Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3304

Timestamp:

12/17/07 13:39:20 (13 months ago)

Author:

ludovic.rousseau

Message:

add support of ruToken

Thanks to Andrew V. Stepanov for the patch
http://www.opensc-project.org/pipermail/opensc-devel/2007-December/010617.html

Location:

trunk

Files:

: 4 added
: 14 modified

etc/opensc.conf.in (modified) (1 diff)
src/libopensc/Makefile.am (modified) (1 diff)
src/libopensc/card-rutoken.c (added)
src/libopensc/cardctl.h (modified) (3 diffs)
src/libopensc/ctx.c (modified) (1 diff)
src/libopensc/opensc.h (modified) (3 diffs)
src/libopensc/pkcs15-algo.c (modified) (1 diff)
src/libopensc/pkcs15-rutoken.c (added)
src/libopensc/pkcs15-syn.c (modified) (2 diffs)
src/pkcs11/framework-pkcs15.c (modified) (3 diffs)
src/pkcs11/pkcs11.h (modified) (1 diff)
src/pkcs15init/Makefile.am (modified) (1 diff)
src/pkcs15init/pkcs15-init.h (modified) (1 diff)
src/pkcs15init/pkcs15-lib.c (modified) (1 diff)
src/pkcs15init/rutoken.profile (added)
src/tools/Makefile.am (modified) (2 diffs)
src/tools/pkcs11-tool.c (modified) (1 diff)
src/tools/rutoken-tool.c (added)

Legend:

: Unmodified
: Added
: Removed

trunk/etc/opensc.conf.in

r3296	r3304
280	280	# enable_builtin_emulation = yes;
281	281	# list of the builtin pkcs15 emulators to test
282		builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
	282	builtin_emulators = esteid, openpgp, tcos, starcert, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II, rutoken;
283	283
284	284	# additional settings per driver

trunk/src/libopensc/Makefile.am

r3296	r3304
32	32	card-oberthur.c card-belpic.c card-atrust-acos.c \
33	33	card-incrypto34.c card-piv.c card-muscle.c card-acos5.c \
34		card-asepcos.c card-akis.c card-gemsafeV1.c \
	34	card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c\
35	35	\
36	36	pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \
37	37	pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \
38	38	pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \
39		compression.c p15card-helper.c
	39	compression.c p15card-helper.c pkcs15-rutoken.c
40	40	libopensc_la_LDFLAGS = -version-info @OPENSC_LT_CURRENT@:@OPENSC_LT_REVISION@:@OPENSC_LT_AGE@
41	41	libopensc_la_LIBADD = @LIBSCCONF@ $(OPENSSL_LIBS) $(OPENCT_LIBS) $(PCSC_LIBS) $(LTLIB_LIBS)

trunk/src/libopensc/cardctl.h

r3200	r3304
140	140	SC_CARDCTL_ASEPCOS_AKN2FILEID,
141	141	SC_CARDCTL_ASEPCOS_SET_SATTR,
142		SC_CARDCTL_ASEPCOS_ACTIVATE_FILE
	142	SC_CARDCTL_ASEPCOS_ACTIVATE_FILE,
	143
	144	/*
	145	* ruToken specific calls
	146	*/
	147	SC_CARDCTL_RUTOKEN_BASE = _CTL_PREFIX('R', 'T', 'K'),
	148	/* PUT_DATA */
	149	SC_CARDCTL_RUTOKEN_CREATE_DO,
	150	SC_CARDCTL_RUTOKEN_CHANGE_DO,
	151	SC_CARDCTL_RUTOKEN_GENERATE_KEY_DO,
	152	SC_CARDCTL_RUTOKEN_DELETE_DO,
	153	SC_CARDCTL_RUTOKEN_GET_INFO,
	154	/* NON STANDART */
	155	SC_CARDCTL_RUTOKEN_GET_DO_INFO,
	156	SC_CARDCTL_RUTOKEN_GOST_ENCIPHER,
	157	SC_CARDCTL_RUTOKEN_GOST_DECIPHER,
	158	SC_CARDCTL_RUTOKEN_TRIES_LEFT
143	159	};
144	160
…	…
357	373	int LengthMax;
358	374	};
359
360		~~#define OP_TYPE_GENERATE 0~~
361		~~#define OP_TYPE_STORE 1~~
362	375
363	376	struct sc_cardctl_setcos_gen_store_key_info {
…	…
427	440	} sc_cardctl_asepcos_activate_file_t;
428	441
	442	#define OP_TYPE_GENERATE 0
	443	#define OP_TYPE_STORE 1
	444
	445	/*
	446	* RuToken types and constants
	447	*/
	448
	449	#define SC_RUTOKEN_DO_PART_BODY_LEN 199
	450	#define SC_RUTOKEN_DO_HDR_LEN 32
	451
	452	/* DO Types */
	453	#define SC_RUTOKEN_TYPE_MASK 0xF
	454	#define SC_RUTOKEN_TYPE_SE 0x0
	455	#define SC_RUTOKEN_TYPE_CHV 0x1
	456	#define SC_RUTOKEN_TYPE_KEY 0x2
	457
	458	#define SC_RUTOKEN_COMPACT_DO_MAX_LEN 16 /* MAX Body length of Compact DOs */
	459
	460	#define SC_RUTOKEN_DO_ALL_MIN_ID 0x1 /* MIN ID value of All DOs */
	461	#define SC_RUTOKEN_DO_CHV_MAX_ID 0x1F /* MAX ID value of CHV-objects */
	462	#define SC_RUTOKEN_DO_NOCHV_MAX_ID 0xFE /* MAX ID value of All Other DOs */
	463
	464	/* DO Default Lengths */
	465	#define SC_RUTOKEN_DEF_LEN_DO_GOST 32
	466	#define SC_RUTOKEN_DEF_LEN_DO_SE 6
	467
	468
	469	#define SC_RUTOKEN_ALLTYPE_SE SC_RUTOKEN_TYPE_SE /* SE */
	470	#define SC_RUTOKEN_ALLTYPE_GCHV SC_RUTOKEN_TYPE_CHV /* GCHV */
	471	#define SC_RUTOKEN_ALLTYPE_LCHV 0x11 /* LCHV */
	472	#define SC_RUTOKEN_ALLTYPE_GOST SC_RUTOKEN_TYPE_KEY /* GOST */
	473
	474	/* DO ID */
	475	#define SC_RUTOKEN_ID_CURDF_RESID_FLAG 0x80 /* DO placed in current DF */
	476
	477	#define SC_RUTOKEN_DEF_ID_GCHV_ADMIN 0x01 /* ID DO ADMIN */
	478	#define SC_RUTOKEN_DEF_ID_GCHV_USER 0x02 /* ID DO USER */
	479
	480	/* DO Options */
	481	#define SC_RUTOKEN_OPTIONS_GCHV_ACCESS_MASK 0x7 /* Access rights */
	482	#define SC_RUTOKEN_OPTIONS_GACCESS_ADMIN SC_RUTOKEN_DEF_ID_GCHV_ADMIN /* ADMIN */
	483	#define SC_RUTOKEN_OPTIONS_GACCESS_USER SC_RUTOKEN_DEF_ID_GCHV_USER /* USER */
	484
	485	#define SC_RUTOKEN_OPTIONS_GOST_CRYPT_MASK 0x7 /* crypto algorithm */
	486	#define SC_RUTOKEN_OPTIONS_GOST_CRYPT_PZ 0x0 /* (encryptECB) simple-change mode */
	487	#define SC_RUTOKEN_OPTIONS_GOST_CRYPT_GAMM 0x1 /* (encryptCNT) gamma mode */
	488	#define SC_RUTOKEN_OPTIONS_GOST_CRYPT_GAMMOS 0x2 /* (encryptCFB) feed-back gamma mode */
	489
	490
	491	/* DO flags */
	492	#define SC_RUTOKEN_FLAGS_COMPACT_DO 0x1
	493	#define SC_RUTOKEN_FLAGS_OPEN_DO_MASK 0x6
	494	#define SC_RUTOKEN_FLAGS_BLEN_OPEN_DO 0x2
	495	#define SC_RUTOKEN_FLAGS_FULL_OPEN_DO 0x6
	496
	497	/* DO MAX:CUR try */
	498	#define SC_RUTOKEN_MAXTRY_MASK 0xF0 /* MAX try */
	499	#define SC_RUTOKEN_CURTRY_MASK 0x0F /* CUR try */
	500
	501	#define SC_RUTOKEN_DO_CHV_MAX_ID_V2 SC_RUTOKEN_DEF_ID_GCHV_USER /* MAX ID value of CHV-objects */
	502	#define SC_RUTOKEN_DO_NOCHV_MAX_ID_V2 SC_RUTOKEN_DO_NOCHV_MAX_ID /* MAX ID value of All Other DOs */
	503
	504	#define SEC_ATTR_SIZE 15
	505
	506	#pragma pack(push, 1)
	507	typedef u8 sc_SecAttrV2_t[SEC_ATTR_SIZE];
	508
	509	typedef struct sc_ObjectTypeID{
	510	u8 byObjectType;
	511	u8 byObjectID;
	512	} sc_ObjectTypeID_t;
	513
	514	typedef struct sc_ObjectParams{
	515	u8 byObjectOptions;
	516	u8 byObjectFlags;
	517	u8 byObjectTry;
	518	} sc_ObjectParams_t;
	519
	520	typedef struct sc_DOHdrV2 {
	521	unsigned short wDOBodyLen;
	522	sc_ObjectTypeID_t OTID;
	523	sc_ObjectParams_t OP;
	524	u8 dwReserv1[4];
	525	u8 abyReserv2[6];
	526	sc_SecAttrV2_t SA_V2;
	527	} sc_DOHdrV2_t;
	528
	529	typedef struct sc_DO_V2 {
	530	sc_DOHdrV2_t HDR;
	531	u8 abyDOBody[SC_RUTOKEN_DO_PART_BODY_LEN];
	532	} sc_DO_V2_t;
	533
	534	typedef enum
	535	{
	536	select_first,
	537	select_by_id,
	538	select_next,
	539	} SC_RUTOKEN_DO_SEL_TYPES;
	540
	541	typedef struct sc_DO_INFO_V2 {
	542	u8 DoId;
	543	SC_RUTOKEN_DO_SEL_TYPES SelType;
	544	u8 pDoData[256];
	545	} sc_DO_INFO_t;
	546
	547	struct sc_rutoken_decipherinfo{
	548	u8 *inbuf;
	549	size_t inlen;
	550	u8 *outbuf;
	551	size_t outlen;
	552	};
	553	#pragma pack(pop)
	554
429	555	#ifdef __cplusplus
430	556	}

trunk/src/libopensc/ctx.c

r3296	r3304
52	52	static const struct _sc_driver_entry internal_card_drivers[] = {
53	53	/* legacy, the old name was "etoken", so we keep that for a while */
	54	{ "rutoken", (void ()(void)) sc_get_rutoken_driver },
54	55	{ "cardos", (void ()(void)) sc_get_cardos_driver },
55	56	{ "etoken", (void ()(void)) sc_get_cardos_driver },

trunk/src/libopensc/opensc.h

r3303	r3304
152	152	#define SC_ALGORITHM_DES 64
153	153	#define SC_ALGORITHM_3DES 65
	154	#define SC_ALGORITHM_GOST 66
154	155
155	156	/* Hash algorithms */
156	157	#define SC_ALGORITHM_MD5 128
157	158	#define SC_ALGORITHM_SHA1 129
	159	#define SC_ALGORITHM_GOSTHASH 130
158	160
159	161	/* Key derivation algorithms */
…	…
188	190	#define SC_ALGORITHM_RSA_HASH_SHA224 0x00001000
189	191	#define SC_ALGORITHM_RSA_HASHES 0x00001FE0
	192
	193	#define SC_ALGORITHM_GOST_CRYPT_PZ 0x0
	194	#define SC_ALGORITHM_GOST_CRYPT_GAMM 0x1
	195	#define SC_ALGORITHM_GOST_CRYPT_GAMMOS 0x2
190	196
191	197	/* Event masks for sc_wait_for_event() */
…	…
1159	1165	extern struct sc_reader_driver *sc_get_openct_driver(void);
1160	1166
	1167	extern sc_card_driver_t *sc_get_rutoken_driver(void);
1161	1168	extern sc_card_driver_t *sc_get_default_driver(void);
1162	1169	extern sc_card_driver_t *sc_get_emv_driver(void);

trunk/src/libopensc/pkcs15-algo.c

r2815	r3304
233	233	asn1_encode_des_params,
234	234	free },
	235	#endif
	236	#ifdef SC_ALGORITHM_GOST /* EDE CBC mode */
	237	{ SC_ALGORITHM_GOST, {{ 1, 2, 4434, 66565, 3, 7 }},
	238	NULL,
	239	NULL,
	240	NULL },
235	241	#endif
236	242	/* We do not support PBES1 because the encryption is weak */

trunk/src/libopensc/pkcs15-syn.c

r3296	r3304
53	53	extern int sc_pkcs15emu_tccardos_init_ex(sc_pkcs15_card_t , sc_pkcs15emu_opt_t );
54	54
	55	extern int sc_pkcs15emu_rutoken_init_ex(sc_pkcs15_card_t , sc_pkcs15emu_opt_t );
	56
55	57	static struct {
56	58	const char * name;
…	…
69	71	{ "atrust-acos",sc_pkcs15emu_atrust_acos_init_ex},
70	72	{ "tccardos", sc_pkcs15emu_tccardos_init_ex },
	73	{ "rutoken", sc_pkcs15emu_rutoken_init_ex },
71	74	{ NULL, NULL }
72	75	};

trunk/src/pkcs11/framework-pkcs15.c

r3259	r3304
2075	2075	flags = SC_ALGORITHM_RSA_RAW;
2076	2076	break;
	2077	case CKM_GOST:
	2078	flags = SC_ALGORITHM_GOST;
	2079	break;
2077	2080	default:
2078	2081	return CKR_MECHANISM_INVALID;
…	…
2153	2156	flags \|= SC_ALGORITHM_RSA_RAW;
2154	2157	break;
	2158	case CKM_GOST:
	2159	flags \|= SC_ALGORITHM_GOST;
2155	2160	default:
2156	2161	return CKR_MECHANISM_INVALID;
…	…
2809	2814	}
2810	2815
	2816	if (alg_info->algorithm == SC_ALGORITHM_GOST){
	2817	mech_info.flags = CKF_HW \| CKF_SIGN \| CKF_ENCRYPT \| CKF_DECRYPT;
	2818	#ifdef HAVE_OPENSSL
	2819	mech_info.flags \|= CKF_VERIFY;
	2820	#endif
	2821	mech_info.ulMinKeySize = 32;
	2822	mech_info.ulMaxKeySize = 32;
	2823	mt = sc_pkcs11_new_fw_mechanism(CKM_GOST,
	2824	&mech_info, CKK_RSA, NULL);
	2825	rc = sc_pkcs11_register_mechanism(p11card, mt);
	2826	sc_debug(card->ctx, "register GOST!!! %d", rc);
	2827	if(rc < 0)
	2828	return rc;
	2829	}
	2830
2811	2831	alg_info++;
2812	2832	}

trunk/src/pkcs11/pkcs11.h

r3196	r3304
359	359	#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
360	360
	361	//rutoken:
	362	#define CKK_GOST (CKK_VENDOR_DEFINED+1)
	363	#define CKA_GOST CKA_VENDOR_DEFINED+1
	364	#define CKM_GOST CKM_VENDOR_DEFINED+1
361	365
362	366	typedef unsigned long ck_certificate_type_t;

trunk/src/pkcs15init/Makefile.am

r3235	r3304
21	21	pkcs15.profile \
22	22	muscle.profile \
	23	rutoken.profile \
23	24	asepcos.profile
24	25

trunk/src/pkcs15init/pkcs15-init.h

r3200	r3304
402	402	extern struct sc_pkcs15init_operations *sc_pkcs15init_get_muscle_ops(void);
403	403	extern struct sc_pkcs15init_operations *sc_pkcs15init_get_asepcos_ops(void);
	404	extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rutoken_ops(void);
404	405
405	406	#ifdef __cplusplus

trunk/src/pkcs15init/pkcs15-lib.c

r3200	r3304
150	150	void *func;
151	151	} profile_operations[] = {
	152	{ "rutoken", (void *) sc_pkcs15init_get_rutoken_ops },
152	153	{ "gpk", (void *) sc_pkcs15init_get_gpk_ops },
153	154	{ "miocos", (void *) sc_pkcs15init_get_miocos_ops },

trunk/src/tools/Makefile.am

r3244	r3304
13	13
14	14	bin_PROGRAMS = opensc-tool opensc-explorer pkcs15-tool pkcs15-crypt \
15		~~pkcs11-tool cardos-info eidenv~~ \
	15	pkcs11-tool cardos-info eidenv rutoken-tool \
16	16	$(PROGRAMS_OPENSSL)
17	17
…	…
34	34	netkey_tool_SOURCES = netkey-tool.c $(top_srcdir)/src/common/my_getopt.c
35	35	netkey_tool_LDADD = $(OPENSSL_LIBS)
	36	rutoken_tool_SOURCES = rutoken-tool.c util.c
	37	rutoken_tool_LDADD = $(OPENSSL_LIBS)
36	38
37	39	noinst_HEADERS = util.h

trunk/src/tools/pkcs11-tool.c

r3233	r3304
3568	3568	{ CKM_DH_PKCS_PARAMETER_GEN,"DH-PKCS-PARAMETER-GEN", NULL },
3569	3569	{ CKM_X9_42_DH_PARAMETER_GEN,"X9-42-DH-PARAMETER-GEN", NULL },
	3570	{ CKM_GOST,"GOST", NULL },
3570	3571	{ NO_MECHANISM, NULL, NULL }
3571	3572	};

Context Navigation

Changeset 3304

Legend:

Download in other formats: