dev = ccid_usb_dev_list[i]; if (libusb_get_device_descriptor (dev, &desc)) continue; if (libusb_get_active_config_descriptor (dev, &config)) continue; for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++) for (set_no=0; set_no < config->interface[ifc_no].num_altsetting; set_no++) { const struct libusb_interface_descriptor *ifcdesc; ifcdesc = &config->interface[ifc_no].altsetting[set_no]; /* The second condition is for older SCM SPR 532 who did not know about the assigned CCID class. The third condition does the same for a Cherry SmartTerminal ST-2000. Instead of trying to interpret the strings we simply check the product ID. */ if (ifcdesc && ifcdesc->extra && ((ifcdesc->bInterfaceClass == 11 && ifcdesc->bInterfaceSubClass == 0 && ifcdesc->bInterfaceProtocol == 0) || (ifcdesc->bInterfaceClass == 255 && desc.idVendor == VENDOR_SCM && desc.idProduct == SCM_SPR532) || (ifcdesc->bInterfaceClass == 255 && desc.idVendor == VENDOR_CHERRY && desc.idProduct == CHERRY_ST2000))) { /* Found a reader. */ unsigned char *ifcdesc_extra; ifcdesc_extra = malloc (ifcdesc->extra_length); if (!ifcdesc_extra) { err = gpg_error_from_syserror (); libusb_free_config_descriptor (config); goto scan_finish; } memcpy (ifcdesc_extra, ifcdesc->extra, ifcdesc->extra_length); ccid_dev_table[idx].n = i; ccid_dev_table[idx].interface_number = ifc_no; ccid_dev_table[idx].setting_number = set_no; ccid_dev_table[idx].ifcdesc_extra = ifcdesc_extra; ccid_dev_table[idx].ifcdesc_extra_len = ifcdesc->extra_length; ccid_dev_table[idx].ep_bulk_out = find_endpoint (ifcdesc, 0); ccid_dev_table[idx].ep_bulk_in = find_endpoint (ifcdesc, 1); ccid_dev_table[idx].ep_intr = find_endpoint (ifcdesc, 2); idx++; if (idx >= MAX_DEVICE) { libusb_free_config_descriptor (config); err = 0; goto scan_finish; } } } libusb_free_config_descriptor (config); } scan_finish: if (err) { for (i = 0; i < idx; i++) { free (ccid_dev_table[idx].ifcdesc_extra); ccid_dev_table[idx].n = 0; ccid_dev_table[idx].interface_number = 0; ccid_dev_table[idx].setting_number = 0; ccid_dev_table[idx].ifcdesc_extra = NULL; ccid_dev_table[idx].ifcdesc_extra_len = 0; ccid_dev_table[idx].ep_bulk_out = 0; ccid_dev_table[idx].ep_bulk_in = 0; ccid_dev_table[idx].ep_intr = 0; } libusb_free_device_list (ccid_usb_dev_list, 1); ccid_usb_dev_list = NULL; } else { *idx_max_p = idx; if (idx) *t_p = ccid_dev_table; else *t_p = NULL; } return err; } void ccid_dev_scan_finish (void *tbl0, int max) { int i; struct ccid_dev_table *tbl = tbl0; for (i = 0; i < max; i++) { free (tbl[i].ifcdesc_extra); tbl[i].n = 0; tbl[i].interface_number = 0; tbl[i].setting_number = 0; tbl[i].ifcdesc_extra = NULL; tbl[i].ifcdesc_extra_len = 0; tbl[i].ep_bulk_out = 0; tbl[i].ep_bulk_in = 0; tbl[i].ep_intr = 0; } libusb_free_device_list (ccid_usb_dev_list, 1); ccid_usb_dev_list = NULL; } unsigned int ccid_get_BAI (int idx, void *tbl0) { int n; int bus, addr, intf; unsigned int bai; libusb_device *dev; struct ccid_dev_table *tbl = tbl0; n = tbl[idx].n; dev = ccid_usb_dev_list[n]; bus = libusb_get_bus_number (dev); addr = libusb_get_device_address (dev); intf = tbl[idx].interface_number; bai = (bus << 16) | (addr << 8) | intf; return bai; } int ccid_compare_BAI (ccid_driver_t handle, unsigned int bai) { return handle->bai == bai; } static void intr_cb (struct libusb_transfer *transfer) { ccid_driver_t handle = transfer->user_data; DEBUGOUT_2 ("CCID: interrupt callback %d (%d)\n", transfer->status, transfer->actual_length); if (transfer->status == LIBUSB_TRANSFER_TIMED_OUT) { int err; submit_again: /* Submit the URB again to keep watching the INTERRUPT transfer. */ err = libusb_submit_transfer (transfer); if (err == LIBUSB_ERROR_NO_DEVICE) goto device_removed; DEBUGOUT_1 ("CCID submit transfer again %d\n", err); } else if (transfer->status == LIBUSB_TRANSFER_COMPLETED) { size_t len = transfer->actual_length; unsigned char *p = transfer->buffer; int card_removed = 0; while (len) { if (*p == RDR_to_PC_NotifySlotChange) { if (len < 2) break; DEBUGOUT_1 ("CCID: NotifySlotChange: %02x\n", p[1]); if ((p[1] & 1)) card_removed = 0; else card_removed = 1; p += 2; len -= 2; } else if (*p == RDR_to_PC_HardwareError) { if (len < 4) break; DEBUGOUT_1 ("CCID: hardware error detected: %02x\n", p[3]); p += 4; len -= 4; } else { DEBUGOUT_1 ("CCID: unknown intr: %02x\n", p[0]); break; } } if (card_removed) { DEBUGOUT ("CCID: card removed\n"); handle->powered_off = 1; #if defined(GNUPG_MAJOR_VERSION) scd_kick_the_loop (); #endif } else { /* Event other than card removal. */ goto submit_again; } } else if (transfer->status == LIBUSB_TRANSFER_CANCELLED) handle->powered_off = 1; else { device_removed: DEBUGOUT ("CCID: device removed\n"); handle->powered_off = 1; #if defined(GNUPG_MAJOR_VERSION) scd_kick_the_loop (); #endif } } static void ccid_setup_intr (ccid_driver_t handle) { struct libusb_transfer *transfer; int err; transfer = libusb_alloc_transfer (0); handle->transfer = transfer; libusb_fill_interrupt_transfer (transfer, handle->idev, handle->ep_intr, handle->intr_buf, sizeof (handle->intr_buf), intr_cb, handle, 0); err = libusb_submit_transfer (transfer); DEBUGOUT_2 ("CCID submit transfer (%x): %d", handle->ep_intr, err); } static void * ccid_usb_thread (void *arg) { libusb_context *ctx = arg; while (ccid_usb_thread_is_alive) { #ifdef USE_NPTH npth_unprotect (); #endif libusb_handle_events_completed (ctx, NULL); #ifdef USE_NPTH npth_protect (); #endif } return NULL; } static int ccid_open_usb_reader (const char *spec_reader_name, int idx, void *ccid_table0, ccid_driver_t *handle, char **rdrname_p) { libusb_device *dev; libusb_device_handle *idev = NULL; char *rid = NULL; int rc = 0; int ifc_no, set_no; struct libusb_device_descriptor desc; int n; int bus, addr; unsigned int bai; struct ccid_dev_table *ccid_table = ccid_table0; n = ccid_table[idx].n; ifc_no = ccid_table[idx].interface_number; set_no = ccid_table[idx].setting_number; dev = ccid_usb_dev_list[n]; bus = libusb_get_bus_number (dev); addr = libusb_get_device_address (dev); bai = (bus << 16) | (addr << 8) | ifc_no; rc = libusb_open (dev, &idev); if (rc) { DEBUGOUT_1 ("usb_open failed: %s\n", libusb_error_name (rc)); free (*handle); *handle = NULL; return map_libusb_error (rc); } if (ccid_usb_thread_is_alive++ == 0) { npth_t thread; npth_attr_t tattr; int err; err = npth_attr_init (&tattr); if (err) { DEBUGOUT_1 ("npth_attr_init failed: %s\n", strerror (err)); free (*handle); *handle = NULL; return err; } npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); err = npth_create (&thread, &tattr, ccid_usb_thread, NULL); if (err) { DEBUGOUT_1 ("npth_create failed: %s\n", strerror (err)); free (*handle); *handle = NULL; return err; } npth_attr_destroy (&tattr); } rc = libusb_get_device_descriptor (dev, &desc); if (rc) { DEBUGOUT ("get_device_descripor failed\n"); rc = map_libusb_error (rc); goto leave; } rid = make_reader_id (idev, desc.idVendor, desc.idProduct, desc.iSerialNumber); /* Check to see if reader name matches the spec. */ if (spec_reader_name && strncmp (rid, spec_reader_name, strlen (spec_reader_name))) { DEBUGOUT ("device not matched\n"); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } (*handle)->id_vendor = desc.idVendor; (*handle)->id_product = desc.idProduct; (*handle)->idev = idev; (*handle)->bai = bai; (*handle)->ifc_no = ifc_no; (*handle)->ep_bulk_out = ccid_table[idx].ep_bulk_out; (*handle)->ep_bulk_in = ccid_table[idx].ep_bulk_in; (*handle)->ep_intr = ccid_table[idx].ep_intr; DEBUGOUT_2 ("using CCID reader %d (ID=%s)\n", idx, rid); if (parse_ccid_descriptor (*handle, desc.bcdDevice, ccid_table[idx].ifcdesc_extra, ccid_table[idx].ifcdesc_extra_len)) { DEBUGOUT ("device not supported\n"); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } rc = libusb_claim_interface (idev, ifc_no); if (rc) { DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc); rc = map_libusb_error (rc); goto leave; } /* Submit SET_INTERFACE control transfer which can reset the device. */ rc = libusb_set_interface_alt_setting (idev, ifc_no, set_no); if (rc) { DEBUGOUT_1 ("usb_set_interface_alt_setting failed: %d\n", rc); rc = map_libusb_error (rc); goto leave; } rc = ccid_vendor_specific_init (*handle); leave: if (rc) { --ccid_usb_thread_is_alive; free (rid); libusb_release_interface (idev, ifc_no); libusb_close (idev); free (*handle); *handle = NULL; } else { if (rdrname_p) *rdrname_p = rid; else free (rid); } return rc; } /* Open the reader with the internal number READERNO and return a pointer to be used as handle in HANDLE. Returns 0 on success. */ int ccid_open_reader (const char *spec_reader_name, int idx, void *ccid_table0, ccid_driver_t *handle, char **rdrname_p) { struct ccid_dev_table *ccid_table = ccid_table0; *handle = calloc (1, sizeof **handle); if (!*handle) { DEBUGOUT ("out of memory\n"); return CCID_DRIVER_ERR_OUT_OF_CORE; } return ccid_open_usb_reader (spec_reader_name, idx, ccid_table, handle, rdrname_p); } int ccid_require_get_status (ccid_driver_t handle) { /* When a card reader supports interrupt transfer to check the status of card, it is possible to submit only an interrupt transfer, and no check is required by application layer. USB can detect removal of a card and can detect removal of a reader. */ if (handle->ep_intr >= 0) { if (handle->id_vendor != VENDOR_SCM) return 0; /* * For card reader with interrupt transfer support, ideally, * removal is detected by intr_cb, but some card reader * (e.g. SPR532) has a possible case of missing report to * intr_cb, and another case of valid report to intr_cb. * * For such a reader, the removal should be able to be detected * by PC_to_RDR_GetSlotStatus, too. Thus, calls to * ccid_slot_status should go on wire even if "on_wire" is not * requested. * */ if (handle->transfer == NULL) return 0; } /* Libusb actually detects the removal of USB device in use. However, there is no good API to handle the removal (yet), cleanly and with good portability. There is libusb_set_pollfd_notifiers function, but it doesn't offer libusb_device_handle* data to its callback. So, when it watches multiple devices, there is no way to know which device is removed. Once, we will have a good programming interface of libusb, we can list tokens (with no interrupt transfer support, but always with card inserted) here to return 0, so that scdaemon can submit minimum packet on wire. */ return 1; } static int send_power_off (ccid_driver_t handle) { int rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; msg[0] = PC_to_RDR_IccPowerOff; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (!rc) bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno, 2000, 0); return rc; } static void do_close_reader (ccid_driver_t handle) { int rc; if (!handle->powered_off) send_power_off (handle); if (handle->transfer) { if (!handle->powered_off) { DEBUGOUT ("libusb_cancel_transfer\n"); rc = libusb_cancel_transfer (handle->transfer); if (rc != LIBUSB_ERROR_NOT_FOUND) while (!handle->powered_off) { DEBUGOUT ("libusb_handle_events_completed\n"); #ifdef USE_NPTH npth_unprotect (); #endif libusb_handle_events_completed (NULL, &handle->powered_off); #ifdef USE_NPTH npth_protect (); #endif } } libusb_free_transfer (handle->transfer); handle->transfer = NULL; } DEBUGOUT ("libusb_release_interface and libusb_close\n"); libusb_release_interface (handle->idev, handle->ifc_no); --ccid_usb_thread_is_alive; libusb_close (handle->idev); handle->idev = NULL; } int ccid_set_progress_cb (ccid_driver_t handle, void (*cb)(void *, const char *, int, int, int), void *cb_arg) { if (!handle) return CCID_DRIVER_ERR_INV_VALUE; handle->progress_cb = cb; handle->progress_cb_arg = cb_arg; return 0; } int ccid_set_prompt_cb (ccid_driver_t handle, void (*cb)(void *, int), void *cb_arg) { if (!handle) return CCID_DRIVER_ERR_INV_VALUE; handle->prompt_cb = cb; handle->prompt_cb_arg = cb_arg; return 0; } /* Close the reader HANDLE. */ int ccid_close_reader (ccid_driver_t handle) { if (!handle) return 0; do_close_reader (handle); free (handle); return 0; } /* Return False if a card is present and powered. */ int ccid_check_card_presence (ccid_driver_t handle) { (void)handle; /* Not yet implemented. */ return -1; } /* Write a MSG of length MSGLEN to the designated bulk out endpoint. Returns 0 on success. */ static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen, int no_debug) { int rc; int transferred; /* No need to continue and clutter the log with USB write error messages after we got the first ENODEV. */ if (handle->enodev_seen) return CCID_DRIVER_ERR_NO_READER; if (debug_level && (!no_debug || debug_level >= 3)) { switch (msglen? msg[0]:0) { case PC_to_RDR_IccPowerOn: print_p2r_iccpoweron (msg, msglen); break; case PC_to_RDR_IccPowerOff: print_p2r_iccpoweroff (msg, msglen); break; case PC_to_RDR_GetSlotStatus: print_p2r_getslotstatus (msg, msglen); break; case PC_to_RDR_XfrBlock: print_p2r_xfrblock (msg, msglen); break; case PC_to_RDR_GetParameters: print_p2r_getparameters (msg, msglen); break; case PC_to_RDR_ResetParameters: print_p2r_resetparameters (msg, msglen); break; case PC_to_RDR_SetParameters: print_p2r_setparameters (msg, msglen); break; case PC_to_RDR_Escape: print_p2r_escape (msg, msglen); break; case PC_to_RDR_IccClock: print_p2r_iccclock (msg, msglen); break; case PC_to_RDR_T0APDU: print_p2r_to0apdu (msg, msglen); break; case PC_to_RDR_Secure: print_p2r_secure (msg, msglen); break; case PC_to_RDR_Mechanical: print_p2r_mechanical (msg, msglen); break; case PC_to_RDR_Abort: print_p2r_abort (msg, msglen); break; case PC_to_RDR_SetDataRate: print_p2r_setdatarate (msg, msglen); break; default: print_p2r_unknown (msg, msglen); break; } } #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out, msg, msglen, &transferred, 5000 /* ms timeout */); #ifdef USE_NPTH npth_protect (); #endif if (rc == 0 && transferred == msglen) return 0; if (rc) { DEBUGOUT_1 ("usb_bulk_write error: %s\n", libusb_error_name (rc)); if (rc == LIBUSB_ERROR_NO_DEVICE) { handle->enodev_seen = 1; return CCID_DRIVER_ERR_NO_READER; } } return 0; } /* Read a maximum of LENGTH bytes from the bulk in endpoint into BUFFER and return the actual read number if bytes in NREAD. SEQNO is the sequence number used to send the request and EXPECTED_TYPE the type of message we expect. Does checks on the ccid header. TIMEOUT is the timeout value in ms. NO_DEBUG may be set to avoid debug messages in case of no error; this can be overridden with a glibal debug level of at least 3. Returns 0 on success. */ static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug) { int rc; int msglen; int notified = 0; int bwi = 1; /* Fixme: The next line for the current Valgrind without support for USB IOCTLs. */ memset (buffer, 0, length); retry: #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in, buffer, length, &msglen, bwi*timeout); #ifdef USE_NPTH npth_protect (); #endif if (rc) { DEBUGOUT_1 ("usb_bulk_read error: %s\n", libusb_error_name (rc)); if (rc == LIBUSB_ERROR_NO_DEVICE) handle->enodev_seen = 1; return map_libusb_error (rc); } if (msglen < 0) return CCID_DRIVER_ERR_INV_VALUE; /* Faulty libusb. */ *nread = msglen; if (msglen < 10) { DEBUGOUT_1 ("bulk-in msg too short (%u)\n", (unsigned int)msglen); abort_cmd (handle, seqno, 0); return CCID_DRIVER_ERR_INV_VALUE; } if (buffer[5] != 0) { DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]); return CCID_DRIVER_ERR_INV_VALUE; } if (buffer[6] != seqno) { DEBUGOUT_2 ("bulk-in seqno does not match (%d/%d)\n", seqno, buffer[6]); /* Retry until we are synced again. */ goto retry; } /* We need to handle the time extension request before we check that we got the expected message type. This is in particular required for the Cherry keyboard which sends a time extension request for each key hit. */ if (!(buffer[7] & 0x03) && (buffer[7] & 0xC0) == 0x80) { /* Card present and active, time extension requested. */ DEBUGOUT_2 ("time extension requested (%02X,%02X)\n", buffer[7], buffer[8]); bwi = 1; if (buffer[8] != 0 && buffer[8] != 0xff) bwi = buffer[8]; /* Gnuk enhancement to prompt user input by ack button */ if (buffer[8] == 0xff && !notified) { notified = 1; handle->prompt_cb (handle->prompt_cb_arg, 1); } goto retry; } if (notified) handle->prompt_cb (handle->prompt_cb_arg, 0); if (buffer[0] != expected_type && buffer[0] != RDR_to_PC_SlotStatus) { DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]); abort_cmd (handle, seqno, 0); return CCID_DRIVER_ERR_INV_VALUE; } if (debug_level && (!no_debug || debug_level >= 3)) { switch (buffer[0]) { case RDR_to_PC_DataBlock: print_r2p_datablock (buffer, msglen); break; case RDR_to_PC_SlotStatus: print_r2p_slotstatus (buffer, msglen); break; case RDR_to_PC_Parameters: print_r2p_parameters (buffer, msglen); break; case RDR_to_PC_Escape: print_r2p_escape (buffer, msglen); break; case RDR_to_PC_DataRate: print_r2p_datarate (buffer, msglen); break; default: print_r2p_unknown (buffer, msglen); break; } } if (CCID_COMMAND_FAILED (buffer)) { int ec; ec = CCID_ERROR_CODE (buffer); print_command_failed (buffer); if (ec == 0xEF) return CCID_DRIVER_ERR_UI_CANCELLED; else if (ec == 0xF0) return CCID_DRIVER_ERR_UI_TIMEOUT; } /* Check whether a card is at all available. Note: If you add new error codes here, check whether they need to be ignored in send_escape_cmd. */ switch ((buffer[7] & 0x03)) { case 0: /* no error */ break; case 1: rc = CCID_DRIVER_ERR_CARD_INACTIVE; break; case 2: rc = CCID_DRIVER_ERR_NO_CARD; break; case 3: /* RFU */ break; } if (rc) { /* * Communication failure by device side. * Possibly, it was forcibly suspended and resumed. */ if (handle->ep_intr < 0) { DEBUGOUT ("CCID: card inactive/removed\n"); handle->powered_off = 1; } #if defined(GNUPG_MAJOR_VERSION) scd_kick_the_loop (); #endif } return rc; } /* Send an abort sequence and wait until everything settled. */ static int abort_cmd (ccid_driver_t handle, int seqno, int init) { int rc; unsigned char dummybuf[8]; unsigned char msg[100]; int msglen; seqno &= 0xff; DEBUGOUT_1 ("sending abort sequence for seqno %d\n", seqno); /* Send the abort command to the control pipe. Note that we don't need to keep track of sent abort commands because there should never be another thread using the same slot concurrently. */ #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_control_transfer (handle->idev, 0x21,/* bmRequestType: host-to-device, class specific, to interface. */ 1, /* ABORT */ (seqno << 8 | 0 /* slot */), handle->ifc_no, dummybuf, 0, 1000 /* ms timeout */); #ifdef USE_NPTH npth_protect (); #endif if (rc) { DEBUGOUT_1 ("usb_control_msg error: %s\n", libusb_error_name (rc)); if (!init) return map_libusb_error (rc); } /* Now send the abort command to the bulk out pipe using the same SEQNO and SLOT. Do this in a loop to so that all seqno are tried. */ seqno--; /* Adjust for next increment. */ do { int transferred; seqno++; msg[0] = PC_to_RDR_Abort; msg[5] = 0; /* slot */ msg[6] = seqno; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ msglen = 10; set_msg_len (msg, 0); #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_out, msg, msglen, &transferred, init? 100: 5000 /* ms timeout */); #ifdef USE_NPTH npth_protect (); #endif if (rc == 0 && transferred == msglen) rc = 0; else if (rc) DEBUGOUT_1 ("usb_bulk_write error in abort_cmd: %s\n", libusb_error_name (rc)); if (rc) return map_libusb_error (rc); #ifdef USE_NPTH npth_unprotect (); #endif rc = libusb_bulk_transfer (handle->idev, handle->ep_bulk_in, msg, sizeof msg, &msglen, init? 100: 5000 /*ms timeout*/); #ifdef USE_NPTH npth_protect (); #endif if (rc) { DEBUGOUT_1 ("usb_bulk_read error in abort_cmd: %s\n", libusb_error_name (rc)); if (init && rc == LIBUSB_ERROR_TIMEOUT) continue; else return map_libusb_error (rc); } if (msglen < 10) { DEBUGOUT_1 ("bulk-in msg in abort_cmd too short (%u)\n", (unsigned int)msglen); return CCID_DRIVER_ERR_INV_VALUE; } if (msg[5] != 0) { DEBUGOUT_1 ("unexpected bulk-in slot (%d) in abort_cmd\n", msg[5]); return CCID_DRIVER_ERR_INV_VALUE; } DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n", msg[7], msg[8], msg[9]); if (CCID_COMMAND_FAILED (msg)) print_command_failed (msg); } while (rc == LIBUSB_ERROR_TIMEOUT || (msg[0] != RDR_to_PC_SlotStatus && msg[5] != 0 && msg[6] != seqno)); handle->seqno = ((seqno + 1) & 0xff); DEBUGOUT ("sending abort sequence succeeded\n"); return 0; } /* Note that this function won't return the error codes NO_CARD or CARD_INACTIVE. IF RESULT is not NULL, the result from the operation will get returned in RESULT and its length in RESULTLEN. If the response is larger than RESULTMAX, an error is returned and the required buffer length returned in RESULTLEN. */ static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, size_t datalen, unsigned char *result, size_t resultmax, size_t *resultlen) { int rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; if (resultlen) *resultlen = 0; if (datalen > sizeof msg - 10) return CCID_DRIVER_ERR_INV_VALUE; /* Escape data too large. */ msg[0] = PC_to_RDR_Escape; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ memcpy (msg+10, data, datalen); msglen = 10 + datalen; set_msg_len (msg, datalen); rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape, seqno, 5000, 0); if (result) switch (rc) { /* We need to ignore certain errorcode here. */ case 0: case CCID_DRIVER_ERR_CARD_INACTIVE: case CCID_DRIVER_ERR_NO_CARD: { if (msglen > resultmax) rc = CCID_DRIVER_ERR_INV_VALUE; /* Response too large. */ else { memcpy (result, msg, msglen); if (resultlen) *resultlen = msglen; rc = 0; } } break; default: break; } return rc; } int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, unsigned char *resp, size_t maxresplen, size_t *nresp) { return send_escape_cmd (handle, data, datalen, resp, maxresplen, nresp); } /* experimental */ int ccid_poll (ccid_driver_t handle) { int rc; unsigned char msg[10]; int msglen; int i, j; rc = libusb_interrupt_transfer (handle->idev, handle->ep_intr, msg, sizeof msg, &msglen, 0 /* ms timeout */ ); if (rc == LIBUSB_ERROR_TIMEOUT) return 0; if (rc) { DEBUGOUT_1 ("usb_intr_read error: %s\n", libusb_error_name (rc)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } if (msglen < 1) { DEBUGOUT ("intr-in msg too short\n"); return CCID_DRIVER_ERR_INV_VALUE; } if (msg[0] == RDR_to_PC_NotifySlotChange) { DEBUGOUT ("notify slot change:"); for (i=1; i < msglen; i++) for (j=0; j < 4; j++) DEBUGOUT_CONT_3 (" %d:%c%c", (i-1)*4+j, (msg[i] & (1<<(j*2)))? 'p':'-', (msg[i] & (2<<(j*2)))? '*':' '); DEBUGOUT_LF (); } else if (msg[0] == RDR_to_PC_HardwareError) { DEBUGOUT ("hardware error occurred\n"); } else { DEBUGOUT_1 ("unknown intr-in msg of type %02X\n", msg[0]); } return 0; } /* Note that this function won't return the error codes NO_CARD or CARD_INACTIVE */ int ccid_slot_status (ccid_driver_t handle, int *statusbits, int on_wire) { int rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; int retries = 0; if (handle->powered_off) return CCID_DRIVER_ERR_NO_READER; /* If the card (with its lower-level driver) doesn't require GET_STATUS on wire (because it supports INTERRUPT transfer for status change, or it's a token which has a card always inserted), no need to send on wire. */ if (!on_wire && !ccid_require_get_status (handle)) { /* Setup interrupt transfer at the initial call of slot_status with ON_WIRE == 0 */ if (handle->transfer == NULL) ccid_setup_intr (handle); *statusbits = 0; return 0; } retry: msg[0] = PC_to_RDR_GetSlotStatus; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); rc = bulk_out (handle, msg, 10, 1); if (rc) return rc; /* Note that we set the NO_DEBUG flag here, so that the logs won't get cluttered up by a ticker function checking for the slot status and debugging enabled. */ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno, retries? 1000 : 200, 1); if ((rc == CCID_DRIVER_ERR_CARD_IO_ERROR || rc == CCID_DRIVER_ERR_USB_TIMEOUT) && retries < 3) { if (!retries) { DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n"); #ifdef USE_NPTH npth_unprotect (); #endif libusb_clear_halt (handle->idev, handle->ep_bulk_in); libusb_clear_halt (handle->idev, handle->ep_bulk_out); #ifdef USE_NPTH npth_protect (); #endif } else DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n"); retries++; goto retry; } if (rc && rc != CCID_DRIVER_ERR_NO_CARD && rc != CCID_DRIVER_ERR_CARD_INACTIVE) return rc; *statusbits = (msg[7] & 3); return 0; } /* Parse ATR string (of ATRLEN) and update parameters at PARAM. Calling this routine, it should prepare default values at PARAM beforehand. This routine assumes that card is accessed by T=1 protocol. It doesn't analyze historical bytes at all. Returns < 0 value on error: -1 for parse error or integrity check error -2 for card doesn't support T=1 protocol -3 for parameters are nod explicitly defined by ATR -4 for this driver doesn't support CRC Returns >= 0 on success: 0 for card is negotiable mode 1 for card is specific mode (and not negotiable) */ static int update_param_by_atr (unsigned char *param, unsigned char *atr, size_t atrlen) { int i = -1; int t, y, chk; int historical_bytes_num, negotiable = 1; #define NEXTBYTE() do { i++; if (atrlen <= i) return -1; } while (0) NEXTBYTE (); if (atr[i] == 0x3F) param[1] |= 0x02; /* Convention is inverse. */ NEXTBYTE (); y = (atr[i] >> 4); historical_bytes_num = atr[i] & 0x0f; NEXTBYTE (); if ((y & 1)) { param[0] = atr[i]; /* TA1 - Fi & Di */ NEXTBYTE (); } if ((y & 2)) NEXTBYTE (); /* TB1 - ignore */ if ((y & 4)) { param[2] = atr[i]; /* TC1 - Guard Time */ NEXTBYTE (); } if ((y & 8)) { y = (atr[i] >> 4); /* TD1 */ t = atr[i] & 0x0f; NEXTBYTE (); if ((y & 1)) { /* TA2 - PPS mode */ if ((atr[i] & 0x0f) != 1) return -2; /* Wrong card protocol (!= 1). */ if ((atr[i] & 0x10) != 0x10) return -3; /* Transmission parameters are implicitly defined. */ negotiable = 0; /* TA2 means specific mode. */ NEXTBYTE (); } if ((y & 2)) NEXTBYTE (); /* TB2 - ignore */ if ((y & 4)) NEXTBYTE (); /* TC2 - ignore */ if ((y & 8)) { y = (atr[i] >> 4); /* TD2 */ t = atr[i] & 0x0f; NEXTBYTE (); } else y = 0; while (y) { if ((y & 1)) { /* TAx */ if (t == 1) param[5] = atr[i]; /* IFSC */ else if (t == 15) /* XXX: check voltage? */ param[4] = (atr[i] >> 6); /* ClockStop */ NEXTBYTE (); } if ((y & 2)) { if (t == 1) param[3] = atr[i]; /* TBx - BWI & CWI */ NEXTBYTE (); } if ((y & 4)) { if (t == 1) param[1] |= (atr[i] & 0x01); /* TCx - LRC/CRC */ NEXTBYTE (); if (param[1] & 0x01) return -4; /* CRC not supported yet. */ } if ((y & 8)) { y = (atr[i] >> 4); /* TDx */ t = atr[i] & 0x0f; NEXTBYTE (); } else y = 0; } } i += historical_bytes_num - 1; NEXTBYTE (); if (atrlen != i+1) return -1; #undef NEXTBYTE chk = 0; do { chk ^= atr[i]; i--; } while (i > 0); if (chk != 0) return -1; return negotiable; } /* Return the ATR of the card. This is not a cached value and thus an actual reset is done. */ int ccid_get_atr (ccid_driver_t handle, unsigned char *atr, size_t maxatrlen, size_t *atrlen) { int rc; int statusbits; unsigned char msg[100]; unsigned char *tpdu; size_t msglen, tpdulen; unsigned char seqno; int use_crc = 0; unsigned int edc; int tried_iso = 0; int got_param; unsigned char param[7] = { /* For Protocol T=1 */ 0x11, /* bmFindexDindex */ 0x10, /* bmTCCKST1 */ 0x00, /* bGuardTimeT1 */ 0x4d, /* bmWaitingIntegersT1 */ 0x00, /* bClockStop */ 0x20, /* bIFSC */ 0x00 /* bNadValue */ }; /* First check whether a card is available. */ rc = ccid_slot_status (handle, &statusbits, 1); if (rc) return rc; if (statusbits == 2) return CCID_DRIVER_ERR_NO_CARD; /* * In the first invocation of ccid_slot_status, card reader may * return CCID_DRIVER_ERR_CARD_INACTIVE and handle->powered_off may * become 1. Because inactive card is no problem (we are turning it * ON here), clear the flag. */ handle->powered_off = 0; /* For an inactive and also for an active card, issue the PowerOn command to get the ATR. */ again: msg[0] = PC_to_RDR_IccPowerOn; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */ msg[7] = handle->auto_voltage ? 0 : 1; msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; if (!tried_iso && CCID_COMMAND_FAILED (msg) && CCID_ERROR_CODE (msg) == 0xbb && ((handle->id_vendor == VENDOR_CHERRY && handle->id_product == 0x0005) || (handle->id_vendor == VENDOR_GEMPC && handle->id_product == 0x4433) )) { tried_iso = 1; /* Try switching to ISO mode. */ if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2, NULL, 0, NULL)) goto again; } else if (statusbits == 0 && CCID_COMMAND_FAILED (msg)) { /* Card was active already, and something went wrong with PC_to_RDR_IccPowerOn command. It may be baud-rate mismatch between the card and the reader. To recover from this state, send PC_to_RDR_IccPowerOff command to reset the card and try again. */ rc = send_power_off (handle); if (rc) return rc; statusbits = 1; goto again; } else if (CCID_COMMAND_FAILED (msg)) return CCID_DRIVER_ERR_CARD_IO_ERROR; handle->powered_off = 0; if (atr) { size_t n = msglen - 10; if (n > maxatrlen) n = maxatrlen; memcpy (atr, msg+10, n); *atrlen = n; } param[6] = handle->nonnull_nad? ((1 << 4) | 0): 0; rc = update_param_by_atr (param, msg+10, msglen - 10); if (rc < 0) { DEBUGOUT_1 ("update_param_by_atr failed: %d\n", rc); return CCID_DRIVER_ERR_CARD_IO_ERROR; } got_param = 0; if (handle->auto_param) { msg[0] = PC_to_RDR_GetParameters; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (!rc) rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno, 2000, 0); if (rc) DEBUGOUT ("GetParameters failed\n"); else if (msglen == 17 && msg[9] == 1) got_param = 1; } else if (handle->auto_pps) ; else if (rc == 1) /* It's negotiable, send PPS. */ { msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; msg[8] = 0; msg[9] = 0; msg[10] = 0xff; /* PPSS */ msg[11] = 0x11; /* PPS0: PPS1, Protocol T=1 */ msg[12] = param[0]; /* PPS1: Fi / Di */ msg[13] = 0xff ^ 0x11 ^ param[0]; /* PCK */ set_msg_len (msg, 4); msglen = 10 + 4; rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; if (msglen != 10 + 4) { DEBUGOUT_1 ("Setting PPS failed: %zu\n", msglen); return CCID_DRIVER_ERR_CARD_IO_ERROR; } if (msg[10] != 0xff || msg[11] != 0x11 || msg[12] != param[0]) { DEBUGOUT_1 ("Setting PPS failed: 0x%02x\n", param[0]); return CCID_DRIVER_ERR_CARD_IO_ERROR; } } /* Setup parameters to select T=1. */ msg[0] = PC_to_RDR_SetParameters; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 1; /* Select T=1. */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ if (!got_param) memcpy (&msg[10], param, 7); set_msg_len (msg, 7); msglen = 10 + 7; rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno, 5000, 0); if (rc) DEBUGOUT ("SetParameters failed (ignored)\n"); if (!rc && msglen > 15 && msg[15] >= 16 && msg[15] <= 254 ) handle->ifsc = msg[15]; else handle->ifsc = 128; /* Something went wrong, assume 128 bytes. */ if (handle->nonnull_nad && msglen > 16 && msg[16] == 0) { DEBUGOUT ("Use Null-NAD, clearing handle->nonnull_nad.\n"); handle->nonnull_nad = 0; } handle->t1_ns = 0; handle->t1_nr = 0; /* Send an S-Block with our maximum IFSD to the CCID. */ if (!handle->apdu_level && !handle->auto_ifsd) { tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = (0xc0 | 0 | 1); /* S-block request: change IFSD */ tpdu[2] = 1; tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32; tpdulen = 4; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, tpdulen); msglen = 10 + tpdulen; if (debug_level > 1) DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; tpdu = msg + 10; tpdulen = msglen - 10; if (tpdulen < 4) return CCID_DRIVER_ERR_ABORTED; if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0, (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); if ((tpdu[1] & 0xe0) != 0xe0 || tpdu[2] != 1) { DEBUGOUT ("invalid response for S-block (Change-IFSD)\n"); return -1; } DEBUGOUT_1 ("IFSD has been set to %d\n", tpdu[3]); } ccid_vendor_specific_setup (handle); return 0; } static unsigned int compute_edc (const unsigned char *data, size_t datalen, int use_crc) { if (use_crc) { return 0x42; /* Not yet implemented. */ } else { unsigned char crc = 0; for (; datalen; datalen--) crc ^= *data++; return crc; } } /* Return true if APDU is an extended length one. */ static int is_exlen_apdu (const unsigned char *apdu, size_t apdulen) { if (apdulen < 7 || apdu[4]) return 0; /* Too short or no Z byte. */ return 1; } /* Helper for ccid_transceive used for APDU level exchanges. */ static int ccid_transceive_apdu_level (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_len, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; unsigned char msg[CCID_MAX_BUF]; const unsigned char *apdu_p; size_t apdu_part_len; size_t msglen; unsigned char seqno; int bwi = 0; unsigned char chain = 0; if (apdu_len == 0 || apdu_len > sizeof (msg) - 10) return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ apdu_p = apdu_buf; while (1) { apdu_part_len = apdu_len; if (apdu_part_len > handle->max_ccid_msglen - 10) { apdu_part_len = handle->max_ccid_msglen - 10; chain |= 0x01; } msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = bwi; msg[8] = chain; msg[9] = 0; memcpy (msg+10, apdu_p, apdu_part_len); set_msg_len (msg, apdu_part_len); msglen = 10 + apdu_part_len; rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; apdu_p += apdu_part_len; apdu_len -= apdu_part_len; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, CCID_CMD_TIMEOUT, 0); if (rc) return rc; if (!(chain & 0x01)) break; chain = 0x02; } apdu_len = 0; while (1) { apdu_part_len = msglen - 10; if (resp && apdu_len + apdu_part_len <= maxresplen) memcpy (resp + apdu_len, msg+10, apdu_part_len); apdu_len += apdu_part_len; if (!(msg[9] & 0x01)) break; msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = bwi; msg[8] = 0x10; /* Request next data block */ msg[9] = 0; set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, CCID_CMD_TIMEOUT, 0); if (rc) return rc; } if (resp) { if (apdu_len > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)apdu_len, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } *nresp = apdu_len; } return 0; } /* Protocol T=1 overview Block Structure: Prologue Field: 1 byte Node Address (NAD) 1 byte Protocol Control Byte (PCB) 1 byte Length (LEN) Information Field: 0-254 byte APDU or Control Information (INF) Epilogue Field: 1 byte Error Detection Code (EDC) NAD: bit 7 unused bit 4..6 Destination Node Address (DAD) bit 3 unused bit 2..0 Source Node Address (SAD) If node addresses are not used, SAD and DAD should be set to 0 on the first block sent to the card. If they are used they should have different values (0 for one is okay); that first block sets up the addresses of the nodes. PCB: Information Block (I-Block): bit 7 0 bit 6 Sequence number (yep, that is modulo 2) bit 5 Chaining flag bit 4..0 reserved Received-Ready Block (R-Block): bit 7 1 bit 6 0 bit 5 0 bit 4 Sequence number bit 3..0 0 = no error 1 = EDC or parity error 2 = other error other values are reserved Supervisory Block (S-Block): bit 7 1 bit 6 1 bit 5 clear=request,set=response bit 4..0 0 = resynchronization request 1 = information field size request 2 = abort request 3 = extension of BWT request 4 = VPP error other values are reserved */ int ccid_transceive (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; /* The size of the buffer used to be 10+259. For the via_escape hack we need one extra byte, thus 11+259. */ unsigned char send_buffer[11+259], recv_buffer[11+259]; const unsigned char *apdu; size_t apdulen; unsigned char *msg, *tpdu, *p; size_t msglen, tpdulen, last_tpdulen, n; unsigned char seqno; unsigned int edc; int use_crc = 0; int hdrlen, pcboff; size_t dummy_nresp; int via_escape = 0; int next_chunk = 1; int sending = 1; int retries = 0; int resyncing = 0; int nad_byte; int wait_more = 0; if (!nresp) nresp = &dummy_nresp; *nresp = 0; /* Smarter readers allow sending APDUs directly; divert here. */ if (handle->apdu_level) { /* We employ a hack for Omnikey readers which are able to send TPDUs using an escape sequence. There is no documentation but the Windows driver does it this way. Tested using a CM6121. This method works also for the Cherry XX44 keyboards; however there are problems with the ccid_transceive_secure which leads to a loss of sync on the CCID level. If Cherry wants to make their keyboard work again, they should hand over some docs. */ if ((handle->id_vendor == VENDOR_OMNIKEY) && handle->apdu_level < 2 && is_exlen_apdu (apdu_buf, apdu_buflen)) via_escape = 1; else return ccid_transceive_apdu_level (handle, apdu_buf, apdu_buflen, resp, maxresplen, nresp); } /* The other readers we support require sending TPDUs. */ tpdulen = 0; /* Avoid compiler warning about no initialization. */ msg = send_buffer; hdrlen = via_escape? 11 : 10; /* NAD: DAD=1, SAD=0 */ nad_byte = handle->nonnull_nad? ((1 << 4) | 0): 0; if (via_escape) nad_byte = 0; last_tpdulen = 0; /* Avoid gcc warning (controlled by RESYNCING). */ for (;;) { if (next_chunk) { next_chunk = 0; apdu = apdu_buf; apdulen = apdu_buflen; - assert (apdulen); + log_assert (apdulen); /* Construct an I-Block. */ tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = ((handle->t1_ns & 1) << 6); /* I-block */ if (apdulen > handle->ifsc ) { apdulen = handle->ifsc; apdu_buf += handle->ifsc; apdu_buflen -= handle->ifsc; tpdu[1] |= (1 << 5); /* Set more bit. */ } tpdu[2] = apdulen; memcpy (tpdu+3, apdu, apdulen); tpdulen = 3 + apdulen; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; } if (via_escape) { msg[0] = PC_to_RDR_Escape; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ msg[10] = 0x1a; /* Omnikey command to send a TPDU. */ set_msg_len (msg, 1 + tpdulen); } else { msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = wait_more; /* bBWI */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, tpdulen); } msglen = hdrlen + tpdulen; if (!resyncing) last_tpdulen = tpdulen; pcboff = hdrlen+1; if (debug_level > 1) DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n", ((msg[pcboff] & 0xc0) == 0x80)? 'R' : (msg[pcboff] & 0x80)? 'S' : 'I', ((msg[pcboff] & 0x80)? !!(msg[pcboff]& 0x10) : !!(msg[pcboff] & 0x40)), (!(msg[pcboff] & 0x80) && (msg[pcboff] & 0x20)? " [more]":"")); rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, seqno, (wait_more ? wait_more : 1) * CCID_CMD_TIMEOUT, 0); if (rc) return rc; tpdu = msg + hdrlen; tpdulen = msglen - hdrlen; resyncing = 0; if (tpdulen < 4) { #ifdef USE_NPTH npth_unprotect (); #endif libusb_clear_halt (handle->idev, handle->ep_bulk_in); #ifdef USE_NPTH npth_protect (); #endif return CCID_DRIVER_ERR_ABORTED; } if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[pcboff] & 0xc0) == 0x80)? 'R' : (msg[pcboff] & 0x80)? 'S' : 'I', ((msg[pcboff] & 0x80)? !!(msg[pcboff]& 0x10) : !!(msg[pcboff] & 0x40)), ((msg[pcboff] & 0xc0) == 0x80)? (msg[pcboff] & 0x0f) : 0, (!(msg[pcboff] & 0x80) && (msg[pcboff] & 0x20)? " [more]":"")); wait_more = 0; if (!(tpdu[1] & 0x80)) { /* This is an I-block. */ retries = 0; if (sending) { /* last block sent was successful. */ handle->t1_ns ^= 1; sending = 0; } if (!!(tpdu[1] & 0x40) != handle->t1_nr) { /* Response does not match our sequence number. */ msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4 | 2); /* R-block */ tpdu[2] = 0; tpdulen = 3; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; continue; } handle->t1_nr ^= 1; p = tpdu + 3; /* Skip the prologue field. */ n = tpdulen - 3 - 1; /* Strip the epilogue field. */ /* fixme: verify the checksum. */ if (resp) { if (n > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)n, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, p, n); resp += n; *nresp += n; maxresplen -= n; } if (!(tpdu[1] & 0x20)) return 0; /* No chaining requested - ready. */ msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4); /* R-block */ tpdu[2] = 0; tpdulen = 3; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; } else if ((tpdu[1] & 0xc0) == 0x80) { /* This is a R-block. */ if ( (tpdu[1] & 0x0f)) { retries++; if (via_escape && retries == 1 && (msg[pcboff] & 0x0f)) { /* Error probably due to switching to TPDU. Send a resync request. We use the recv_buffer so that we don't corrupt the send_buffer. */ msg = recv_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = 0xc0; /* S-block resync request. */ tpdu[2] = 0; tpdulen = 3; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; resyncing = 1; DEBUGOUT ("T=1: requesting resync\n"); } else if (retries > 3) { DEBUGOUT ("T=1: 3 failed retries\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else { /* Error: repeat last block */ msg = send_buffer; tpdulen = last_tpdulen; } } else if (sending && !!(tpdu[1] & 0x10) == handle->t1_ns) { /* Response does not match our sequence number. */ DEBUGOUT ("R-block with wrong seqno received on more bit\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if (sending) { /* Send next chunk. */ retries = 0; msg = send_buffer; next_chunk = 1; handle->t1_ns ^= 1; } else { DEBUGOUT ("unexpected ACK R-block received\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } } else { /* This is a S-block. */ retries = 0; DEBUGOUT_2 ("T=1: S-block %s received cmd=%d\n", (tpdu[1] & 0x20)? "response": "request", (tpdu[1] & 0x1f)); if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 1 && tpdu[2] == 1) { /* Information field size request. */ unsigned char ifsc = tpdu[3]; if (ifsc < 16 || ifsc > 254) return CCID_DRIVER_ERR_CARD_IO_ERROR; msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = (0xc0 | 0x20 | 1); /* S-block response */ tpdu[2] = 1; tpdu[3] = ifsc; tpdulen = 4; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; DEBUGOUT_1 ("T=1: requesting an ifsc=%d\n", ifsc); } else if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 3 && tpdu[2]) { /* Wait time extension request. */ unsigned char bwi = tpdu[3]; wait_more = bwi; msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; tpdu[1] = (0xc0 | 0x20 | 3); /* S-block response */ tpdu[2] = 1; tpdu[3] = bwi; tpdulen = 4; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; DEBUGOUT_1 ("T=1: waittime extension of bwi=%d\n", bwi); print_progress (handle); } else if ( (tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 0 && !tpdu[2]) { DEBUGOUT ("T=1: resync ack from reader\n"); /* Repeat previous block. */ msg = send_buffer; tpdulen = last_tpdulen; } else return CCID_DRIVER_ERR_CARD_IO_ERROR; } } /* end T=1 protocol loop. */ return 0; } /* Send the CCID Secure command to the reader. APDU_BUF should contain the APDU template. PIN_MODE defines how the pin gets formatted: 1 := The PIN is ASCII encoded and of variable length. The length of the PIN entered will be put into Lc by the reader. The APDU should me made up of 4 bytes without Lc. PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0 may be used t enable reasonable defaults. When called with RESP and NRESP set to NULL, the function will merely check whether the reader supports the secure command for the given APDU and PIN_MODE. */ int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, pininfo_t *pininfo, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; unsigned char send_buffer[10+259], recv_buffer[10+259]; unsigned char *msg, *tpdu, *p; size_t msglen, tpdulen, n; unsigned char seqno; size_t dummy_nresp; int testmode; int cherry_mode = 0; int add_zero = 0; int enable_varlen = 0; testmode = !resp && !nresp; if (!nresp) nresp = &dummy_nresp; *nresp = 0; if (apdu_buflen >= 4 && apdu_buf[1] == 0x20 && (handle->has_pinpad & 1)) ; else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2)) ; else return CCID_DRIVER_ERR_NO_PINPAD; if (!pininfo->minlen) pininfo->minlen = 1; if (!pininfo->maxlen) pininfo->maxlen = 15; /* Note that the 25 is the maximum value the SPR532 allows. */ if (pininfo->minlen < 1 || pininfo->minlen > 25 || pininfo->maxlen < 1 || pininfo->maxlen > 25 || pininfo->minlen > pininfo->maxlen) return CCID_DRIVER_ERR_INV_VALUE; /* We have only tested a few readers so better don't risk anything and do not allow the use with other readers. */ switch (handle->id_vendor) { case VENDOR_SCM: /* Tested with SPR 532. */ case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */ case VENDOR_FSIJ: /* Tested with Gnuk (0.21). */ pininfo->maxlen = 25; enable_varlen = 1; break; case VENDOR_REINER:/* Tested with cyberJack go */ case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ enable_varlen = 1; break; case VENDOR_CHERRY: pininfo->maxlen = 15; enable_varlen = 1; /* The CHERRY XX44 keyboard echos an asterisk for each entered character on the keyboard channel. We use a special variant of PC_to_RDR_Secure which directs these characters to the smart card's bulk-in channel. We also need to append a zero Lc byte to the APDU. It seems that it will be replaced with the actual length instead of being appended before the APDU is send to the card. */ add_zero = 1; if (handle->id_product != CHERRY_ST2000) cherry_mode = 1; break; case VENDOR_NXP: if (handle->id_product == CRYPTOUCAN) { pininfo->maxlen = 25; enable_varlen = 1; break; } return CCID_DRIVER_ERR_NOT_SUPPORTED; case VENDOR_GEMPC: if (handle->id_product == GEMPC_PINPAD) { enable_varlen = 0; pininfo->minlen = 4; pininfo->maxlen = 8; break; } else if (handle->id_product == GEMPC_EZIO) { pininfo->maxlen = 25; enable_varlen = 1; break; } return CCID_DRIVER_ERR_NOT_SUPPORTED; default: if ((handle->id_vendor == VENDOR_VEGA && handle->id_product == VEGA_ALPHA)) { enable_varlen = 0; pininfo->minlen = 4; pininfo->maxlen = 8; break; } return CCID_DRIVER_ERR_NOT_SUPPORTED; } if (enable_varlen) pininfo->fixedlen = 0; if (testmode) return 0; /* Success */ if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) return CCID_DRIVER_ERR_NOT_SUPPORTED; msg = send_buffer; msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* bBWI */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ msg[10] = apdu_buf[1] == 0x20 ? 0 : 1; /* Perform PIN verification or PIN modification. */ msg[11] = 0; /* Timeout in seconds. */ msg[12] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ if (handle->id_vendor == VENDOR_SCM) { /* For the SPR532 the next 2 bytes need to be zero. We do this for all SCM products. Kudos to Martin Paljak for this hint. */ msg[13] = msg[14] = 0; } else { msg[13] = pininfo->fixedlen; /* bmPINBlockString: 0 bits of pin length to insert. PIN block size by fixedlen. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } msglen = 15; if (apdu_buf[1] == 0x24) { msg[msglen++] = 0; /* bInsertionOffsetOld */ msg[msglen++] = pininfo->fixedlen; /* bInsertionOffsetNew */ } /* The following is a little endian word. */ msg[msglen++] = pininfo->maxlen; /* wPINMaxExtraDigit-Maximum. */ msg[msglen++] = pininfo->minlen; /* wPINMaxExtraDigit-Minimum. */ if (apdu_buf[1] == 0x24) msg[msglen++] = apdu_buf[2] == 0 ? 0x03 : 0x01; /* bConfirmPIN * 0x00: new PIN once * 0x01: new PIN twice (confirmation) * 0x02: old PIN and new PIN once * 0x03: old PIN and new PIN twice (confirmation) */ msg[msglen] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) msg[msglen] |= 0x01; /* Max size reached. */ msglen++; if (apdu_buf[1] == 0x20) msg[msglen++] = 0x01; /* bNumberMessage. */ else msg[msglen++] = 0x03; /* bNumberMessage. */ msg[msglen++] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */ msg[msglen++] = 0x04; /* wLangId-High. */ if (apdu_buf[1] == 0x20) msg[msglen++] = 0; /* bMsgIndex. */ else { msg[msglen++] = 0; /* bMsgIndex1. */ msg[msglen++] = 1; /* bMsgIndex2. */ msg[msglen++] = 2; /* bMsgIndex3. */ } /* Calculate Lc. */ n = pininfo->fixedlen; if (apdu_buf[1] == 0x24) n += pininfo->fixedlen; /* bTeoProlog follows: */ msg[msglen++] = handle->nonnull_nad? ((1 << 4) | 0): 0; msg[msglen++] = ((handle->t1_ns & 1) << 6); /* I-block */ if (n) msg[msglen++] = n + 5; /* apdulen should be filled for fixed length. */ else msg[msglen++] = 0; /* The apdulen will be filled in by the reader. */ /* APDU follows: */ msg[msglen++] = apdu_buf[0]; /* CLA */ msg[msglen++] = apdu_buf[1]; /* INS */ msg[msglen++] = apdu_buf[2]; /* P1 */ msg[msglen++] = apdu_buf[3]; /* P2 */ if (add_zero) msg[msglen++] = 0; else if (pininfo->fixedlen != 0) { msg[msglen++] = n; memset (&msg[msglen], 0xff, n); msglen += n; } /* An EDC is not required. */ set_msg_len (msg, msglen - 10); rc = bulk_out (handle, msg, msglen, 0); if (rc) return rc; msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, RDR_to_PC_DataBlock, seqno, 30000, 0); if (rc) return rc; tpdu = msg + 10; tpdulen = msglen - 10; if (handle->apdu_level) { if (resp) { if (tpdulen > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)tpdulen, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, tpdu, tpdulen); *nresp = tpdulen; } return 0; } if (tpdulen < 4) { #ifdef USE_NPTH npth_unprotect (); #endif libusb_clear_halt (handle->idev, handle->ep_bulk_in); #ifdef USE_NPTH npth_protect (); #endif return CCID_DRIVER_ERR_ABORTED; } if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0, (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); if (!(tpdu[1] & 0x80)) { /* This is an I-block. */ /* Last block sent was successful. */ handle->t1_ns ^= 1; if (!!(tpdu[1] & 0x40) != handle->t1_nr) { /* Response does not match our sequence number. */ DEBUGOUT ("I-block with wrong seqno received\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } handle->t1_nr ^= 1; p = tpdu + 3; /* Skip the prologue field. */ n = tpdulen - 3 - 1; /* Strip the epilogue field. */ /* fixme: verify the checksum. */ if (resp) { if (n > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)n, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, p, n); *nresp += n; } if (!(tpdu[1] & 0x20)) return 0; /* No chaining requested - ready. */ DEBUGOUT ("chaining requested but not supported for Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if ((tpdu[1] & 0xc0) == 0x80) { /* This is a R-block. */ if ( (tpdu[1] & 0x0f)) { /* Error: repeat last block */ DEBUGOUT ("No retries supported for Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if (!!(tpdu[1] & 0x10) == handle->t1_ns) { /* Response does not match our sequence number. */ DEBUGOUT ("R-block with wrong seqno received on more bit\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else { /* Send next chunk. */ DEBUGOUT ("chaining not supported on Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } } else { /* This is a S-block. */ DEBUGOUT_2 ("T=1: S-block %s received cmd=%d for Secure operation\n", (tpdu[1] & 0x20)? "response": "request", (tpdu[1] & 0x1f)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } return 0; } #ifdef TEST static void print_error (int err) { const char *p; char buf[50]; switch (err) { case 0: p = "success"; break; case CCID_DRIVER_ERR_OUT_OF_CORE: p = "out of core"; break; case CCID_DRIVER_ERR_INV_VALUE: p = "invalid value"; break; case CCID_DRIVER_ERR_NO_DRIVER: p = "no driver"; break; case CCID_DRIVER_ERR_NOT_SUPPORTED: p = "not supported"; break; case CCID_DRIVER_ERR_LOCKING_FAILED: p = "locking failed"; break; case CCID_DRIVER_ERR_BUSY: p = "busy"; break; case CCID_DRIVER_ERR_NO_CARD: p = "no card"; break; case CCID_DRIVER_ERR_CARD_INACTIVE: p = "card inactive"; break; case CCID_DRIVER_ERR_CARD_IO_ERROR: p = "card I/O error"; break; case CCID_DRIVER_ERR_GENERAL_ERROR: p = "general error"; break; case CCID_DRIVER_ERR_NO_READER: p = "no reader"; break; case CCID_DRIVER_ERR_ABORTED: p = "aborted"; break; default: sprintf (buf, "0x%05x", err); p = buf; break; } fprintf (stderr, "operation failed: %s\n", p); } static void print_data (const unsigned char *data, size_t length) { if (length >= 2) { fprintf (stderr, "operation status: %02X%02X\n", data[length-2], data[length-1]); length -= 2; } if (length) { fputs (" returned data:", stderr); for (; length; length--, data++) fprintf (stderr, " %02X", *data); putc ('\n', stderr); } } static void print_result (int rc, const unsigned char *data, size_t length) { if (rc) print_error (rc); else if (data) print_data (data, length); } int main (int argc, char **argv) { gpg_error_t err; ccid_driver_t ccid; int slotstat; unsigned char result[512]; size_t resultlen; int no_pinpad = 0; int verify_123456 = 0; int did_verify = 0; int no_poll = 0; int idx_max; struct ccid_dev_table *ccid_table; if (argc) { argc--; argv++; } while (argc) { if ( !strcmp (*argv, "--list")) { char *p; p = ccid_get_reader_list (); if (!p) return 1; fputs (p, stderr); free (p); return 0; } else if ( !strcmp (*argv, "--debug")) { ccid_set_debug_level (ccid_set_debug_level (-1)+1); argc--; argv++; } else if ( !strcmp (*argv, "--no-poll")) { no_poll = 1; argc--; argv++; } else if ( !strcmp (*argv, "--no-pinpad")) { no_pinpad = 1; argc--; argv++; } else if ( !strcmp (*argv, "--verify-123456")) { verify_123456 = 1; argc--; argv++; } else break; } err = ccid_dev_scan (&idx_max, &ccid_table); if (err) return 1; if (idx_max == 0) return 1; err = ccid_open_reader (argc? *argv:NULL, 0, ccid_table, &ccid, NULL); if (err) return 1; ccid_dev_scan_finish (ccid_table, idx_max); if (!no_poll) ccid_poll (ccid); fputs ("getting ATR ...\n", stderr); err = ccid_get_atr (ccid, NULL, 0, NULL); if (err) { print_error (err); return 1; } if (!no_poll) ccid_poll (ccid); fputs ("getting slot status ...\n", stderr); err = ccid_slot_status (ccid, &slotstat, 1); if (err) { print_error (err); return 1; } if (!no_poll) ccid_poll (ccid); fputs ("selecting application OpenPGP ....\n", stderr); { static unsigned char apdu[] = { 0, 0xA4, 4, 0, 6, 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01}; err = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (err, result, resultlen); } if (!no_poll) ccid_poll (ccid); fputs ("getting OpenPGP DO 0x65 ....\n", stderr); { static unsigned char apdu[] = { 0, 0xCA, 0, 0x65, 254 }; err = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (err, result, resultlen); } if (!no_pinpad) { } if (!no_pinpad) { static unsigned char apdu[] = { 0, 0x20, 0, 0x81 }; pininfo_t pininfo = { 0, 0, 0 }; if (ccid_transceive_secure (ccid, apdu, sizeof apdu, &pininfo, NULL, 0, NULL)) fputs ("can't verify using a PIN-Pad reader\n", stderr); else { fputs ("verifying CHV1 using the PINPad ....\n", stderr); err = ccid_transceive_secure (ccid, apdu, sizeof apdu, &pininfo, result, sizeof result, &resultlen); print_result (err, result, resultlen); did_verify = 1; } } if (verify_123456 && !did_verify) { fputs ("verifying that CHV1 is 123456....\n", stderr); { static unsigned char apdu[] = {0, 0x20, 0, 0x81, 6, '1','2','3','4','5','6'}; err = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (err, result, resultlen); } } if (!err) { fputs ("getting OpenPGP DO 0x5E ....\n", stderr); { static unsigned char apdu[] = { 0, 0xCA, 0, 0x5E, 254 }; err = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (err, result, resultlen); } } ccid_close_reader (ccid); return 0; } /* * Local Variables: * compile-command: "gcc -DTEST -DGPGRT_ENABLE_ES_MACROS -DHAVE_NPTH -DUSE_NPTH -Wall -I/usr/include/libusb-1.0 -I/usr/local/include -lusb-1.0 -g ccid-driver.c -lnpth -lgpg-error" * End: */ #endif /*TEST*/ #endif /*HAVE_LIBUSB*/ diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 3c9e28584..eddc83256 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1,1437 +1,1436 @@ /* scdaemon.c - The GnuPG Smartcard Daemon * Copyright (C) 2001-2002, 2004-2005, 2007-2020 Free Software Foundation, Inc. * Copyright (C) 2001-2002, 2004-2005, 2007-2019 Werner Koch * Copyright (C) 2020 g10 Code GmbH * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * SPDX-License-Identifier: GPL-3.0-or-later */ #include #include #include #include #include #include #include -#include #include #include #ifndef HAVE_W32_SYSTEM #include #include #endif /*HAVE_W32_SYSTEM*/ #include #include #include #define INCLUDED_BY_MAIN_MODULE 1 #define GNUPG_COMMON_NEED_AFLOCAL #include "scdaemon.h" #include #include #include /* malloc hooks */ #include "../common/i18n.h" #include "../common/sysutils.h" #include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" #include "../common/gc-opt-flags.h" #include "../common/asshelp.h" #include "../common/exechelp.h" #include "../common/init.h" #ifndef ENAMETOOLONG # define ENAMETOOLONG EINVAL #endif enum cmd_and_opt_values { aNull = 0, oCsh = 'c', oQuiet = 'q', oSh = 's', oVerbose = 'v', oNoVerbose = 500, aGPGConfList, aGPGConfTest, oOptions, oDebug, oDebugAll, oDebugLevel, oDebugWait, oDebugAllowCoreDump, oDebugCCIDDriver, oDebugLogTid, oDebugAssuanLogCats, oNoGreeting, oNoOptions, oHomedir, oNoDetach, oNoGrab, oLogFile, oServer, oMultiServer, oDaemon, oBatch, oReaderPort, oCardTimeout, octapiDriver, opcscDriver, opcscShared, oDisableCCID, oDisableOpenSC, oDisablePinpad, oAllowAdmin, oDenyAdmin, oDisableApplication, oApplicationPriority, oEnablePinpadVarlen, oListenBacklog }; static gpgrt_opt_t opts[] = { ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"), ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"), ARGPARSE_header (NULL, N_("Options used for startup")), ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")), ARGPARSE_s_n (oMultiServer, "multi-server", N_("run in multi server mode (foreground)")), ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")), ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")), ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_conffile (oOptions, "options", N_("|FILE|read options from FILE")), ARGPARSE_noconffile (oNoOptions, "no-options", "@"), ARGPARSE_header ("Monitor", N_("Options controlling the diagnostic output")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_s (oDebug, "debug", "@"), ARGPARSE_s_n (oDebugAll, "debug-all", "@"), ARGPARSE_s_s (oDebugLevel, "debug-level" , N_("|LEVEL|set the debugging level to LEVEL")), ARGPARSE_s_i (oDebugWait, "debug-wait", "@"), ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"), ARGPARSE_s_n (oDebugCCIDDriver, "debug-ccid-driver", "@"), ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"), ARGPARSE_p_u (oDebugAssuanLogCats, "debug-assuan-log-cats", "@"), ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")), ARGPARSE_header ("Configuration", N_("Options controlling the configuration")), ARGPARSE_s_s (oReaderPort, "reader-port", N_("|N|connect to reader at port N")), ARGPARSE_s_s (octapiDriver, "ctapi-driver", N_("|NAME|use NAME as ct-API driver")), ARGPARSE_s_s (opcscDriver, "pcsc-driver", N_("|NAME|use NAME as PC/SC driver")), ARGPARSE_s_n (opcscShared, "pcsc-shared", "@"), ARGPARSE_s_n (oDisableCCID, "disable-ccid", #ifdef HAVE_LIBUSB N_("do not use the internal CCID driver") #else "@" #endif /* end --disable-ccid */), ARGPARSE_s_u (oCardTimeout, "card-timeout", N_("|N|disconnect the card after N seconds of inactivity")), ARGPARSE_s_n (oDisablePinpad, "disable-pinpad", N_("do not use a reader's pinpad")), ARGPARSE_ignore (300, "disable-keypad"), ARGPARSE_s_n (oEnablePinpadVarlen, "enable-pinpad-varlen", N_("use variable length input for pinpad")), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), ARGPARSE_s_s (oApplicationPriority, "application-priority", N_("|LIST|change the application priority to LIST")), ARGPARSE_s_i (oListenBacklog, "listen-backlog", "@"), ARGPARSE_header("Security", N_("Options controlling the security")), ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"), ARGPARSE_s_n (oDenyAdmin, "deny-admin", N_("deny the use of admin card commands")), ARGPARSE_end () }; /* The list of supported debug flags. */ static struct debug_flags_s debug_flags [] = { { DBG_MPI_VALUE , "mpi" }, { DBG_CRYPTO_VALUE , "crypto" }, { DBG_MEMORY_VALUE , "memory" }, { DBG_CACHE_VALUE , "cache" }, { DBG_MEMSTAT_VALUE, "memstat" }, { DBG_HASHING_VALUE, "hashing" }, { DBG_IPC_VALUE , "ipc" }, { DBG_CARD_IO_VALUE, "cardio" }, { DBG_READER_VALUE , "reader" }, { DBG_APP_VALUE , "app" }, { 0, NULL } }; /* The card driver we use by default for PC/SC. */ #if defined(HAVE_W32_SYSTEM) || defined(__CYGWIN__) #define DEFAULT_PCSC_DRIVER "winscard.dll" #elif defined(__APPLE__) #define DEFAULT_PCSC_DRIVER "/System/Library/Frameworks/PCSC.framework/PCSC" #elif defined(__GLIBC__) #define DEFAULT_PCSC_DRIVER "libpcsclite.so.1" #else #define DEFAULT_PCSC_DRIVER "libpcsclite.so" #endif /* The timer tick used to check card removal. We poll every 500ms to let the user immediately know a status change. For a card reader with an interrupt endpoint, this timer is not used with the internal CCID driver. This is not too good for power saving but given that there is no easy way to block on card status changes it is the best we can do. For PC/SC we could in theory use an extra thread to wait for status changes but that requires a native thread because there is no way to make the underlying PC/SC card change function block using a Npth mechanism. Given that a native thread could only be used under W32 we don't do that at all. */ #define TIMERTICK_INTERVAL_SEC (0) #define TIMERTICK_INTERVAL_USEC (500000) /* Flag to indicate that a shutdown was requested. */ static int shutdown_pending; /* It is possible that we are currently running under setuid permissions */ static int maybe_setuid = 1; /* Flag telling whether we are running as a pipe server. */ static int pipe_server; /* Name of the communication socket */ static char *socket_name; /* Name of the redirected socket or NULL. */ static char *redir_socket_name; /* We need to keep track of the server's nonces (these are dummies for POSIX systems). */ static assuan_sock_nonce_t socket_nonce; /* Value for the listen() backlog argument. Change at runtime with * --listen-backlog. */ static int listen_backlog = 64; #ifdef HAVE_W32_SYSTEM static HANDLE the_event; #else /* PID to notify update of usb devices. */ static pid_t main_thread_pid; #endif #ifdef HAVE_PSELECT_NO_EINTR /* FD to notify changes. */ static int notify_fd; #endif static char *create_socket_name (char *standard_name); static gnupg_fd_t create_server_socket (const char *name, char **r_redir_name, assuan_sock_nonce_t *nonce); static void *start_connection_thread (void *arg); static void handle_connections (int listen_fd); /* Pth wrapper function definitions. */ ASSUAN_SYSTEM_NPTH_IMPL; static int active_connections; static char * make_libversion (const char *libname, const char *(*getfnc)(const char*)) { const char *s; char *result; if (maybe_setuid) { gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ maybe_setuid = 0; } s = getfnc (NULL); result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); strcpy (stpcpy (stpcpy (result, libname), " "), s); return result; } static const char * my_strusage (int level) { static char *ver_gcry, *ver_ksba; const char *p; switch (level) { case 9: p = "GPL-3.0-or-later"; break; case 11: p = "@SCDAEMON@ (@GNUPG@)"; break; case 13: p = VERSION; break; case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break; case 17: p = PRINTABLE_OS_NAME; break; case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break; case 20: if (!ver_gcry) ver_gcry = make_libversion ("libgcrypt", gcry_check_version); p = ver_gcry; break; case 21: if (!ver_ksba) ver_ksba = make_libversion ("libksba", ksba_check_version); p = ver_ksba; break; case 1: case 40: p = _("Usage: @SCDAEMON@ [options] (-h for help)"); break; case 41: p = _("Syntax: scdaemon [options] [command [args]]\n" "Smartcard daemon for @GNUPG@\n"); break; default: p = NULL; } return p; } static int tid_log_callback (unsigned long *rvalue) { int len = sizeof (*rvalue); npth_t thread; thread = npth_self (); if (sizeof (thread) < len) len = sizeof (thread); memcpy (rvalue, &thread, len); return 2; /* Use use hex representation. */ } /* Setup the debugging. With a LEVEL of NULL only the active debug flags are propagated to the subsystems. With LEVEL set, a specific set of debug flags is set; thus overriding all flags already set. */ static void set_debug (const char *level) { int numok = (level && digitp (level)); int numlvl = numok? atoi (level) : 0; if (!level) ; else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) opt.debug = DBG_IPC_VALUE; else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) opt.debug = DBG_IPC_VALUE; else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_IPC_VALUE|DBG_CACHE_VALUE|DBG_CARD_IO_VALUE); else if (!strcmp (level, "guru") || numok) { opt.debug = ~0; /* Unless the "guru" string has been used we don't want to allow hashing debugging. The rationale is that people tend to select the highest debug value and would then clutter their disk with debug files which may reveal confidential data. */ if (numok) opt.debug &= ~(DBG_HASHING_VALUE); } else { log_error (_("invalid debug-level '%s' given\n"), level); scd_exit(2); } if (opt.debug && !opt.verbose) opt.verbose = 1; if (opt.debug && opt.quiet) opt.quiet = 0; if (opt.debug & DBG_MPI_VALUE) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2); if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); if (opt.debug) parse_debug_flag (NULL, &opt.debug, debug_flags); } static void cleanup (void) { if (socket_name && *socket_name) { char *name; name = redir_socket_name? redir_socket_name : socket_name; gnupg_remove (name); *socket_name = 0; } } static void setup_signal_mask (void) { #ifndef HAVE_W32_SYSTEM npth_sigev_init (); npth_sigev_add (SIGHUP); npth_sigev_add (SIGUSR1); npth_sigev_add (SIGUSR2); npth_sigev_add (SIGINT); npth_sigev_add (SIGCONT); npth_sigev_add (SIGTERM); npth_sigev_fini (); main_thread_pid = getpid (); #endif } int main (int argc, char **argv ) { gpgrt_argparse_t pargs; int orig_argc; char **orig_argv; char *last_configname = NULL; const char *configname = NULL; const char *shell; int debug_argparser = 0; const char *debug_level = NULL; int greeting = 0; int nogreeting = 0; int multi_server = 0; int is_daemon = 0; int nodetach = 0; int csh_style = 0; char *logfile = NULL; int debug_wait = 0; int gpgconf_list = 0; char *config_filename = NULL; int allow_coredump = 0; struct assuan_malloc_hooks malloc_hooks; int res; npth_t pipecon_handler; const char *application_priority = NULL; early_system_init (); gpgrt_set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to INIT_SECMEM() somewhere after the option parsing */ log_set_prefix ("scdaemon", GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_PID); /* Make sure that our subsystems are ready. */ i18n_init (); init_common_subsystems (&argc, &argv); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc; malloc_hooks.realloc = gcry_realloc; malloc_hooks.free = gcry_free; assuan_set_malloc_hooks (&malloc_hooks); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); assuan_sock_init (); setup_libassuan_logging (&opt.debug, NULL); setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); disable_core_dumps (); /* Set default options. */ opt.allow_admin = 1; opt.pcsc_driver = DEFAULT_PCSC_DRIVER; shell = getenv ("SHELL"); if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) csh_style = 1; /* Check whether we have a config file on the commandline */ orig_argc = argc; orig_argv = argv; pargs.argc = &argc; pargs.argv = &argv; pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION); while (gpgrt_argparse (NULL, &pargs, opts)) { switch (pargs.r_opt) { case oDebug: case oDebugAll: debug_argparser++; break; case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; } } /* Reset the flags. */ pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION); /* initialize the secure memory. */ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); maybe_setuid = 0; /* Now we are working under our real uid */ /* The configuraton directories for use by gpgrt_argparser. */ gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ()); gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ()); /* We are re-using the struct, thus the reset flag. We OR the * flags so that the internal intialized flag won't be cleared. */ argc = orig_argc; argv = orig_argv; pargs.argc = &argc; pargs.argv = &argv; pargs.flags |= (ARGPARSE_FLAG_RESET | ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_SYS | ARGPARSE_FLAG_USER); while (gpgrt_argparser (&pargs, opts, SCDAEMON_NAME EXTSEP_S "conf")) { switch (pargs.r_opt) { case ARGPARSE_CONFFILE: if (debug_argparser) log_info (_("reading options from '%s'\n"), pargs.r_type? pargs.r.ret_str: "[cmdline]"); if (pargs.r_type) { xfree (last_configname); last_configname = xstrdup (pargs.r.ret_str); configname = last_configname; } else configname = NULL; break; case aGPGConfList: gpgconf_list = 1; break; case aGPGConfTest: gpgconf_list = 2; break; case oQuiet: opt.quiet = 1; break; case oVerbose: opt.verbose++; break; case oBatch: opt.batch=1; break; case oDebug: if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags)) { pargs.r_opt = ARGPARSE_INVALID_ARG; pargs.err = ARGPARSE_PRINT_ERROR; } break; case oDebugAll: opt.debug = ~0; break; case oDebugLevel: debug_level = pargs.r.ret_str; break; case oDebugWait: debug_wait = pargs.r.ret_int; break; case oDebugAllowCoreDump: enable_core_dumps (); allow_coredump = 1; break; case oDebugCCIDDriver: #ifdef HAVE_LIBUSB ccid_set_debug_level (ccid_set_debug_level (-1)+1); #endif /*HAVE_LIBUSB*/ break; case oDebugLogTid: log_set_pid_suffix_cb (tid_log_callback); break; case oDebugAssuanLogCats: set_libassuan_log_cats (pargs.r.ret_ulong); break; case oNoGreeting: nogreeting = 1; break; case oNoVerbose: opt.verbose = 0; break; case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; case oNoDetach: nodetach = 1; break; case oLogFile: logfile = pargs.r.ret_str; break; case oCsh: csh_style = 1; break; case oSh: csh_style = 0; break; case oServer: pipe_server = 1; break; case oMultiServer: pipe_server = 1; multi_server = 1; break; case oDaemon: is_daemon = 1; break; case oReaderPort: opt.reader_port = pargs.r.ret_str; break; case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break; case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break; case opcscShared: opt.pcsc_shared = 1; break; case oDisableCCID: opt.disable_ccid = 1; break; case oDisableOpenSC: break; case oDisablePinpad: opt.disable_pinpad = 1; break; case oAllowAdmin: /* Dummy because allow is now the default. */ break; case oDenyAdmin: opt.allow_admin = 0; break; case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break; case oDisableApplication: add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); break; case oApplicationPriority: application_priority = pargs.r.ret_str; break; case oEnablePinpadVarlen: opt.enable_pinpad_varlen = 1; break; case oListenBacklog: listen_backlog = pargs.r.ret_int; break; default: if (configname) pargs.err = ARGPARSE_PRINT_WARNING; else pargs.err = ARGPARSE_PRINT_ERROR; break; } } gpgrt_argparse (NULL, &pargs, NULL); /* Release internal state. */ if (!last_configname) config_filename = gpgrt_fnameconcat (gnupg_homedir (), SCDAEMON_NAME EXTSEP_S "conf", NULL); else { config_filename = last_configname; last_configname = NULL; } if (log_get_errorcount(0)) exit(2); if (nogreeting ) greeting = 0; if (greeting) { es_fprintf (es_stderr, "%s %s; %s\n", gpgrt_strusage (11),gpgrt_strusage (13),gpgrt_strusage (14)); es_fprintf (es_stderr, "%s\n", gpgrt_strusage (15)); } #ifdef IS_DEVELOPMENT_VERSION log_info ("NOTE: this is a development version!\n"); #endif /* Print a warning if an argument looks like an option. */ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) { int i; for (i=0; i < argc; i++) if (argv[i][0] == '-' && argv[i][1] == '-') log_info (_("Note: '%s' is not considered an option\n"), argv[i]); } if (atexit (cleanup)) { log_error ("atexit failed\n"); cleanup (); exit (1); } set_debug (debug_level); if (initialize_module_command ()) { log_error ("initialization failed\n"); cleanup (); exit (1); } if (gpgconf_list == 2) scd_exit (0); if (gpgconf_list) { /* List options and default values in the GPG Conf format. */ es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); es_printf ("pcsc-driver:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, DEFAULT_PCSC_DRIVER ); es_printf ("card-timeout:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, 0); scd_exit (0); } /* Now start with logging to a file if this is desired. */ if (logfile) { log_set_file (logfile); log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID)); } if (debug_wait && pipe_server) { log_debug ("waiting for debugger - my pid is %u .....\n", (unsigned int)getpid()); gnupg_sleep (debug_wait); log_debug ("... okay\n"); } if (application_priority) app_update_priority_list (application_priority); if (pipe_server) { /* This is the simple pipe based server */ ctrl_t ctrl; npth_attr_t tattr; int fd = -1; #ifndef HAVE_W32_SYSTEM { struct sigaction sa; sa.sa_handler = SIG_IGN; sigemptyset (&sa.sa_mask); sa.sa_flags = 0; sigaction (SIGPIPE, &sa, NULL); } #endif npth_init (); setup_signal_mask (); gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); /* If --debug-allow-core-dump has been given we also need to switch the working directory to a place where we can actually write. */ if (allow_coredump) { if (chdir("/tmp")) log_debug ("chdir to '/tmp' failed: %s\n", strerror (errno)); else log_debug ("changed working directory to '/tmp'\n"); } /* In multi server mode we need to listen on an additional socket. Create that socket now before starting the handler for the pipe connection. This allows that handler to send back the name of that socket. */ if (multi_server) { socket_name = create_socket_name (SCDAEMON_SOCK_NAME); fd = FD2INT(create_server_socket (socket_name, &redir_socket_name, &socket_nonce)); } res = npth_attr_init (&tattr); if (res) { log_error ("error allocating thread attributes: %s\n", strerror (res)); scd_exit (2); } npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); ctrl = xtrycalloc (1, sizeof *ctrl); if ( !ctrl ) { log_error ("error allocating connection control data: %s\n", strerror (errno) ); scd_exit (2); } ctrl->thread_startup.fd = GNUPG_INVALID_FD; res = npth_create (&pipecon_handler, &tattr, start_connection_thread, ctrl); if (res) { log_error ("error spawning pipe connection handler: %s\n", strerror (res) ); xfree (ctrl); scd_exit (2); } npth_setname_np (pipecon_handler, "pipe-connection"); npth_attr_destroy (&tattr); /* We run handle_connection to wait for the shutdown signal and to run the ticker stuff. */ handle_connections (fd); if (fd != -1) close (fd); } else if (!is_daemon) { log_info (_("please use the option '--daemon'" " to run the program in the background\n")); } else { /* Regular server mode */ int fd; #ifndef HAVE_W32_SYSTEM pid_t pid; int i; #endif /* Create the socket. */ socket_name = create_socket_name (SCDAEMON_SOCK_NAME); fd = FD2INT (create_server_socket (socket_name, &redir_socket_name, &socket_nonce)); fflush (NULL); #ifdef HAVE_W32_SYSTEM (void)csh_style; (void)nodetach; #else pid = fork (); if (pid == (pid_t)-1) { log_fatal ("fork failed: %s\n", strerror (errno) ); exit (1); } else if (pid) { /* we are the parent */ char *infostr; close (fd); /* create the info string: :: */ if (gpgrt_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1", socket_name, (ulong) pid) < 0) { log_error ("out of core\n"); kill (pid, SIGTERM); exit (1); } *socket_name = 0; /* don't let cleanup() remove the socket - the child should do this from now on */ if (argc) { /* run the program given on the commandline */ if (putenv (infostr)) { log_error ("failed to set environment: %s\n", strerror (errno) ); kill (pid, SIGTERM ); exit (1); } execvp (argv[0], argv); log_error ("failed to run the command: %s\n", strerror (errno)); kill (pid, SIGTERM); exit (1); } else { /* Print the environment string, so that the caller can use shell's eval to set it */ if (csh_style) { *strchr (infostr, '=') = ' '; es_printf ( "setenv %s;\n", infostr); } else { es_printf ( "%s; export SCDAEMON_INFO;\n", infostr); } xfree (infostr); exit (0); } /* NOTREACHED */ } /* end parent */ /* This is the child. */ npth_init (); setup_signal_mask (); gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); /* Detach from tty and put process into a new session. */ if (!nodetach ) { /* Close stdin, stdout and stderr unless it is the log stream. */ for (i=0; i <= 2; i++) { if (!log_test_fd (i) && i != fd ) { if ( !close (i) && open ("/dev/null", i? O_WRONLY : O_RDONLY) == -1) { log_error ("failed to open '%s': %s\n", "/dev/null", strerror (errno)); cleanup (); exit (1); } } } if (setsid() == -1) { log_error ("setsid() failed: %s\n", strerror(errno) ); cleanup (); exit (1); } } { struct sigaction sa; sa.sa_handler = SIG_IGN; sigemptyset (&sa.sa_mask); sa.sa_flags = 0; sigaction (SIGPIPE, &sa, NULL); } #endif /*!HAVE_W32_SYSTEM*/ if (gnupg_chdir (gnupg_daemon_rootdir ())) { log_error ("chdir to '%s' failed: %s\n", gnupg_daemon_rootdir (), strerror (errno)); exit (1); } handle_connections (fd); close (fd); } xfree (config_filename); return 0; } void scd_exit (int rc) { apdu_prepare_exit (); #if 0 #warning no update_random_seed_file update_random_seed_file(); #endif #if 0 /* at this time a bit annoying */ if (opt.debug & DBG_MEMSTAT_VALUE) { gcry_control( GCRYCTL_DUMP_MEMORY_STATS ); gcry_control( GCRYCTL_DUMP_RANDOM_STATS ); } if (opt.debug) gcry_control (GCRYCTL_DUMP_SECMEM_STATS ); #endif gcry_control (GCRYCTL_TERM_SECMEM ); rc = rc? rc : log_get_errorcount(0)? 2 : 0; exit (rc); } static void scd_init_default_ctrl (ctrl_t ctrl) { (void)ctrl; } static void scd_deinit_default_ctrl (ctrl_t ctrl) { if (!ctrl) return; xfree (ctrl->in_data.value); ctrl->in_data.value = NULL; ctrl->in_data.valuelen = 0; } /* Return the name of the socket to be used to connect to this process. If no socket is available, return NULL. */ const char * scd_get_socket_name () { if (socket_name && *socket_name) return socket_name; return NULL; } #ifndef HAVE_W32_SYSTEM static void handle_signal (int signo) { switch (signo) { case SIGHUP: log_info ("SIGHUP received - " "re-reading configuration and resetting cards\n"); /* reread_configuration (); */ break; case SIGUSR1: log_info ("SIGUSR1 received - printing internal information:\n"); /* Fixme: We need to see how to integrate pth dumping into our logging system. */ /* pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); */ app_dump_state (); break; case SIGUSR2: log_info ("SIGUSR2 received - no action defined\n"); break; case SIGCONT: /* Nothing. */ log_debug ("SIGCONT received - breaking select\n"); break; case SIGTERM: if (!shutdown_pending) log_info ("SIGTERM received - shutting down ...\n"); else log_info ("SIGTERM received - still %i running threads\n", active_connections); shutdown_pending++; if (shutdown_pending > 2) { log_info ("shutdown forced\n"); log_info ("%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13)); cleanup (); scd_exit (0); } break; case SIGINT: log_info ("SIGINT received - immediate shutdown\n"); log_info( "%s %s stopped\n", gpgrt_strusage(11), gpgrt_strusage(13)); cleanup (); scd_exit (0); break; default: log_info ("signal %d received - no action defined\n", signo); } } #endif /*!HAVE_W32_SYSTEM*/ /* Create a name for the socket. We check for valid characters as well as against a maximum allowed length for a unix domain socket is done. The function terminates the process in case of an error. Returns: Pointer to an allocated string with the absolute name of the socket used. */ static char * create_socket_name (char *standard_name) { char *name; name = make_filename (gnupg_socketdir (), standard_name, NULL); if (strchr (name, PATHSEP_C)) { log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S); scd_exit (2); } return name; } /* Create a Unix domain socket with NAME. Returns the file descriptor or terminates the process in case of an error. If the socket has been redirected the name of the real socket is stored as a malloced string at R_REDIR_NAME. */ static gnupg_fd_t create_server_socket (const char *name, char **r_redir_name, assuan_sock_nonce_t *nonce) { struct sockaddr *addr; struct sockaddr_un *unaddr; socklen_t len; gnupg_fd_t fd; int rc; xfree (*r_redir_name); *r_redir_name = NULL; fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0); if (fd == GNUPG_INVALID_FD) { log_error (_("can't create socket: %s\n"), strerror (errno)); scd_exit (2); } unaddr = xmalloc (sizeof (*unaddr)); addr = (struct sockaddr*)unaddr; { int redirected; if (assuan_sock_set_sockaddr_un (name, addr, &redirected)) { if (errno == ENAMETOOLONG) log_error (_("socket name '%s' is too long\n"), name); else log_error ("error preparing socket '%s': %s\n", name, gpg_strerror (gpg_error_from_syserror ())); scd_exit (2); } if (redirected) { *r_redir_name = xstrdup (unaddr->sun_path); if (opt.verbose) log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name); } } len = SUN_LEN (unaddr); rc = assuan_sock_bind (fd, addr, len); if (rc == -1 && errno == EADDRINUSE) { gnupg_remove (unaddr->sun_path); rc = assuan_sock_bind (fd, addr, len); } if (rc != -1 && (rc=assuan_sock_get_nonce (addr, len, nonce))) log_error (_("error getting nonce for the socket\n")); if (rc == -1) { log_error (_("error binding socket to '%s': %s\n"), unaddr->sun_path, gpg_strerror (gpg_error_from_syserror ())); assuan_sock_close (fd); scd_exit (2); } if (gnupg_chmod (unaddr->sun_path, "-rwx")) log_error (_("can't set permissions of '%s': %s\n"), unaddr->sun_path, strerror (errno)); if (listen (FD2INT(fd), listen_backlog) == -1) { log_error ("listen(fd, %d) failed: %s\n", listen_backlog, gpg_strerror (gpg_error_from_syserror ())); assuan_sock_close (fd); scd_exit (2); } if (opt.verbose) log_info (_("listening on socket '%s'\n"), unaddr->sun_path); return fd; } /* This is the standard connection thread's main function. */ static void * start_connection_thread (void *arg) { ctrl_t ctrl = arg; if (ctrl->thread_startup.fd != GNUPG_INVALID_FD && assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce)) { log_info (_("error reading nonce on fd %d: %s\n"), FD2INT(ctrl->thread_startup.fd), strerror (errno)); assuan_sock_close (ctrl->thread_startup.fd); xfree (ctrl); return NULL; } active_connections++; scd_init_default_ctrl (ctrl); if (opt.verbose) log_info (_("handler for fd %d started\n"), FD2INT(ctrl->thread_startup.fd)); /* If this is a pipe server, we request a shutdown if the command handler asked for it. With the next ticker event and given that no other connections are running the shutdown will then happen. */ if (scd_command_handler (ctrl, FD2INT(ctrl->thread_startup.fd)) && pipe_server) shutdown_pending = 1; if (opt.verbose) log_info (_("handler for fd %d terminated\n"), FD2INT (ctrl->thread_startup.fd)); scd_deinit_default_ctrl (ctrl); xfree (ctrl); if (--active_connections == 0) scd_kick_the_loop (); return NULL; } void scd_kick_the_loop (void) { /* Kick the select loop. */ #ifdef HAVE_W32_SYSTEM int ret = SetEvent (the_event); if (ret == 0) log_error ("SetEvent for scd_kick_the_loop failed: %s\n", w32_strerror (-1)); #elif defined(HAVE_PSELECT_NO_EINTR) write (notify_fd, "", 1); #else int ret = kill (main_thread_pid, SIGCONT); if (ret < 0) log_error ("SetEvent for scd_kick_the_loop failed: %s\n", gpg_strerror (gpg_error_from_syserror ())); #endif } /* Connection handler loop. Wait for connection requests and spawn a thread after accepting a connection. LISTEN_FD is allowed to be -1 in which case this code will only do regular timeouts and handle signals. */ static void handle_connections (int listen_fd) { npth_attr_t tattr; struct sockaddr_un paddr; socklen_t plen; fd_set fdset, read_fdset; int nfd; int ret; int fd; struct timespec timeout; struct timespec *t; int saved_errno; #ifdef HAVE_W32_SYSTEM HANDLE events[2]; unsigned int events_set; #else int signo; #endif #ifdef HAVE_PSELECT_NO_EINTR int pipe_fd[2]; ret = gnupg_create_pipe (pipe_fd); if (ret) { log_error ("pipe creation failed: %s\n", gpg_strerror (ret)); return; } notify_fd = pipe_fd[1]; #endif ret = npth_attr_init(&tattr); if (ret) { log_error ("npth_attr_init failed: %s\n", strerror (ret)); return; } npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); #ifdef HAVE_W32_SYSTEM { HANDLE h, h2; SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE}; events[0] = the_event = INVALID_HANDLE_VALUE; events[1] = INVALID_HANDLE_VALUE; h = CreateEvent (&sa, TRUE, FALSE, NULL); if (!h) log_error ("can't create scd event: %s\n", w32_strerror (-1) ); else if (!DuplicateHandle (GetCurrentProcess(), h, GetCurrentProcess(), &h2, EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) { log_error ("setting synchronize for scd_kick_the_loop failed: %s\n", w32_strerror (-1) ); CloseHandle (h); } else { CloseHandle (h); events[0] = the_event = h2; } } #endif FD_ZERO (&fdset); nfd = 0; if (listen_fd != -1) { FD_SET (listen_fd, &fdset); nfd = listen_fd; } for (;;) { int periodical_check; int max_fd = nfd; if (shutdown_pending) { if (active_connections == 0) break; /* ready */ /* Do not accept anymore connections but wait for existing connections to terminate. We do this by clearing out all file descriptors to wait for, so that the select will be used to just wait on a signal or timeout event. */ FD_ZERO (&fdset); listen_fd = -1; } periodical_check = scd_update_reader_status_file (); timeout.tv_sec = TIMERTICK_INTERVAL_SEC; timeout.tv_nsec = TIMERTICK_INTERVAL_USEC * 1000; if (shutdown_pending || periodical_check) t = &timeout; else t = NULL; /* POSIX says that fd_set should be implemented as a structure, thus a simple assignment is fine to copy the entire set. */ read_fdset = fdset; #ifdef HAVE_PSELECT_NO_EINTR FD_SET (pipe_fd[0], &read_fdset); if (max_fd < pipe_fd[0]) max_fd = pipe_fd[0]; #else (void)max_fd; #endif #ifndef HAVE_W32_SYSTEM ret = npth_pselect (max_fd+1, &read_fdset, NULL, NULL, t, npth_sigev_sigmask ()); saved_errno = errno; while (npth_sigev_get_pending(&signo)) handle_signal (signo); #else ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t, events, &events_set); saved_errno = errno; if (events_set & 1) continue; #endif if (ret == -1 && saved_errno != EINTR) { log_error (_("npth_pselect failed: %s - waiting 1s\n"), strerror (saved_errno)); npth_sleep (1); continue; } if (ret <= 0) /* Timeout. Will be handled when calculating the next timeout. */ continue; #ifdef HAVE_PSELECT_NO_EINTR if (FD_ISSET (pipe_fd[0], &read_fdset)) { char buf[256]; read (pipe_fd[0], buf, sizeof buf); } #endif if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset)) { ctrl_t ctrl; plen = sizeof paddr; fd = npth_accept (listen_fd, (struct sockaddr *)&paddr, &plen); if (fd == -1) { log_error ("accept failed: %s\n", strerror (errno)); } else if ( !(ctrl = xtrycalloc (1, sizeof *ctrl)) ) { log_error ("error allocating connection control data: %s\n", strerror (errno) ); close (fd); } else { char threadname[50]; npth_t thread; snprintf (threadname, sizeof threadname, "conn fd=%d", fd); ctrl->thread_startup.fd = INT2FD (fd); ret = npth_create (&thread, &tattr, start_connection_thread, ctrl); if (ret) { log_error ("error spawning connection handler: %s\n", strerror (ret)); xfree (ctrl); close (fd); } else npth_setname_np (thread, threadname); } } } #ifdef HAVE_W32_SYSTEM if (the_event != INVALID_HANDLE_VALUE) CloseHandle (the_event); #endif #ifdef HAVE_PSELECT_NO_EINTR close (pipe_fd[0]); close (pipe_fd[1]); #endif cleanup (); log_info (_("%s %s stopped\n"), gpgrt_strusage(11), gpgrt_strusage(13)); npth_attr_destroy (&tattr); } /* Return the number of active connections. */ int get_active_connection_count (void) { return active_connections; }