root/trunk/src/libopensc/pkcs15-actalis.c

Revision 3405, 8.9 KB (checked in by alonbl, 9 months ago)

Complete rewrite of OpenSC build system.

1. Build system now supports MinGW (Windows) compilation using msys and cross compilation.
2. Ability to explicitly disable and enable dependencies of the package.
3. openct, pcsc and nsplugins features are disabled by default.
4. Modified pcsc driver to use pcsc dynamically, no compile time dependency is required.
5. --enable-pcsc-lite configuration option renamed to --enable-pcsc.
6. Install opensc.conf file (as opensc.conf.new if opensc.conf exists).
7. Add--enable-doc configuration option, allow installing documentation into target.
8. Add --disable-man configuration option, allow msys mingw32 users to

build from svn without extra dependencies.

9. Add export files to each library in order to export only required symbols.

Windows native build may use these files instead of scanning objects' symbols.

10. Add opensc-tool --info to display some general information about the build.
11. Create compatibility library to be linked against library instread of recompiling the

same source files in different places.

12. Add different win32 version resource to each class of outputs.
13. Make xsl-stylesheets location selectable.
14. Some win32 fixups.
15. Some warning fixups.
16. Many other autoconf/automake cleanups.

Alon Bar-Lev

svn diff -r 3315:3399 https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw

_M .
D configure.in
_M src
_M src/openssh
M src/openssh/Makefile.am
_M src/tools
M src/tools/rutoken-tool.c
M src/tools/opensc-tool.c
M src/tools/cardos-info.c
M src/tools/pkcs15-crypt.c
M src/tools/pkcs15-init.c
M src/tools/piv-tool.c
M src/tools/netkey-tool.c
M src/tools/eidenv.c
M src/tools/cryptoflex-tool.c
M src/tools/util.c
M src/tools/pkcs11-tool.c
M src/tools/pkcs15-tool.c
M src/tools/util.h
M src/tools/opensc-explorer.c
M src/tools/Makefile.am
_M src/pkcs11
M src/pkcs11/pkcs11-global.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-display.c
M src/pkcs11/pkcs11-object.c
A src/pkcs11/opensc-pkcs11.exports
M src/pkcs11/sc-pkcs11.h
M src/pkcs11/pkcs11-spy.c
M src/pkcs11/openssl.c
M src/pkcs11/Makefile.am
A src/pkcs11/pkcs11-spy.exports
_M src/tests
_M src/tests/regression
M src/tests/regression/Makefile.am
M src/tests/sc-test.c
M src/tests/pintest.c
M src/tests/Makefile.am
_M src/include
_M src/include/opensc
M src/include/opensc/Makefile.am
A src/include/opensc/svnignore
M src/include/Makefile.am
_M src/signer
_M src/signer/npinclude
M src/signer/npinclude/Makefile.am
M src/signer/Makefile.am
A src/signer/signer.exports
_M src/common
A src/common/compat_dummy.c
D src/common/getopt.txt
D src/common/strlcpy.c
D src/common/LICENSE
A src/common/compat_getopt.txt
A src/common/compat_strlcpy.c
A src/common/LICENSE.compat_getopt
A src/common/compat_getopt.c
D src/common/strlcpy.h
D src/common/ChangeLog
D src/common/getpass.c
D src/common/my_getopt.c
A src/common/compat_strlcpy.h
A src/common/compat_getpass.c
A src/common/compat_getopt.h
A src/common/ChangeLog.compat_getopt
D src/common/README.strlcpy
D src/common/my_getopt.h
A src/common/compat_getpass.h
A src/common/README.compat_strlcpy
D src/common/strlcpy.3
A src/common/README.compat_getopt
D src/common/getopt.3
D src/common/README.my_getopt
A src/common/compat_strlcpy.3
A src/common/compat_getopt.3
M src/common/Makefile.am
M src/Makefile.am
_M src/pkcs15init
M src/pkcs15init/pkcs15-oberthur.c
M src/pkcs15init/profile.c
M src/pkcs15init/pkcs15-lib.c
M src/pkcs15init/pkcs15-rutoken.c
A src/pkcs15init/pkcs15init.exports
M src/pkcs15init/pkcs15-gpk.c
M src/pkcs15init/Makefile.am
_M src/scconf
M src/scconf/Makefile.am
M src/scconf/parse.c
A src/scconf/scconf.exports
_M src/libopensc
M src/libopensc/card-rutoken.c
M src/libopensc/compression.c
M src/libopensc/sc.c
M src/libopensc/card-piv.c
M src/libopensc/pkcs15-openpgp.c
M src/libopensc/pkcs15-postecert.c
M src/libopensc/pkcs15-tcos.c
M src/libopensc/opensc-config.in
M src/libopensc/reader-pcsc.c
A src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
A src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-infocamere.c
M src/libopensc/internal.h
M src/libopensc/pkcs15-actalis.c
M src/libopensc/pkcs15-starcert.c
M src/libopensc/card-oberthur.c
M src/libopensc/pkcs15-atrust-acos.c
M src/libopensc/p15card-helper.c
D src/libopensc/part10.h
M src/libopensc/ui.c
M src/libopensc/card-gpk.c
M src/libopensc/pkcs15-wrap.c
M src/libopensc/pkcs15-gemsafeGPK.c
M src/libopensc/log.c
M src/libopensc/pkcs15-esteid.c
M src/libopensc/pkcs15-prkey-rutoken.c
M src/libopensc/log.h
M src/libopensc/Makefile.am
M src/libopensc/reader-openct.c
_M aclocal
M aclocal/Makefile.am
_M win32
M win32/Makefile.am
A win32/versioninfo.rc.in
A win32/ltrc.inc
A configure.ac
_M doc
_M doc/tools
M doc/tools/pkcs15-profile.xml
D doc/changelog.sh
D doc/export-wiki.xsl
_M doc/api
_M doc/api/file
M doc/api/man.xsl
_M doc/api/asn1
_M doc/api/apps
_M doc/api/init
_M doc/api/types
_M doc/api/card
M doc/api/html.xsl
_M doc/api/misc
_M doc/api/util
M doc/Makefile.am
D doc/export-wiki.sh
AM doc/nonpersistent
A doc/nonpersistent/export-wiki.xsl
A doc/nonpersistent/Makefile.am
A doc/nonpersistent/export-wiki.sh
A doc/nonpersistent/svn2cl.xsl
D doc/generate-man.sh
D doc/svn2cl.xsl
M Makefile.am
A svnignore
_M etc
M etc/opensc.conf.in
M etc/Makefile.am
D man
_M solaris
M solaris/Makefile
Line 
1/*
2 * PKCS15 emulation layer for Actalis card.
3 * To see how this works, run p15dump on your Actalis Card.
4 *
5 * Copyright (C) 2005, Andrea Frigido <andrea@frisoft.it>
6 * Copyright (C) 2005, Sirio Capizzi <graaf@virgilio.it>
7 * Copyright (C) 2004, Antonino Iacono <ant_iacono@tin.it>
8 * Copyright (C) 2003, Olaf Kirch <okir@suse.de>
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23 */
24
25#ifdef HAVE_CONFIG_H
26#include <config.h>
27#endif
28 
29#include <opensc/pkcs15.h>
30#include <opensc/log.h>
31#include <stdlib.h>
32#include <string.h>
33#include <stdio.h>
34#include <compat_strlcpy.h>
35
36#ifdef ENABLE_ZLIB
37#include <zlib.h>
38#endif
39
40int sc_pkcs15emu_actalis_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *);
41
42static int (*set_security_env) (sc_card_t *, const sc_security_env_t *, int);
43
44static int set_sec_env(sc_card_t * card, const sc_security_env_t *env,
45                       int se_num)
46{
47        int r;
48        sc_security_env_t tenv = *env;
49        if (tenv.operation == SC_SEC_OPERATION_SIGN)
50                tenv.operation = SC_SEC_OPERATION_DECIPHER;
51       
52        if ((r =
53             card->ops->restore_security_env(card, 0x40)) == SC_SUCCESS)
54                return set_security_env(card, &tenv, se_num);
55        else
56                return r;
57}
58
59static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out,
60                   size_t outlen)
61{
62        return card->ops->decipher(card, in, inlen, out, outlen);
63}
64
65static void set_string(char **strp, const char *value)
66{
67        if (*strp)
68                free(*strp);
69        *strp = value ? strdup(value) : NULL;
70}
71
72#if 1
73/* XXX: temporary copy of the old pkcs15emu functions,
74 *      to be removed */
75static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
76                const sc_pkcs15_id_t *id, const char *label,
77                const sc_path_t *path, int ref, int type,
78                unsigned int min_length,
79                unsigned int max_length,
80                int flags, int tries_left, const char pad_char, int obj_flags)
81{
82        sc_pkcs15_pin_info_t info;
83        sc_pkcs15_object_t   obj;
84
85        memset(&info, 0, sizeof(info));
86        memset(&obj,  0, sizeof(obj));
87
88        info.auth_id           = *id;
89        info.min_length        = min_length;
90        info.max_length        = max_length;
91        info.stored_length     = max_length;
92        info.type              = type;
93        info.reference         = ref;
94        info.flags             = flags;
95        info.tries_left        = tries_left;
96        info.magic             = SC_PKCS15_PIN_MAGIC;
97        info.pad_char          = pad_char;
98
99        if (path)
100                info.path = *path;
101        if (type == SC_PKCS15_PIN_TYPE_BCD)
102                info.stored_length /= 2;
103
104        strlcpy(obj.label, label, sizeof(obj.label));
105        obj.flags = obj_flags;
106
107        return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
108}
109
110static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
111                const sc_pkcs15_id_t *id,
112                const char *label,
113                int type, unsigned int modulus_length, int usage,
114                const sc_path_t *path, int ref,
115                const sc_pkcs15_id_t *auth_id, int obj_flags)
116{
117        sc_pkcs15_prkey_info_t info;
118        sc_pkcs15_object_t     obj;
119
120        memset(&info, 0, sizeof(info));
121        memset(&obj,  0, sizeof(obj));
122
123        info.id                = *id;
124        info.modulus_length    = modulus_length;
125        info.usage             = usage;
126        info.native            = 1;
127        info.access_flags      = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
128                                | SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
129                                | SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
130                                | SC_PKCS15_PRKEY_ACCESS_LOCAL;
131        info.key_reference     = ref;
132
133        if (path)
134                info.path = *path;
135
136        obj.flags = obj_flags;
137        strlcpy(obj.label, label, sizeof(obj.label));
138        if (auth_id != NULL)
139                obj.auth_id = *auth_id;
140
141        return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info);
142}
143#endif
144
145static int sc_pkcs15emu_actalis_init(sc_pkcs15_card_t * p15card)
146{
147        sc_card_t *card = p15card->card;
148        sc_path_t path;
149        sc_pkcs15_id_t id, auth_id;
150        unsigned char serial[9];
151        int flags;
152        int r;
153
154#ifdef ENABLE_ZLIB
155        int i;
156        const char *certLabel[] = {
157                "User Non-repudiation Certificate",     /* "User Non-repudiation Certificate" */
158                "TSCA Certificate",
159                "CA Certificate"
160        };     
161        const char *certPath[] =
162            { "3F00300060006002", "3F00300060006003", "3F00300060006004" };
163#endif
164
165        const char *keyPath = "3F00300040000008";
166        const char *pinDfName = "05040200";
167       
168        /* const int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; */
169        const int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN
170                                | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
171                                | SC_PKCS15_PRKEY_USAGE_ENCRYPT
172                                | SC_PKCS15_PRKEY_USAGE_DECRYPT;
173           
174        const char *authPIN = "Authentication PIN";
175        /* const char *nonrepPIN = "Non-repudiation PIN"; */
176
177        const char *authPRKEY = "Authentication Key";
178        /* const char *nonrepPRKEY = "Non repudiation Key"; */
179       
180        p15card->opts.use_cache = 1;   
181       
182        /* Get Serial number */
183        sc_format_path("3F0030000001", &path);
184        r = sc_select_file(card, &path, NULL);
185        if (r != SC_SUCCESS)
186                return SC_ERROR_WRONG_CARD;
187
188        sc_read_binary(card, 0xC3, serial, 8, 0);
189        serial[8] = '\0';
190
191        /* Controllo che il serial number inizi per "H" */
192        if( serial[0] != 'H' )
193                return SC_ERROR_WRONG_CARD;
194       
195                       
196        set_string(&p15card->label, "Actalis");
197        set_string(&p15card->manufacturer_id, "Actalis");
198        set_string(&p15card->serial_number, (char *)serial);
199
200#ifdef ENABLE_ZLIB
201        for (i = 0; i < 3; i++) {
202                unsigned char *compCert = NULL, *cert = NULL, size[2];
203                unsigned int compLen, len;
204                sc_pkcs15_cert_info_t cert_info;
205                sc_pkcs15_object_t cert_obj;
206                sc_path_t cpath;
207
208                memset(&cert_info, 0, sizeof(cert_info));
209                memset(&cert_obj, 0, sizeof(cert_obj));
210
211                sc_format_path(certPath[i], &cpath);
212
213                if (sc_select_file(card, &cpath, NULL) != SC_SUCCESS)
214                        return SC_ERROR_WRONG_CARD;
215
216                sc_read_binary(card, 2, size, 2, 0);
217
218                compLen = (size[0] << 8) + size[1];
219               
220                compCert =
221                    (unsigned char *) malloc(compLen *
222                                             sizeof(unsigned char));
223                len = 3 * compLen;      /*Approximation of the uncompressed size */
224                cert =
225                    (unsigned char *) malloc(len * sizeof(unsigned char));
226
227                sc_read_binary(card, 4, compCert, compLen, 0);
228
229                if (uncompress
230                    (cert, (unsigned long int *) &len, compCert,
231                     compLen) != Z_OK)
232                        return SC_ERROR_INTERNAL;
233
234                cpath.index = 0;
235                cpath.count = len;
236               
237                sc_pkcs15_cache_file(p15card, &cpath, cert, len);
238               
239                id.value[0] = i + 1;
240                id.len = 1;
241               
242                cert_info.id = id;
243                cert_info.path = cpath;
244                cert_info.authority = (i>0);
245
246                strlcpy(cert_obj.label, certLabel[i], sizeof(cert_obj.label));
247                cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
248
249                sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
250        }
251#endif
252       
253        /* adding PINs & private keys */
254        flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
255            SC_PKCS15_PIN_FLAG_INITIALIZED |
256            SC_PKCS15_PIN_FLAG_NEEDS_PADDING;   
257       
258        sc_format_path(pinDfName, &path);
259        path.type = SC_PATH_TYPE_DF_NAME;
260       
261        id.value[0] = 1;
262        id.len = 1;
263        sc_pkcs15emu_add_pin(p15card, &id,
264                             authPIN, &path, 0x81,
265                             SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
266                             5, 8, flags, 3, 0,
267                             SC_PKCS15_CO_FLAG_MODIFIABLE |
268                             SC_PKCS15_CO_FLAG_PRIVATE);
269       
270        sc_format_path(keyPath, &path);
271        id.value[0] = 1;
272        id.len = 1;
273        auth_id.value[0] = 1;
274        auth_id.len = 1;
275        sc_pkcs15emu_add_prkey(p15card, &id,
276                       authPRKEY,
277                       SC_PKCS15_TYPE_PRKEY_RSA,
278                       1024, authprkey_usage,
279                       &path, 0x08,
280                       &auth_id,
281                       SC_PKCS15_CO_FLAG_PRIVATE);
282       
283        /* return to MF */
284        sc_format_path("3F00", &path);
285        sc_select_file(card, &path, NULL);
286        {
287                /* save old signature funcs */
288                set_security_env = card->ops->set_security_env;
289                /* set new one             */
290                card->ops->set_security_env  = set_sec_env;
291                card->ops->compute_signature = do_sign;
292        }
293       
294        return SC_SUCCESS;
295
296}
297
298static int actalis_detect_card(sc_pkcs15_card_t * p15card)
299{
300        sc_card_t *card = p15card->card;
301
302        /* check if we have the correct card OS */
303        if (strcmp(card->name, "CardOS M4"))
304                return SC_ERROR_WRONG_CARD;
305       
306        return SC_SUCCESS;
307}
308
309int sc_pkcs15emu_actalis_init_ex(sc_pkcs15_card_t * p15card,
310                                   sc_pkcs15emu_opt_t * opts)
311{
312        if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)
313                return sc_pkcs15emu_actalis_init(p15card);
314        else {
315                int r = actalis_detect_card(p15card);
316                if (r)
317                        return SC_ERROR_WRONG_CARD;
318                return sc_pkcs15emu_actalis_init(p15card);
319        }
320}
Note: See TracBrowser for help on using the browser.