root/trunk/src/libopensc/pkcs15-esteid.c

Revision 3405, 6.6 KB (checked in by alonbl, 9 months ago)

Complete rewrite of OpenSC build system.

1. Build system now supports MinGW (Windows) compilation using msys and cross compilation.
2. Ability to explicitly disable and enable dependencies of the package.
3. openct, pcsc and nsplugins features are disabled by default.
4. Modified pcsc driver to use pcsc dynamically, no compile time dependency is required.
5. --enable-pcsc-lite configuration option renamed to --enable-pcsc.
6. Install opensc.conf file (as opensc.conf.new if opensc.conf exists).
7. Add--enable-doc configuration option, allow installing documentation into target.
8. Add --disable-man configuration option, allow msys mingw32 users to

build from svn without extra dependencies.

9. Add export files to each library in order to export only required symbols.

Windows native build may use these files instead of scanning objects' symbols.

10. Add opensc-tool --info to display some general information about the build.
11. Create compatibility library to be linked against library instread of recompiling the

same source files in different places.

12. Add different win32 version resource to each class of outputs.
13. Make xsl-stylesheets location selectable.
14. Some win32 fixups.
15. Some warning fixups.
16. Many other autoconf/automake cleanups.

Alon Bar-Lev

svn diff -r 3315:3399 https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw

_M .
D configure.in
_M src
_M src/openssh
M src/openssh/Makefile.am
_M src/tools
M src/tools/rutoken-tool.c
M src/tools/opensc-tool.c
M src/tools/cardos-info.c
M src/tools/pkcs15-crypt.c
M src/tools/pkcs15-init.c
M src/tools/piv-tool.c
M src/tools/netkey-tool.c
M src/tools/eidenv.c
M src/tools/cryptoflex-tool.c
M src/tools/util.c
M src/tools/pkcs11-tool.c
M src/tools/pkcs15-tool.c
M src/tools/util.h
M src/tools/opensc-explorer.c
M src/tools/Makefile.am
_M src/pkcs11
M src/pkcs11/pkcs11-global.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-display.c
M src/pkcs11/pkcs11-object.c
A src/pkcs11/opensc-pkcs11.exports
M src/pkcs11/sc-pkcs11.h
M src/pkcs11/pkcs11-spy.c
M src/pkcs11/openssl.c
M src/pkcs11/Makefile.am
A src/pkcs11/pkcs11-spy.exports
_M src/tests
_M src/tests/regression
M src/tests/regression/Makefile.am
M src/tests/sc-test.c
M src/tests/pintest.c
M src/tests/Makefile.am
_M src/include
_M src/include/opensc
M src/include/opensc/Makefile.am
A src/include/opensc/svnignore
M src/include/Makefile.am
_M src/signer
_M src/signer/npinclude
M src/signer/npinclude/Makefile.am
M src/signer/Makefile.am
A src/signer/signer.exports
_M src/common
A src/common/compat_dummy.c
D src/common/getopt.txt
D src/common/strlcpy.c
D src/common/LICENSE
A src/common/compat_getopt.txt
A src/common/compat_strlcpy.c
A src/common/LICENSE.compat_getopt
A src/common/compat_getopt.c
D src/common/strlcpy.h
D src/common/ChangeLog
D src/common/getpass.c
D src/common/my_getopt.c
A src/common/compat_strlcpy.h
A src/common/compat_getpass.c
A src/common/compat_getopt.h
A src/common/ChangeLog.compat_getopt
D src/common/README.strlcpy
D src/common/my_getopt.h
A src/common/compat_getpass.h
A src/common/README.compat_strlcpy
D src/common/strlcpy.3
A src/common/README.compat_getopt
D src/common/getopt.3
D src/common/README.my_getopt
A src/common/compat_strlcpy.3
A src/common/compat_getopt.3
M src/common/Makefile.am
M src/Makefile.am
_M src/pkcs15init
M src/pkcs15init/pkcs15-oberthur.c
M src/pkcs15init/profile.c
M src/pkcs15init/pkcs15-lib.c
M src/pkcs15init/pkcs15-rutoken.c
A src/pkcs15init/pkcs15init.exports
M src/pkcs15init/pkcs15-gpk.c
M src/pkcs15init/Makefile.am
_M src/scconf
M src/scconf/Makefile.am
M src/scconf/parse.c
A src/scconf/scconf.exports
_M src/libopensc
M src/libopensc/card-rutoken.c
M src/libopensc/compression.c
M src/libopensc/sc.c
M src/libopensc/card-piv.c
M src/libopensc/pkcs15-openpgp.c
M src/libopensc/pkcs15-postecert.c
M src/libopensc/pkcs15-tcos.c
M src/libopensc/opensc-config.in
M src/libopensc/reader-pcsc.c
A src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
A src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-infocamere.c
M src/libopensc/internal.h
M src/libopensc/pkcs15-actalis.c
M src/libopensc/pkcs15-starcert.c
M src/libopensc/card-oberthur.c
M src/libopensc/pkcs15-atrust-acos.c
M src/libopensc/p15card-helper.c
D src/libopensc/part10.h
M src/libopensc/ui.c
M src/libopensc/card-gpk.c
M src/libopensc/pkcs15-wrap.c
M src/libopensc/pkcs15-gemsafeGPK.c
M src/libopensc/log.c
M src/libopensc/pkcs15-esteid.c
M src/libopensc/pkcs15-prkey-rutoken.c
M src/libopensc/log.h
M src/libopensc/Makefile.am
M src/libopensc/reader-openct.c
_M aclocal
M aclocal/Makefile.am
_M win32
M win32/Makefile.am
A win32/versioninfo.rc.in
A win32/ltrc.inc
A configure.ac
_M doc
_M doc/tools
M doc/tools/pkcs15-profile.xml
D doc/changelog.sh
D doc/export-wiki.xsl
_M doc/api
_M doc/api/file
M doc/api/man.xsl
_M doc/api/asn1
_M doc/api/apps
_M doc/api/init
_M doc/api/types
_M doc/api/card
M doc/api/html.xsl
_M doc/api/misc
_M doc/api/util
M doc/Makefile.am
D doc/export-wiki.sh
AM doc/nonpersistent
A doc/nonpersistent/export-wiki.xsl
A doc/nonpersistent/Makefile.am
A doc/nonpersistent/export-wiki.sh
A doc/nonpersistent/svn2cl.xsl
D doc/generate-man.sh
D doc/svn2cl.xsl
M Makefile.am
A svnignore
_M etc
M etc/opensc.conf.in
M etc/Makefile.am
D man
_M solaris
M solaris/Makefile
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1/*
2 * PKCS15 emulation layer for EstEID card.
3 *
4 * Copyright (C) 2004, Martin Paljak <martin@paljak.pri.ee>
5 * Copyright (C) 2004, Bud P. Bruegger <bud@comune.grosseto.it>
6 * Copyright (C) 2004, Antonino Iacono <ant_iacono@tin.it>
7 * Copyright (C) 2003, Olaf Kirch <okir@suse.de>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22 */
23
24#include "internal.h"
25#include "pkcs15.h"
26#include <stdlib.h>
27#include <string.h>
28#include <stdio.h>
29
30#include "esteid.h"
31#include <compat_strlcpy.h>
32
33int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *);
34
35static void
36set_string (char **strp, const char *value)
37{
38        if (*strp)
39                free (*strp);
40        *strp = value ? strdup (value) : NULL;
41}
42
43
44int
45select_esteid_df (sc_card_t * card)
46{
47        int r;
48        sc_path_t tmppath;
49        sc_format_path ("3F00EEEE", &tmppath);
50        tmppath.type = SC_PATH_TYPE_PATH;
51        r = sc_select_file (card, &tmppath, NULL);
52        SC_TEST_RET (card->ctx, r, "esteid select DF failed");
53        return r;
54}
55
56static int
57sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
58{
59        sc_card_t *card = p15card->card;
60        unsigned char buff[256];
61        int r, i, flags;
62        sc_path_t tmppath;
63
64        set_string (&p15card->label, "ID-kaart");
65        set_string (&p15card->manufacturer_id, "AS Sertifitseerimiskeskus");
66
67        /* read the serial (document number) */
68        sc_format_path ("3f00eeee5044", &tmppath);
69        tmppath.type = SC_PATH_TYPE_PATH;
70        r = sc_select_file (card, &tmppath, NULL);
71        SC_TEST_RET (card->ctx, r, "select esteid PD failed");
72        r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, 8,
73                            SC_RECORD_BY_REC_NR);
74        SC_TEST_RET (card->ctx, r, "read document number failed");
75        buff[r] = '\0';
76        set_string (&p15card->serial_number, (const char *) buff);
77
78        p15card->flags = SC_PKCS15_CARD_FLAG_PRN_GENERATION
79                         | SC_PKCS15_CARD_FLAG_EID_COMPLIANT
80                         | SC_PKCS15_CARD_FLAG_READONLY;
81
82        /* EstEID uses 1024b RSA */
83        card->algorithm_count = 0;
84        flags = SC_ALGORITHM_RSA_PAD_PKCS1;
85        _sc_card_add_rsa_alg (card, 1024, flags, 0);
86
87        /* add certificates */
88        for (i = 0; i < 2; i++) {
89                static const char *esteid_cert_names[2] = {
90                        "Isikutuvastus",
91                        "Allkirjastamine"};
92                static char const *esteid_cert_paths[2] = {
93                        "3f00eeeeaace",
94                        "3f00eeeeddce"};
95                static int esteid_cert_ids[2] = {1, 2};
96                       
97                struct sc_pkcs15_cert_info cert_info;
98                struct sc_pkcs15_object cert_obj;
99               
100                memset(&cert_info, 0, sizeof(cert_info));
101                memset(&cert_obj, 0, sizeof(cert_obj));
102               
103                cert_info.id.value[0] = esteid_cert_ids[i];
104                cert_info.id.len = 1;
105                sc_format_path(esteid_cert_paths[i], &cert_info.path);
106                strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label));
107                r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
108                if (r < 0)
109                        return SC_ERROR_INTERNAL;
110        }
111
112        /* the file with key pin info (tries left) */
113        sc_format_path ("3f000016", &tmppath);
114        sc_select_file (card, &tmppath, NULL);
115
116        /* add pins */
117        for (i = 0; i < 3; i++) {
118                unsigned char tries_left;
119                static const char *esteid_pin_names[3] = {
120                        "PIN1, Isikutuvastus",
121                        "PIN2, Allkirjastamine",
122                        "PUK" };
123                       
124                static const int esteid_pin_min[3] = {4, 5, 8};
125                static const int esteid_pin_ref[3] = {1, 2, 0};
126                static const int esteid_pin_authid[3] = {1, 2, 3};
127                static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN};
128               
129                struct sc_pkcs15_pin_info pin_info;
130                struct sc_pkcs15_object pin_obj;
131
132                memset(&pin_info, 0, sizeof(pin_info));
133                memset(&pin_obj, 0, sizeof(pin_obj));
134               
135                /* read the number of tries left for the PIN */
136                r = sc_read_record (card, i + 1, buff, 128, SC_RECORD_BY_REC_NR);
137                if (r < 0)
138                        return SC_ERROR_INTERNAL;
139                tries_left = buff[5];
140               
141                pin_info.auth_id.len = 1;
142                pin_info.auth_id.value[0] = esteid_pin_authid[i];
143                pin_info.reference = esteid_pin_ref[i];
144                pin_info.flags = esteid_pin_flags[i];
145                pin_info.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
146                pin_info.min_length = esteid_pin_min[i];
147                pin_info.stored_length = 12;
148                pin_info.max_length = 12;
149                pin_info.pad_char = '\0';
150                pin_info.tries_left = (int)tries_left;
151
152                strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label));
153                pin_obj.flags = esteid_pin_flags[i];
154
155                /* Link normal PINs with PUK */
156                if (i < 2) {
157                        pin_obj.auth_id.len = 1;
158                        pin_obj.auth_id.value[0] = 3;
159                }
160
161                r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
162                if (r < 0)
163                        return SC_ERROR_INTERNAL;
164        }
165       
166        /* add private keys */
167        for (i = 0; i < 2; i++) {
168                static int prkey_pin[2] = {1, 2};
169                static int prkey_usage[2] = {
170                        SC_PKCS15_PRKEY_USAGE_ENCRYPT
171                        | SC_PKCS15_PRKEY_USAGE_DECRYPT
172                        | SC_PKCS15_PRKEY_USAGE_SIGN
173                        | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
174                        | SC_PKCS15_PRKEY_USAGE_WRAP
175                        | SC_PKCS15_PRKEY_USAGE_UNWRAP,
176                        SC_PKCS15_PRKEY_USAGE_NONREPUDIATION};
177                       
178                static const char *prkey_name[2] = {
179                        "Isikutuvastus",
180                        "Allkirjastamine"};
181
182                struct sc_pkcs15_prkey_info prkey_info;
183                struct sc_pkcs15_object prkey_obj;
184
185                memset(&prkey_info, 0, sizeof(prkey_info));
186                memset(&prkey_obj, 0, sizeof(prkey_obj));
187               
188                prkey_info.id.len = 1;
189                prkey_info.id.value[0] = prkey_pin[i];
190                prkey_info.usage  = prkey_usage[i];
191                prkey_info.native = 1;
192                prkey_info.key_reference = i + 1;
193                prkey_info.modulus_length= 1024;
194
195                strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
196                prkey_obj.auth_id.len = 1;
197                prkey_obj.auth_id.value[0] = prkey_pin[i];
198                prkey_obj.user_consent = (i == 1) ? 1 : 0;
199                prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
200
201                r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
202                if (r < 0)
203                        return SC_ERROR_INTERNAL;
204        }
205        return 0;
206}
207
208static int esteid_detect_card(sc_pkcs15_card_t *p15card)
209{
210        if (p15card->card->type == SC_CARD_TYPE_MCRD_ESTEID)
211                return SC_SUCCESS;
212        return SC_ERROR_WRONG_CARD;
213}
214
215int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *p15card,
216                                sc_pkcs15emu_opt_t *opts)
217{
218
219        if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)
220                return sc_pkcs15emu_esteid_init(p15card);
221        else {
222                int r = esteid_detect_card(p15card);
223                if (r)
224                        return SC_ERROR_WRONG_CARD;
225                return sc_pkcs15emu_esteid_init(p15card);
226        }
227}
Note: See TracBrowser for help on using the browser.