1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?=
<ng.hong.quan@gmail.com>
Date: Sun, 9 Nov 2014 15:58:40 +0700
Subject: [PATCH 25/26] Replace hardcode.
---
src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++-------------------
1 file changed, 41 insertions(+), 31 deletions(-)
Index: opensc-20150513/src/libopensc/card-openpgp.c
===================================================================
--- opensc-20150513.orig/src/libopensc/card-openpgp.c
+++ opensc-20150513/src/libopensc/card-openpgp.c
@@ -154,6 +154,24 @@ static int pgp_get_pubkey(sc_card_t *,
static int pgp_get_pubkey_pem(sc_card_t *, unsigned int,
u8 *, size_t);
+/* The DO holding X.509 certificate is constructed but does not contain child DO.
+ * We should notice this when building fake file system later. */
+#define DO_CERT 0x7f21
+/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec.
+ * Here we seen it as DO just for convenient */
+#define DO_SIGN 0xb600
+#define DO_ENCR 0xb800
+#define DO_AUTH 0xa400
+/* These DO does not exist. They are defined and used just for ease of implementation */
+#define DO_SIGN_SYM 0xb601
+#define DO_ENCR_SYM 0xb801
+#define DO_AUTH_SYM 0xa401
+/* Maximum length for response buffer when reading pubkey. This value is calculated with
+ * 4096-bit key length */
+#define MAXLEN_RESP_PUBKEY 527
+/* Gnuk only support 1 key length (2048 bit) */
+#define MAXLEN_RESP_PUBKEY_GNUK 271
+
static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
{ 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
{ 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
@@ -194,12 +212,12 @@ static struct do_info pgp1_objects[] =
{ 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data },
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
@@ -248,30 +266,21 @@ static struct do_info pgp2_objects[] =
{ 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL },
/* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved
* as simple DO (no need to parse TLV). */
- { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
+ { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
* However, their R/W access condition may block the process of importing key in pkcs15init.
* So we set their accesses condition as WRITE_PIN3 (writable). */
- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
+ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
+ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
-/* The DO holding X.509 certificate is constructed but does not contain child DO.
- * We should notice this when building fake file system later. */
-#define DO_CERT 0x7f21
-/* Maximum length for response buffer when reading pubkey. This value is calculated with
- * 4096-bit key length */
-#define MAXLEN_RESP_PUBKEY 527
-/* Gnuk only support 1 key length (2048 bit) */
-#define MAXLEN_RESP_PUBKEY_GNUK 271
-
#define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data))
struct pgp_priv_data {
pgp_blob_t * mf;
@@ -755,8 +764,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_
/* Buffer length for Gnuk pubkey */
if (card->type == SC_CARD_TYPE_OPENPGP_GNUK &&
- (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800
- || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) {
+ (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR
+ || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM
+ || blob->id == DO_ENCR_SYM)) {
buf_len = MAXLEN_RESP_PUBKEY_GNUK;
}
@@ -1812,11 +1822,11 @@ pgp_update_pubkey_blob(sc_card_t *card,
LOG_FUNC_CALLED(card->ctx);
if (key_id == SC_OPENPGP_KEY_SIGN)
- blob_id = 0xB601;
+ blob_id = DO_SIGN_SYM;
else if (key_id == SC_OPENPGP_KEY_ENCR)
- blob_id = 0xB801;
+ blob_id = DO_ENCR_SYM;
else if (key_id == SC_OPENPGP_KEY_AUTH)
- blob_id = 0xA401;
+ blob_id = DO_AUTH_SYM;
else {
sc_log(card->ctx, "Unknown key id %X.", key_id);
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
@@ -2514,17 +2524,17 @@ pgp_delete_file(sc_card_t *card, const s
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
if (card->type != SC_CARD_TYPE_OPENPGP_GNUK &&
- (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) {
+ (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) {
/* These tags are just symbolic. We don't really delete it. */
r = SC_SUCCESS;
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) {
r = gnuk_delete_key(card, 1);
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) {
r = gnuk_delete_key(card, 2);
}
- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) {
+ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) {
r = gnuk_delete_key(card, 3);
}
else {
|
