projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #840 from cjkoenig/update_liburcu
[feed/packages.git] / utils / opensc / patches / 0025-Replace-hardcode.patch
1 From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
3 <ng.hong.quan@gmail.com>
4 Date: Sun, 9 Nov 2014 15:58:40 +0700
5 Subject: [PATCH 25/26] Replace hardcode.
6
7 ---
8 src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++-------------------
9 1 file changed, 41 insertions(+), 31 deletions(-)
10
11 diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
12 index 94c69ae..1e6e338 100644
13 --- a/src/libopensc/card-openpgp.c
14 +++ b/src/libopensc/card-openpgp.c
15 @@ -152,6 +152,24 @@ static int pgp_get_pubkey(sc_card_t *, unsigned int,
16 static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
17 u8 *, size_t);
18
19 +/* The DO holding X.509 certificate is constructed but does not contain child DO.
20 + * We should notice this when building fake file system later. */
21 +#define DO_CERT 0x7f21
22 +/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec.
23 + * Here we seen it as DO just for convenient */
24 +#define DO_SIGN 0xb600
25 +#define DO_ENCR 0xb800
26 +#define DO_AUTH 0xa400
27 +/* These DO does not exist. They are defined and used just for ease of implementation */
28 +#define DO_SIGN_SYM 0xb601
29 +#define DO_ENCR_SYM 0xb801
30 +#define DO_AUTH_SYM 0xa401
31 +/* Maximum length for response buffer when reading pubkey. This value is calculated with
32 + * 4096-bit key length */
33 +#define MAXLEN_RESP_PUBKEY 527
34 +/* Gnuk only support 1 key length (2048 bit) */
35 +#define MAXLEN_RESP_PUBKEY_GNUK 271
36 +
37 static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
38 { 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
39 { 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
40 @@ -192,12 +210,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
41 { 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
42 { 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
43 { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
44 - { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
45 - { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
46 - { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
47 - { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
48 - { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
49 - { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
50 + { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
51 + { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
52 + { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
53 + { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
54 + { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
55 + { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
56 { 0, 0, 0, NULL, NULL },
57 };
58
59 @@ -246,30 +264,21 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
60 { 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
61 /* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved
62 * as simple DO (no need to parse TLV). */
63 - { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
64 + { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
65 { 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL },
66 { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
67 - { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
68 + { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
69 /* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
70 * However, their R/W access condition may block the process of importing key in pkcs15init.
71 * So we set their accesses condition as WRITE_PIN3 (writable). */
72 - { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
73 - { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
74 - { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
75 - { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
76 - { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
77 + { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
78 + { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
79 + { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
80 + { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
81 + { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
82 { 0, 0, 0, NULL, NULL },
83 };
84
85 -/* The DO holding X.509 certificate is constructed but does not contain child DO.
86 - * We should notice this when building fake file system later. */
87 -#define DO_CERT 0x7f21
88 -/* Maximum length for response buffer when reading pubkey. This value is calculated with
89 - * 4096-bit key length */
90 -#define MAXLEN_RESP_PUBKEY 527
91 -/* Gnuk only support 1 key length (2048 bit) */
92 -#define MAXLEN_RESP_PUBKEY_GNUK 271
93 -
94 #define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
95 struct pgp_priv_data {
96 pgp_blob_t * mf;
97 @@ -747,8 +756,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_t *blob)
98
99 /* Buffer length for Gnuk pubkey */
100 if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
101 - (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800
102 - || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) {
103 + (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR
104 + || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM
105 + || blob->id == DO_ENCR_SYM)) {
106 buf_len = MAXLEN_RESP_PUBKEY_GNUK;
107 }
108
109 @@ -1804,11 +1814,11 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len,
110 LOG_FUNC_CALLED(card->ctx);
111
112 if (key_id == SC_OPENPGP_KEY_SIGN)
113 - blob_id = 0xB601;
114 + blob_id = DO_SIGN_SYM;
115 else if (key_id == SC_OPENPGP_KEY_ENCR)
116 - blob_id = 0xB801;
117 + blob_id = DO_ENCR_SYM;
118 else if (key_id == SC_OPENPGP_KEY_AUTH)
119 - blob_id = 0xA401;
120 + blob_id = DO_AUTH_SYM;
121 else {
122 sc_log(card->ctx, "Unknown key id %X.", key_id);
123 LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
124 @@ -2501,17 +2511,17 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path)
125 LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
126
127 if (card->type != SC_CARD_TYPE_OPENPGP_GNUK &&
128 - (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) {
129 + (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) {
130 /* These tags are just symbolic. We don't really delete it. */
131 r = SC_SUCCESS;
132 }
133 - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) {
134 + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) {
135 r = gnuk_delete_key(card, 1);
136 }
137 - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) {
138 + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) {
139 r = gnuk_delete_key(card, 2);
140 }
141 - else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) {
142 + else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) {
143 r = gnuk_delete_key(card, 3);
144 }
145 else {
146 --
147 2.1.3
148
Mirror of packages feed