/src/opensc/src/libopensc/pkcs15-jpki.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * PKCS15 emulation layer for JPKI(Japanese Individual Number Cards). |
3 | | * |
4 | | * Copyright (C) 2016, HAMANO Tsukasa <hamano@osstech.co.jp> |
5 | | * |
6 | | * This library is free software; you can redistribute it and/or |
7 | | * modify it under the terms of the GNU Lesser General Public |
8 | | * License as published by the Free Software Foundation; either |
9 | | * version 2.1 of the License, or (at your option) any later version. |
10 | | * |
11 | | * This library is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | | * Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public |
17 | | * License along with this library; if not, write to the Free Software |
18 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | | */ |
20 | | |
21 | | #ifdef HAVE_CONFIG_H |
22 | | #include "config.h" |
23 | | #endif |
24 | | |
25 | | #include <stdlib.h> |
26 | | #include <string.h> |
27 | | #include <stdio.h> |
28 | | |
29 | | #include "common/compat_strlcpy.h" |
30 | | #include "common/compat_strlcat.h" |
31 | | |
32 | | #include "internal.h" |
33 | | #include "pkcs15.h" |
34 | | #include "jpki.h" |
35 | | |
36 | | static int |
37 | | sc_pkcs15emu_jpki_init(sc_pkcs15_card_t * p15card) |
38 | 0 | { |
39 | 0 | sc_card_t *card = p15card->card; |
40 | 0 | struct jpki_private_data *drvdata = JPKI_DRVDATA(card); |
41 | 0 | int i, rc; |
42 | |
|
43 | 0 | LOG_FUNC_CALLED(p15card->card->ctx); |
44 | |
|
45 | 0 | set_string(&p15card->tokeninfo->label, "JPKI"); |
46 | 0 | set_string(&p15card->tokeninfo->manufacturer_id, "JPKI"); |
47 | | /* set dummy until we found serial number */ |
48 | 0 | set_string(&p15card->tokeninfo->serial_number, "00000000"); |
49 | | |
50 | | /* Select application directory */ |
51 | 0 | if (drvdata->selected != SELECT_JPKI_AP) { |
52 | 0 | rc = jpki_select_ap(card); |
53 | 0 | LOG_TEST_RET(card->ctx, rc, "select AP failed"); |
54 | 0 | drvdata->selected = SELECT_JPKI_AP; |
55 | 0 | } |
56 | | |
57 | | /* add certificates */ |
58 | 0 | for (i = 0; i < 4; i++) { |
59 | 0 | static const char *jpki_cert_names[4] = { |
60 | 0 | "User Authentication Certificate", |
61 | 0 | "Digital Signature Certificate", |
62 | 0 | "User Authentication Certificate CA", |
63 | 0 | "Digital Signature Certificate CA" |
64 | 0 | }; |
65 | 0 | static char const *jpki_cert_paths[4] = { |
66 | 0 | "000A", |
67 | 0 | "0001", |
68 | 0 | "000B", |
69 | 0 | "0002" |
70 | 0 | }; |
71 | 0 | static int jpki_cert_ids[4] = { 1, 2, 3, 4 }; |
72 | 0 | static int jpki_cert_flags[4] = { |
73 | 0 | 0, |
74 | 0 | SC_PKCS15_CO_FLAG_PRIVATE, |
75 | 0 | 0, |
76 | 0 | 0, |
77 | 0 | }; |
78 | 0 | static int jpki_cert_authority[4] = {0, 0, 1, 1}; |
79 | 0 | struct sc_pkcs15_cert_info cert_info; |
80 | 0 | struct sc_pkcs15_object cert_obj; |
81 | 0 | memset(&cert_info, 0, sizeof(cert_info)); |
82 | 0 | memset(&cert_obj, 0, sizeof(cert_obj)); |
83 | |
|
84 | 0 | cert_info.id.value[0] = jpki_cert_ids[i]; |
85 | 0 | cert_info.id.len = 1; |
86 | 0 | sc_format_path(jpki_cert_paths[i], &cert_info.path); |
87 | 0 | cert_info.path.type = SC_PATH_TYPE_FILE_ID; |
88 | |
|
89 | 0 | strlcpy(cert_obj.label, jpki_cert_names[i], sizeof(cert_obj.label)); |
90 | 0 | cert_info.authority = jpki_cert_authority[i]; |
91 | 0 | cert_obj.flags = jpki_cert_flags[i]; |
92 | 0 | rc = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); |
93 | 0 | if (rc < 0) { |
94 | 0 | sc_pkcs15_card_clear(p15card); |
95 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); |
96 | 0 | } |
97 | |
|
98 | 0 | } |
99 | | |
100 | | /* add pins */ |
101 | 0 | for (i = 0; i < 2; i++) { |
102 | 0 | static const char *jpki_pin_names[2] = { |
103 | 0 | "User Authentication PIN", |
104 | 0 | "Digital Signature PIN" |
105 | 0 | }; |
106 | 0 | static const int jpki_pin_min[2] = { 4, 6 }; |
107 | 0 | static const int jpki_pin_max[2] = { 4, 16 }; |
108 | 0 | static const int jpki_pin_ref[2] = { 1, 2 }; |
109 | 0 | static const int jpki_pin_authid[2] = { 1, 2 }; |
110 | 0 | static const int jpki_pin_flags[2] = { |
111 | 0 | SC_PKCS15_PIN_FLAG_INITIALIZED | |
112 | 0 | SC_PKCS15_PIN_FLAG_LOCAL, |
113 | 0 | SC_PKCS15_PIN_FLAG_INITIALIZED | |
114 | 0 | SC_PKCS15_PIN_FLAG_LOCAL |
115 | 0 | }; |
116 | 0 | static const int jpki_pin_max_tries[2] = { |
117 | 0 | JPKI_AUTH_PIN_MAX_TRIES, |
118 | 0 | JPKI_SIGN_PIN_MAX_TRIES |
119 | 0 | }; |
120 | |
|
121 | 0 | struct sc_pkcs15_auth_info pin_info; |
122 | 0 | struct sc_pkcs15_object pin_obj; |
123 | 0 | struct sc_pin_cmd_data pin_cmd_data; |
124 | 0 | memset(&pin_info, 0, sizeof (pin_info)); |
125 | 0 | memset(&pin_obj, 0, sizeof (pin_obj)); |
126 | 0 | memset(&pin_cmd_data, 0, sizeof(pin_cmd_data)); |
127 | |
|
128 | 0 | pin_info.auth_id.len = 1; |
129 | 0 | pin_info.auth_id.value[0] = jpki_pin_authid[i]; |
130 | 0 | pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; |
131 | 0 | pin_info.attrs.pin.reference = jpki_pin_ref[i]; |
132 | 0 | pin_info.attrs.pin.flags = jpki_pin_flags[i]; |
133 | 0 | pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; |
134 | 0 | pin_info.attrs.pin.min_length = jpki_pin_min[i]; |
135 | 0 | pin_info.attrs.pin.stored_length = 0; |
136 | 0 | pin_info.attrs.pin.max_length = jpki_pin_max[i]; |
137 | 0 | pin_info.attrs.pin.pad_char = '\0'; |
138 | 0 | pin_info.max_tries = jpki_pin_max_tries[i]; |
139 | 0 | pin_info.tries_left = -1; |
140 | 0 | pin_info.logged_in = SC_PIN_STATE_UNKNOWN; |
141 | |
|
142 | 0 | pin_cmd_data.cmd = SC_PIN_CMD_GET_INFO; |
143 | 0 | pin_cmd_data.pin_type = SC_AC_CHV; |
144 | 0 | pin_cmd_data.pin_reference = jpki_pin_ref[i]; |
145 | 0 | rc = sc_pin_cmd(card, &pin_cmd_data, &pin_info.tries_left); |
146 | 0 | LOG_TEST_RET(card->ctx, rc, "sc_pin_cmd failed"); |
147 | 0 | strlcpy(pin_obj.label, jpki_pin_names[i], sizeof(pin_obj.label)); |
148 | 0 | pin_obj.flags = jpki_pin_flags[i]; |
149 | |
|
150 | 0 | rc = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); |
151 | 0 | if (rc < 0) { |
152 | 0 | sc_pkcs15_card_clear(p15card); |
153 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); |
154 | 0 | } |
155 | 0 | } |
156 | | |
157 | | /* add private keys */ |
158 | 0 | for (i = 0; i < 2; i++) { |
159 | 0 | static int prkey_pin[2] = { 1, 2 }; |
160 | 0 | static int prkey_usage[2] = { |
161 | 0 | SC_PKCS15_PRKEY_USAGE_SIGN, |
162 | 0 | SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION |
163 | 0 | }; |
164 | 0 | static const char *prkey_name[2] = { |
165 | 0 | "User Authentication Key", |
166 | 0 | "Digital Signature Key" |
167 | 0 | }; |
168 | 0 | static int prkey_user_consent[2] = { 0, 1 }; |
169 | 0 | struct sc_pkcs15_prkey_info prkey_info; |
170 | 0 | struct sc_pkcs15_object prkey_obj; |
171 | |
|
172 | 0 | memset(&prkey_info, 0, sizeof (prkey_info)); |
173 | 0 | memset(&prkey_obj, 0, sizeof (prkey_obj)); |
174 | |
|
175 | 0 | prkey_info.id.len = 1; |
176 | 0 | prkey_info.id.value[0] = prkey_pin[i]; |
177 | 0 | prkey_info.usage = prkey_usage[i]; |
178 | 0 | prkey_info.native = 1; |
179 | 0 | prkey_info.key_reference = i + 1; |
180 | 0 | prkey_info.modulus_length = 2048; |
181 | |
|
182 | 0 | strlcpy(prkey_obj.label, prkey_name[i], sizeof (prkey_obj.label)); |
183 | 0 | prkey_obj.auth_id.len = 1; |
184 | 0 | prkey_obj.auth_id.value[0] = prkey_pin[i]; |
185 | 0 | prkey_obj.user_consent = prkey_user_consent[i]; |
186 | 0 | prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; |
187 | |
|
188 | 0 | rc = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); |
189 | 0 | if (rc < 0) { |
190 | 0 | sc_pkcs15_card_clear(p15card); |
191 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); |
192 | 0 | } |
193 | 0 | } |
194 | | |
195 | | /* add public keys */ |
196 | 0 | for (i = 0; i < 2; i++) { |
197 | 0 | static int pubkey_id[2] = { 1, 2 }; |
198 | 0 | static const char *jpki_pubkey_names[2] = { |
199 | 0 | "User Authentication Public Key", |
200 | 0 | "Digital Signature Public Key" |
201 | 0 | }; |
202 | 0 | static int jpki_pubkey_flags[2] = { |
203 | 0 | 0, |
204 | 0 | SC_PKCS15_CO_FLAG_PRIVATE}; |
205 | 0 | static int jpki_pubkey_auth_id[2] = {0, 2}; |
206 | 0 | struct sc_pkcs15_pubkey_info pubkey_info; |
207 | 0 | struct sc_pkcs15_object pubkey_obj; |
208 | 0 | static char const *jpki_pubkey_paths[2] = { |
209 | 0 | "000A", |
210 | 0 | "0001" |
211 | 0 | }; |
212 | |
|
213 | 0 | memset(&pubkey_info, 0, sizeof (pubkey_info)); |
214 | 0 | memset(&pubkey_obj, 0, sizeof (pubkey_obj)); |
215 | |
|
216 | 0 | strlcpy(pubkey_obj.label, jpki_pubkey_names[i], sizeof (pubkey_obj.label)); |
217 | 0 | pubkey_info.id.len = 1; |
218 | 0 | pubkey_info.id.value[0] = pubkey_id[i]; |
219 | 0 | pubkey_info.native = 1; |
220 | 0 | pubkey_info.key_reference = i + 1; |
221 | |
|
222 | 0 | sc_format_path(jpki_pubkey_paths[i], &pubkey_info.path); |
223 | 0 | pubkey_info.path.type = SC_PATH_TYPE_FILE_ID; |
224 | 0 | pubkey_obj.flags = jpki_pubkey_flags[i]; |
225 | 0 | pubkey_obj.auth_id.len = 1; |
226 | 0 | pubkey_obj.auth_id.value[0] = jpki_pubkey_auth_id[i]; |
227 | |
|
228 | 0 | rc = sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info); |
229 | 0 | if (rc < 0) { |
230 | 0 | sc_pkcs15_card_clear(p15card); |
231 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); |
232 | 0 | } |
233 | 0 | } |
234 | 0 | LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); |
235 | 0 | } |
236 | | |
237 | | int |
238 | | sc_pkcs15emu_jpki_init_ex(sc_pkcs15_card_t * p15card, |
239 | | struct sc_aid *aid) |
240 | 1 | { |
241 | 1 | if (p15card->card->type != SC_CARD_TYPE_JPKI_BASE) |
242 | 1 | return SC_ERROR_WRONG_CARD; |
243 | 0 | return sc_pkcs15emu_jpki_init(p15card); |
244 | 1 | } |