/src/opensc/src/libopensc/card-dtrust.c
Line | Count | Source |
1 | | /* |
2 | | * card-dtrust.c: Support for (CardOS based) D-Trust Signature Cards |
3 | | * |
4 | | * Copyright (C) 2023 Mario Haustein <mario.haustein@hrz.tu-chemnitz.de> |
5 | | * |
6 | | * This library is free software; you can redistribute it and/or |
7 | | * modify it under the terms of the GNU Lesser General Public |
8 | | * License as published by the Free Software Foundation; either |
9 | | * version 2.1 of the License, or (at your option) any later version. |
10 | | * |
11 | | * This library is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | | * Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public |
17 | | * License along with this library; if not, write to the Free Software |
18 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
19 | | * |
20 | | * based on card-cardos.c |
21 | | */ |
22 | | |
23 | | /* |
24 | | * This are the support periods for the D-Trust cards. The end of life time is |
25 | | * set by the expiry of the underlying card operating system and sets the |
26 | | * validity limit of the issued certificates. After end of life, the code paths |
27 | | * for the affected products may be removed, as the cards are then not useful |
28 | | * anymore. |
29 | | * |
30 | | * Start of Sales End of Sales End of life |
31 | | * D-Trust Card 4.1/4.4 n/a Nov 2024 Sep 2026 |
32 | | * D-Trust Card 5.1/5.4 Nov 2023 n/a Oct 2028 |
33 | | * D-Trust Card 6.1/6.4 Summer 2025 n/a n/a |
34 | | */ |
35 | | |
36 | | #ifdef HAVE_CONFIG_H |
37 | | #include "config.h" |
38 | | #endif |
39 | | |
40 | | #include <stdlib.h> |
41 | | #include <string.h> |
42 | | |
43 | | #include "libopensc/pace.h" |
44 | | |
45 | | #include "asn1.h" |
46 | | #include "card-cardos-common.h" |
47 | | #include "internal.h" |
48 | | #include "sm/sm-eac.h" |
49 | | |
50 | | #include "card-dtrust.h" |
51 | | |
52 | | static const struct sc_card_operations *iso_ops = NULL; |
53 | | |
54 | | static struct sc_card_operations dtrust_ops; |
55 | | |
56 | | // clang-format off |
57 | | static struct sc_card_driver dtrust_drv = { |
58 | | "D-Trust Signature Card", |
59 | | "dtrust", |
60 | | &dtrust_ops, |
61 | | NULL, 0, NULL |
62 | | }; |
63 | | // clang-format on |
64 | | |
65 | | struct dtrust_drv_data_t { |
66 | | /* track PACE state */ |
67 | | unsigned char pace : 1; |
68 | | unsigned char can : 1; |
69 | | /* global CAN from configuration file */ |
70 | | char *can_value; |
71 | | /* use CAN cache */ |
72 | | unsigned char can_cache : 1; |
73 | | /* PKCS#15 context for CAN caching */ |
74 | | struct sc_pkcs15_card *p15card; |
75 | | /* save the current security environment */ |
76 | | const sc_security_env_t *env; |
77 | | }; |
78 | | |
79 | | // clang-format off |
80 | | static const struct sc_atr_table dtrust_atrs[] = { |
81 | | /* D-Trust Signature Card v4.1 and v4.4 - CardOS 5.4 |
82 | | * |
83 | | * The ATR was intentionally omitted from minidriver_registration[] within win32/customactions.cpp |
84 | | * as it is identical to that of CardOS v5.4 and therefore already included. |
85 | | * Any new ATR may need an entry in minidriver_registration[]. */ |
86 | | { "3b:d2:18:00:81:31:fe:58:c9:04:11", NULL, NULL, SC_CARD_TYPE_DTRUST_V4_1_STD, 0, NULL }, |
87 | | |
88 | | |
89 | | /* D-Trust Signature Card v5.1 and v5.4 - CardOS 6.0 |
90 | | * |
91 | | * These cards are dual interface cards. Thus they have separate ATRs. */ |
92 | | |
93 | | /* contact based */ |
94 | | { "3b:d2:18:00:81:31:fe:58:cb:01:16", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL }, |
95 | | |
96 | | /* contactless */ |
97 | | { "3b:82:80:01:cb:01:c9", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL }, |
98 | | { "07:78:77:74:03:cb:01:09", NULL, NULL, SC_CARD_TYPE_DTRUST_V5_1_STD, 0, NULL }, |
99 | | |
100 | | { NULL, NULL, NULL, 0, 0, NULL } |
101 | | }; |
102 | | // clang-format on |
103 | | |
104 | | static struct sc_object_id oid_secp256r1 = { |
105 | | {1, 2, 840, 10045, 3, 1, 7, -1} |
106 | | }; |
107 | | static struct sc_object_id oid_secp384r1 = { |
108 | | {1, 3, 132, 0, 34, -1} |
109 | | }; |
110 | | |
111 | | static int |
112 | | _dtrust_match_cardos(sc_card_t *card) |
113 | 912 | { |
114 | 912 | int r; |
115 | 912 | size_t prodlen; |
116 | 912 | u8 buf[32]; |
117 | | |
118 | | /* check OS version */ |
119 | 912 | r = sc_get_data(card, 0x0182, buf, 32); |
120 | 912 | LOG_TEST_RET(card->ctx, r, "OS version check failed"); |
121 | | |
122 | 320 | if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) { |
123 | 178 | if (r != 2 || buf[0] != 0xc9 || buf[1] != 0x04) |
124 | 112 | return SC_ERROR_WRONG_CARD; |
125 | 178 | } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) { |
126 | 142 | if (r != 2 || buf[0] != 0xcb || buf[1] != 0x01) |
127 | 77 | return SC_ERROR_WRONG_CARD; |
128 | 142 | } |
129 | | |
130 | | /* check product name */ |
131 | 131 | r = sc_get_data(card, 0x0180, buf, 32); |
132 | 131 | LOG_TEST_RET(card->ctx, r, "Product name check failed"); |
133 | | |
134 | 90 | prodlen = (size_t)r; |
135 | 90 | if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) { |
136 | 39 | if (prodlen != strlen("CardOS V5.4 2019") + 1 || memcmp(buf, "CardOS V5.4 2019", prodlen)) |
137 | 35 | return SC_ERROR_WRONG_CARD; |
138 | 51 | } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) { |
139 | 51 | if (prodlen != strlen("CardOS V6.0 2021") + 1 || memcmp(buf, "CardOS V6.0 2021", prodlen)) |
140 | 37 | return SC_ERROR_WRONG_CARD; |
141 | 51 | } |
142 | | |
143 | 18 | return SC_SUCCESS; |
144 | 90 | } |
145 | | |
146 | | static int |
147 | | _dtrust_match_profile(sc_card_t *card) |
148 | 18 | { |
149 | 18 | sc_path_t cia_path; |
150 | 18 | int r; |
151 | 18 | u8 buf[SC_MAX_APDU_BUFFER_SIZE]; |
152 | 18 | size_t slen, plen; |
153 | 18 | const u8 *sp, *pp; |
154 | 18 | char *name; |
155 | | |
156 | 18 | sc_format_path("5032", &cia_path); |
157 | 18 | cia_path.aid.len = sizeof(cia_path.aid.value); |
158 | 18 | r = sc_hex_to_bin("E8:28:BD:08:0F:A0:00:00:01:67:45:53:49:47:4E", (u8 *)&cia_path.aid.value, &cia_path.aid.len); |
159 | 18 | LOG_TEST_RET(card->ctx, r, "Formatting AID failed"); |
160 | | |
161 | 18 | r = sc_select_file(card, &cia_path, NULL); |
162 | 18 | LOG_TEST_RET(card->ctx, r, "Selecting CIA path failed"); |
163 | | |
164 | 6 | r = sc_read_binary(card, 0, buf, SC_MAX_APDU_BUFFER_SIZE, NULL); |
165 | 6 | LOG_TEST_RET(card->ctx, r, "Reading CIA information failed"); |
166 | | |
167 | 4 | sp = sc_asn1_find_tag(card->ctx, buf, r, 0x30, &slen); |
168 | 4 | if (sp == NULL) |
169 | 3 | return SC_ERROR_WRONG_CARD; |
170 | | |
171 | | /* check vendor */ |
172 | 1 | pp = sc_asn1_find_tag(card->ctx, sp, slen, 0x0c, &plen); |
173 | 1 | if (pp == NULL) |
174 | 1 | return SC_ERROR_WRONG_CARD; |
175 | | |
176 | 0 | if (plen != 16 || memcmp(pp, "D-TRUST GmbH (C)", 16)) |
177 | 0 | return SC_ERROR_WRONG_CARD; |
178 | | |
179 | | /* check profile */ |
180 | 0 | pp = sc_asn1_find_tag(card->ctx, sp, slen, 0x80, &plen); |
181 | 0 | if (pp == NULL) |
182 | 0 | return SC_ERROR_WRONG_CARD; |
183 | | |
184 | | /* |
185 | | * The profile string contains (two) additional characters. They depend |
186 | | * on the production process, but aren't relevant for determining the |
187 | | * card profile. |
188 | | */ |
189 | 0 | if (card->type == SC_CARD_TYPE_DTRUST_V4_1_STD) { |
190 | 0 | if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 Std. RSA 2", 27)) |
191 | 0 | card->type = SC_CARD_TYPE_DTRUST_V4_1_STD; |
192 | 0 | else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.1 Multi ECC 2", 28)) |
193 | 0 | card->type = SC_CARD_TYPE_DTRUST_V4_1_MULTI; |
194 | 0 | else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.1 M100 ECC 2", 27)) |
195 | 0 | card->type = SC_CARD_TYPE_DTRUST_V4_1_M100; |
196 | 0 | else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 4.4 Std. RSA 2", 27)) |
197 | 0 | card->type = SC_CARD_TYPE_DTRUST_V4_4_STD; |
198 | 0 | else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 4.4 Multi ECC 2", 28)) |
199 | 0 | card->type = SC_CARD_TYPE_DTRUST_V4_4_MULTI; |
200 | 0 | else |
201 | 0 | return SC_ERROR_WRONG_CARD; |
202 | 0 | } else if (card->type == SC_CARD_TYPE_DTRUST_V5_1_STD) { |
203 | 0 | if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.1 Std. RSA 2", 27)) |
204 | 0 | card->type = SC_CARD_TYPE_DTRUST_V5_1_STD; |
205 | 0 | else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 5.1 Multi ECC 2", 28)) |
206 | 0 | card->type = SC_CARD_TYPE_DTRUST_V5_1_MULTI; |
207 | 0 | else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.1 M100 ECC 2", 27)) |
208 | 0 | card->type = SC_CARD_TYPE_DTRUST_V5_1_M100; |
209 | 0 | else if (plen >= 27 && !memcmp(pp, "D-TRUST Card 5.4 Std. RSA 2", 27)) |
210 | 0 | card->type = SC_CARD_TYPE_DTRUST_V5_4_STD; |
211 | 0 | else if (plen >= 28 && !memcmp(pp, "D-TRUST Card 5.4 Multi ECC 2", 28)) |
212 | 0 | card->type = SC_CARD_TYPE_DTRUST_V5_4_MULTI; |
213 | 0 | else |
214 | 0 | return SC_ERROR_WRONG_CARD; |
215 | 0 | } |
216 | | |
217 | 0 | name = malloc(plen + 1); |
218 | 0 | if (name == NULL) |
219 | 0 | return SC_ERROR_OUT_OF_MEMORY; |
220 | 0 | memcpy(name, pp, plen); |
221 | 0 | name[plen] = '\0'; |
222 | 0 | card->name = name; |
223 | |
|
224 | 0 | sc_log(card->ctx, "found %s", card->name); |
225 | |
|
226 | 0 | return SC_SUCCESS; |
227 | 0 | } |
228 | | |
229 | | static int |
230 | | dtrust_match_card(sc_card_t *card) |
231 | 94.9k | { |
232 | 94.9k | if (_sc_match_atr(card, dtrust_atrs, &card->type) < 0) |
233 | 94.0k | return 0; |
234 | | |
235 | 912 | if (_dtrust_match_cardos(card) != SC_SUCCESS) |
236 | 894 | return 0; |
237 | | |
238 | 18 | if (_dtrust_match_profile(card) != SC_SUCCESS) |
239 | 18 | return 0; |
240 | | |
241 | 0 | sc_log(card->ctx, "D-Trust Signature Card"); |
242 | |
|
243 | 0 | return 1; |
244 | 18 | } |
245 | | |
246 | | static int |
247 | | _dtrust_get_serialnr(sc_card_t *card) |
248 | 0 | { |
249 | 0 | int r; |
250 | |
|
251 | 0 | card->serialnr.len = SC_MAX_SERIALNR; |
252 | 0 | r = sc_parse_ef_gdo(card, card->serialnr.value, &card->serialnr.len, NULL, 0); |
253 | 0 | if (r < 0) { |
254 | 0 | card->serialnr.len = 0; |
255 | 0 | return r; |
256 | 0 | } |
257 | | |
258 | 0 | return SC_SUCCESS; |
259 | 0 | } |
260 | | |
261 | | static int |
262 | | dtrust_init(sc_card_t *card) |
263 | 0 | { |
264 | 0 | struct dtrust_drv_data_t *drv_data; |
265 | 0 | const char *can_env, *can_value; |
266 | 0 | size_t i, j; |
267 | 0 | scconf_block **found_blocks, *block; |
268 | 0 | int r; |
269 | 0 | const size_t data_field_length = 437; |
270 | 0 | unsigned long flags, ext_flags; |
271 | |
|
272 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
273 | |
|
274 | 0 | card->cla = 0x00; |
275 | |
|
276 | 0 | drv_data = calloc(1, sizeof(struct dtrust_drv_data_t)); |
277 | 0 | if (drv_data == NULL) |
278 | 0 | return SC_ERROR_OUT_OF_MEMORY; |
279 | | |
280 | 0 | drv_data->pace = 0; |
281 | 0 | drv_data->can = 0; |
282 | 0 | drv_data->can_value = NULL; |
283 | 0 | drv_data->can_cache = 1; |
284 | 0 | drv_data->p15card = NULL; |
285 | | |
286 | | /* read environment variable */ |
287 | 0 | can_env = getenv("DTRUST_CAN"); |
288 | | |
289 | | /* read configuration */ |
290 | 0 | can_value = NULL; |
291 | 0 | for (i = 0; card->ctx->conf_blocks[i]; i++) { |
292 | 0 | found_blocks = scconf_find_blocks(card->ctx->conf, card->ctx->conf_blocks[i], "card_driver", "dtrust"); |
293 | 0 | if (!found_blocks) |
294 | 0 | continue; |
295 | | |
296 | 0 | for (j = 0, block = found_blocks[j]; block; j++, block = found_blocks[j]) { |
297 | 0 | drv_data->can_cache = scconf_get_bool(block, "can_use_cache", drv_data->can_cache); |
298 | | |
299 | | /* Environment variable has precedence over configured CAN */ |
300 | 0 | if (can_env == NULL) { |
301 | 0 | can_value = scconf_get_str(block, "can", can_value); |
302 | 0 | } |
303 | 0 | } |
304 | 0 | free(found_blocks); |
305 | 0 | } |
306 | |
|
307 | 0 | if (can_env != NULL) { |
308 | 0 | sc_log(card->ctx, "Using CAN provided by environment variable."); |
309 | 0 | can_value = can_env; |
310 | 0 | } else if (can_value != NULL) { |
311 | 0 | sc_log(card->ctx, "Using CAN provided by configuration file."); |
312 | 0 | } |
313 | |
|
314 | 0 | if (can_value != NULL) { |
315 | 0 | size_t can_len; |
316 | |
|
317 | 0 | can_len = strlen(can_value); |
318 | 0 | drv_data->can_value = sc_mem_secure_alloc(can_len + 1); |
319 | 0 | if (drv_data->can_value == NULL) { |
320 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); |
321 | 0 | } |
322 | 0 | memcpy(drv_data->can_value, can_value, can_len + 1); |
323 | 0 | } |
324 | | |
325 | 0 | card->drv_data = drv_data; |
326 | |
|
327 | 0 | r = _dtrust_get_serialnr(card); |
328 | 0 | LOG_TEST_RET(card->ctx, r, "Error reading serial number."); |
329 | | |
330 | 0 | card->caps |= SC_CARD_CAP_APDU_EXT | SC_CARD_CAP_ISO7816_PIN_INFO; |
331 | |
|
332 | 0 | card->max_send_size = data_field_length - 6; |
333 | | #ifdef _WIN32 |
334 | | /* see card-cardos.c */ |
335 | | if (card->reader->max_send_size == 255 && card->reader->max_recv_size == 256) { |
336 | | sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "resetting reader to use data_field_length"); |
337 | | card->reader->max_send_size = data_field_length - 6; |
338 | | card->reader->max_recv_size = data_field_length - 3; |
339 | | } |
340 | | #endif |
341 | |
|
342 | 0 | card->max_send_size = sc_get_max_send_size(card); /* see card-cardos.c */ |
343 | 0 | card->max_recv_size = data_field_length - 2; |
344 | 0 | card->max_recv_size = sc_get_max_recv_size(card); |
345 | |
|
346 | 0 | flags = 0; |
347 | |
|
348 | 0 | switch (card->type) { |
349 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_STD: |
350 | 0 | case SC_CARD_TYPE_DTRUST_V4_4_STD: |
351 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_STD: |
352 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_STD: |
353 | 0 | flags |= SC_ALGORITHM_RSA_PAD_PKCS1; |
354 | 0 | flags |= SC_ALGORITHM_RSA_PAD_PSS; |
355 | 0 | flags |= SC_ALGORITHM_RSA_PAD_OAEP; |
356 | 0 | flags |= SC_ALGORITHM_RSA_HASH_SHA256; |
357 | 0 | flags |= SC_ALGORITHM_RSA_HASH_SHA384; |
358 | 0 | flags |= SC_ALGORITHM_RSA_HASH_SHA512; |
359 | 0 | flags |= SC_ALGORITHM_MGF1_SHA256; |
360 | 0 | flags |= SC_ALGORITHM_MGF1_SHA384; |
361 | 0 | flags |= SC_ALGORITHM_MGF1_SHA512; |
362 | |
|
363 | 0 | _sc_card_add_rsa_alg(card, 3072, flags, 0); |
364 | 0 | break; |
365 | | |
366 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_MULTI: |
367 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_M100: |
368 | 0 | case SC_CARD_TYPE_DTRUST_V4_4_MULTI: |
369 | 0 | flags |= SC_ALGORITHM_ECDSA_RAW; |
370 | 0 | flags |= SC_ALGORITHM_ECDH_CDH_RAW; |
371 | 0 | ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE; |
372 | |
|
373 | 0 | _sc_card_add_ec_alg(card, 256, flags, ext_flags, &oid_secp256r1); |
374 | 0 | break; |
375 | | |
376 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_MULTI: |
377 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_M100: |
378 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_MULTI: |
379 | 0 | flags |= SC_ALGORITHM_ECDSA_RAW; |
380 | 0 | flags |= SC_ALGORITHM_ECDH_CDH_RAW; |
381 | 0 | ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE; |
382 | |
|
383 | 0 | _sc_card_add_ec_alg(card, 384, flags, ext_flags, &oid_secp384r1); |
384 | 0 | break; |
385 | | |
386 | 0 | default: |
387 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_WRONG_CARD); |
388 | 0 | } |
389 | | |
390 | 0 | switch (card->type) { |
391 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_STD: |
392 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_STD: |
393 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_MULTI: |
394 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_M100: |
395 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_MULTI: |
396 | 0 | r = sc_pkcs15_bind(card, NULL, &drv_data->p15card); |
397 | 0 | LOG_TEST_RET(card->ctx, r, "Binding PKCS#15 context failed"); |
398 | 0 | break; |
399 | 0 | } |
400 | | |
401 | 0 | LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); |
402 | 0 | } |
403 | | |
404 | | static int |
405 | | dtrust_finish(sc_card_t *card) |
406 | 0 | { |
407 | 0 | struct dtrust_drv_data_t *drv_data; |
408 | |
|
409 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
410 | |
|
411 | 0 | drv_data = card->drv_data; |
412 | |
|
413 | 0 | if (drv_data->p15card != NULL) { |
414 | 0 | sc_pkcs15_unbind(drv_data->p15card); |
415 | 0 | } |
416 | |
|
417 | 0 | if (drv_data->can_value != NULL) { |
418 | 0 | sc_mem_secure_free(drv_data->can_value, strlen(drv_data->can_value) + 1); |
419 | 0 | } |
420 | |
|
421 | 0 | free((char *)card->name); |
422 | 0 | free(card->drv_data); |
423 | |
|
424 | 0 | LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); |
425 | 0 | } |
426 | | |
427 | | static int |
428 | | dtrust_select_app(struct sc_card *card, int ref) |
429 | 0 | { |
430 | 0 | sc_path_t path; |
431 | 0 | int r; |
432 | |
|
433 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
434 | |
|
435 | 0 | switch (card->type) { |
436 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_STD: |
437 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_STD: |
438 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_MULTI: |
439 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_M100: |
440 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_MULTI: |
441 | 0 | switch (ref) { |
442 | 0 | case DTRUST5_PIN_ID_QES: |
443 | 0 | sc_format_path("3F000101", &path); |
444 | 0 | break; |
445 | | |
446 | 0 | case DTRUST5_PIN_ID_AUT: |
447 | 0 | sc_format_path("3F000102", &path); |
448 | 0 | break; |
449 | | |
450 | 0 | default: |
451 | 0 | sc_format_path("3F00", &path); |
452 | 0 | break; |
453 | 0 | } |
454 | | |
455 | 0 | r = sc_select_file(card, &path, NULL); |
456 | 0 | LOG_TEST_RET(card->ctx, r, "Selecting master file failed"); |
457 | 0 | break; |
458 | 0 | } |
459 | | |
460 | 0 | LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); |
461 | 0 | } |
462 | | |
463 | | static int |
464 | | dtrust_perform_pace(struct sc_card *card, |
465 | | int ref, |
466 | | const unsigned char *pin, |
467 | | size_t pinlen, |
468 | | int *tries_left) |
469 | 0 | { |
470 | 0 | struct dtrust_drv_data_t *drv_data; |
471 | 0 | sc_path_t can_path; |
472 | 0 | u8 can_buffer[16]; |
473 | 0 | u8 *can_ptr = can_buffer; |
474 | 0 | size_t can_len; |
475 | 0 | int r; |
476 | 0 | struct establish_pace_channel_input pace_input; |
477 | 0 | struct establish_pace_channel_output pace_output; |
478 | |
|
479 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
480 | |
|
481 | 0 | drv_data = card->drv_data; |
482 | | |
483 | | /* Dummy file path for the CAN cache */ |
484 | 0 | sc_format_path("CA4E", &can_path); |
485 | | |
486 | | /* Read CAN cache always. We need to know if the cache contains a CAN |
487 | | * value even if we use a CAN source with higher precedence. The CAN |
488 | | * cache must only be written if it was empty. Writing to a non-empty |
489 | | * cache file will append the data to be written instead of overwriting |
490 | | * the file. */ |
491 | 0 | can_len = sizeof(can_buffer) - 1; |
492 | 0 | r = sc_pkcs15_read_cached_file(drv_data->p15card, &can_path, &can_ptr, &can_len); |
493 | 0 | if (r == SC_SUCCESS && can_len > 0) { |
494 | 0 | can_buffer[can_len] = '\0'; |
495 | 0 | } else { |
496 | 0 | can_len = 0; |
497 | 0 | } |
498 | | |
499 | | /* The PKCS#11 layer cannot provide a CAN. Instead we consider the |
500 | | * following sources for CAN input. |
501 | | * 1. A CAN provided by the caller |
502 | | * 2. A CAN provided in the environment variable DTRUST_CAN |
503 | | * 3. A CAN provided in the configuration file |
504 | | * 4. A cached CAN when the cache feature is enabled |
505 | | * 5. If the reader supports the PACE protocol, we let it query for a |
506 | | * CAN on the pin pad. |
507 | | * 6. Querying the user interactively if possible */ |
508 | 0 | if (ref == PACE_PIN_ID_CAN) { |
509 | | /* Use CAN from environment variable or configuration file */ |
510 | 0 | if (pin == NULL) { |
511 | 0 | pin = (const unsigned char *)drv_data->can_value; |
512 | 0 | if (pin != NULL) { |
513 | 0 | sc_log(card->ctx, "Using static CAN (environment variable/configuration file)."); |
514 | 0 | pinlen = strlen(drv_data->can_value); |
515 | 0 | } |
516 | 0 | } |
517 | | |
518 | | /* Use the CAN cache if no CAN is provided. */ |
519 | 0 | if (drv_data->can_cache && pin == NULL) { |
520 | 0 | if (can_len > 0) { |
521 | 0 | sc_log(card->ctx, "Using cached CAN."); |
522 | 0 | pin = can_buffer; |
523 | 0 | pinlen = can_len; |
524 | 0 | } else { |
525 | 0 | sc_log(card->ctx, "No cached CAN available."); |
526 | 0 | } |
527 | 0 | } |
528 | | |
529 | | /* Query the user interactively if no cached CAN is available. */ |
530 | 0 | if (pin == NULL) { |
531 | 0 | if (card->reader->capabilities & SC_READER_CAP_PACE_GENERIC) { |
532 | | /* If no CAN is provided and the reader is |
533 | | * PACE-capable, we leave pin == NULL to request the |
534 | | * ready for querying the CAN on its pin pad. */ |
535 | 0 | sc_log(card->ctx, "Letting the reader prompt for the CAN on its pin pad."); |
536 | 0 | } else { |
537 | | /* TODO: Request user input */ |
538 | 0 | sc_log(card->ctx, "Unable to query for the CAN. Aborting."); |
539 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); |
540 | 0 | } |
541 | 0 | } |
542 | 0 | } |
543 | | |
544 | | /* Establish secure channel via PACE */ |
545 | 0 | memset(&pace_input, 0, sizeof pace_input); |
546 | 0 | memset(&pace_output, 0, sizeof pace_output); |
547 | |
|
548 | 0 | pace_input.pin_id = ref; |
549 | 0 | pace_input.pin = pin; |
550 | 0 | pace_input.pin_length = pinlen; |
551 | | |
552 | | /* Select the right application for authentication. */ |
553 | 0 | r = dtrust_select_app(card, ref); |
554 | 0 | LOG_TEST_RET(card->ctx, r, "Selecting application failed"); |
555 | | |
556 | 0 | r = perform_pace(card, pace_input, &pace_output, EAC_TR_VERSION_2_02); |
557 | | |
558 | | /* We need to track whether we established a PACE channel. Checking |
559 | | * against card->sm_ctx.sm_mode != SM_MODE_TRANSMIT is not sufficient |
560 | | * as PACE-capable card readers handle secure messaging transparently. */ |
561 | 0 | if (r == SC_SUCCESS) { |
562 | 0 | drv_data->pace = 1; |
563 | 0 | } |
564 | | |
565 | | /* We further need to track whether we authenticated against CAN as |
566 | | * only this PINs allows us to verify the QES or AUT-PIN. */ |
567 | 0 | if (ref == PACE_PIN_ID_CAN) { |
568 | 0 | drv_data->can = r == SC_SUCCESS; |
569 | 0 | } |
570 | |
|
571 | 0 | free(pace_output.ef_cardaccess); |
572 | 0 | free(pace_output.recent_car); |
573 | 0 | free(pace_output.previous_car); |
574 | 0 | free(pace_output.id_icc); |
575 | 0 | free(pace_output.id_pcd); |
576 | |
|
577 | 0 | if (tries_left != NULL) { |
578 | 0 | if (r != SC_SUCCESS && |
579 | 0 | pace_output.mse_set_at_sw1 == 0x63 && |
580 | 0 | (pace_output.mse_set_at_sw2 & 0xc0) == 0xc0) { |
581 | 0 | *tries_left = pace_output.mse_set_at_sw2 & 0x0f; |
582 | 0 | } else { |
583 | 0 | *tries_left = -1; |
584 | 0 | } |
585 | 0 | } |
586 | | |
587 | | /* Write CAN to the cache, if it is correct and the cache was initially empty. */ |
588 | 0 | if (ref == PACE_PIN_ID_CAN && pin != NULL && drv_data->can_cache && |
589 | 0 | r == SC_SUCCESS && can_len == 0) { |
590 | 0 | sc_pkcs15_cache_file(drv_data->p15card, &can_path, pin, pinlen); |
591 | 0 | } |
592 | |
|
593 | 0 | return r; |
594 | 0 | } |
595 | | |
596 | | static int |
597 | | dtrust_pin_cmd_get_info(struct sc_card *card, |
598 | | struct sc_pin_cmd_data *data, |
599 | | int *tries_left) |
600 | 0 | { |
601 | 0 | struct dtrust_drv_data_t *drv_data; |
602 | 0 | int r; |
603 | |
|
604 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
605 | |
|
606 | 0 | drv_data = card->drv_data; |
607 | |
|
608 | 0 | switch (data->pin_reference) { |
609 | 0 | case PACE_PIN_ID_CAN: |
610 | | /* unlimited number of retries */ |
611 | 0 | *tries_left = -1; |
612 | 0 | data->pin1.max_tries = -1; |
613 | 0 | data->pin1.tries_left = -1; |
614 | 0 | r = SC_SUCCESS; |
615 | 0 | break; |
616 | | |
617 | 0 | case PACE_PIN_ID_PUK: |
618 | 0 | case DTRUST5_PIN_ID_PIN_T: |
619 | 0 | case DTRUST5_PIN_ID_PIN_T_AUT: |
620 | | /* Select the right application for authentication. */ |
621 | 0 | r = dtrust_select_app(card, data->pin_reference); |
622 | 0 | LOG_TEST_RET(card->ctx, r, "Selecting application failed"); |
623 | | |
624 | | /* FIXME: Doesn't work. Returns SW1=69 SW2=85 (Conditions of use not satisfied) instead. */ |
625 | 0 | data->pin1.max_tries = 3; |
626 | 0 | r = eac_pace_get_tries_left(card, data->pin_reference, &data->pin1.tries_left); |
627 | 0 | if (tries_left != NULL) { |
628 | 0 | *tries_left = data->pin1.tries_left; |
629 | 0 | } |
630 | 0 | break; |
631 | | |
632 | 0 | default: |
633 | | /* Check if CAN authentication is necessary */ |
634 | 0 | if (!drv_data->can) { |
635 | | /* Establish a secure channel with CAN to query PIN information. */ |
636 | 0 | r = dtrust_perform_pace(card, PACE_PIN_ID_CAN, NULL, 0, NULL); |
637 | 0 | LOG_TEST_RET(card->ctx, r, "CAN authentication failed"); |
638 | | |
639 | | /* Select the right application again. */ |
640 | 0 | r = dtrust_select_app(card, data->pin_reference); |
641 | 0 | LOG_TEST_RET(card->ctx, r, "Selecting application failed"); |
642 | 0 | } |
643 | | |
644 | | /* Now query PIN information */ |
645 | 0 | r = iso_ops->pin_cmd(card, data, tries_left); |
646 | 0 | break; |
647 | 0 | } |
648 | | |
649 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
650 | 0 | } |
651 | | |
652 | | static int |
653 | | dtrust_pin_cmd_verify(struct sc_card *card, |
654 | | struct sc_pin_cmd_data *data, |
655 | | int *tries_left) |
656 | 0 | { |
657 | 0 | struct dtrust_drv_data_t *drv_data; |
658 | 0 | int r; |
659 | |
|
660 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
661 | |
|
662 | 0 | drv_data = card->drv_data; |
663 | |
|
664 | 0 | switch (data->pin_reference) { |
665 | | /* When the retry counter reaches 1 PACE-PINs become suspended. Before |
666 | | * verifying a suspended PIN, the CAN has to verified. We go without |
667 | | * verifying the CAN here, as this only matters for the PUK and the |
668 | | * transport PIN. Neither PIN ist required during normal operation. The |
669 | | * user has to resume a suspended PIN using dtrust-tool which manages |
670 | | * CAN authentication. */ |
671 | 0 | case PACE_PIN_ID_CAN: |
672 | 0 | case PACE_PIN_ID_PUK: |
673 | 0 | case DTRUST5_PIN_ID_PIN_T: |
674 | 0 | case DTRUST5_PIN_ID_PIN_T_AUT: |
675 | | /* Establish secure channel via PACE */ |
676 | 0 | r = dtrust_perform_pace(card, data->pin_reference, data->pin1.data, data->pin1.len, tries_left); |
677 | 0 | break; |
678 | | |
679 | 0 | default: |
680 | | /* Check if CAN authentication is necessary */ |
681 | 0 | if (!drv_data->can) { |
682 | | /* Establish a secure channel with CAN to to verify the PINs. */ |
683 | 0 | r = dtrust_perform_pace(card, PACE_PIN_ID_CAN, NULL, 0, NULL); |
684 | 0 | LOG_TEST_RET(card->ctx, r, "CAN authentication failed"); |
685 | | |
686 | | /* Select the right application again. */ |
687 | 0 | r = dtrust_select_app(card, data->pin_reference); |
688 | 0 | LOG_TEST_RET(card->ctx, r, "Selecting application failed"); |
689 | 0 | } |
690 | | |
691 | | /* Now verify the PIN */ |
692 | 0 | r = iso_ops->pin_cmd(card, data, tries_left); |
693 | |
|
694 | 0 | break; |
695 | 0 | } |
696 | | |
697 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
698 | 0 | } |
699 | | |
700 | | static int |
701 | | dtrust_pin_cmd(struct sc_card *card, |
702 | | struct sc_pin_cmd_data *data, |
703 | | int *tries_left) |
704 | 0 | { |
705 | 0 | struct dtrust_drv_data_t *drv_data; |
706 | 0 | int r; |
707 | |
|
708 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
709 | |
|
710 | 0 | drv_data = card->drv_data; |
711 | |
|
712 | 0 | if (!data) |
713 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); |
714 | | |
715 | | /* Upper layers may try to verify the PIN twice, first with PIN type |
716 | | * SC_AC_CHV and then with PIN type SC_AC_CONTEXT_SPECIFIC. For the |
717 | | * second attempt we first check by SC_PIN_CMD_GET_INFO whether a |
718 | | * second PIN authentication is still necessary. If not, we simply |
719 | | * return without a second verification attempt. Otherwise we perform |
720 | | * the verification as requested. This only matters for pin pad readers |
721 | | * to prevent the user from prompting the PIN twice. */ |
722 | 0 | if (data->cmd == SC_PIN_CMD_VERIFY && data->pin_type == SC_AC_CONTEXT_SPECIFIC) { |
723 | 0 | struct sc_pin_cmd_data data2; |
724 | |
|
725 | 0 | sc_log(card->ctx, "Checking if verification of PIN 0x%02x is necessary.", data->pin_reference); |
726 | |
|
727 | 0 | memset(&data2, 0, sizeof(struct sc_pin_cmd_data)); |
728 | 0 | data2.pin_reference = data->pin_reference; |
729 | 0 | data2.pin1 = data->pin1; |
730 | | |
731 | | /* Check verification state */ |
732 | 0 | data2.cmd = SC_PIN_CMD_GET_INFO; |
733 | 0 | data2.pin_type = data->pin_type; |
734 | 0 | r = dtrust_pin_cmd(card, &data2, tries_left); |
735 | |
|
736 | 0 | if (data2.pin1.logged_in == SC_PIN_STATE_LOGGED_IN) { |
737 | | /* Return if we are already authenticated */ |
738 | 0 | sc_log(card->ctx, "PIN 0x%02x already verified. Skipping authentication.", data->pin_reference); |
739 | |
|
740 | 0 | data->pin1 = data2.pin1; |
741 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
742 | 0 | } |
743 | | |
744 | 0 | sc_log(card->ctx, "Additional verification of PIN 0x%02x is necessary.", data->pin_reference); |
745 | 0 | } |
746 | | |
747 | | /* No special handling for D-Trust Card 4.1/4.4 */ |
748 | 0 | if (card->type >= SC_CARD_TYPE_DTRUST_V4_1_STD && card->type <= SC_CARD_TYPE_DTRUST_V4_4_MULTI) { |
749 | 0 | r = iso_ops->pin_cmd(card, data, tries_left); |
750 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
751 | 0 | } |
752 | | |
753 | 0 | switch (data->cmd) { |
754 | 0 | case SC_PIN_CMD_GET_INFO: |
755 | 0 | r = dtrust_pin_cmd_get_info(card, data, tries_left); |
756 | 0 | break; |
757 | | |
758 | 0 | case SC_PIN_CMD_VERIFY: |
759 | 0 | r = dtrust_pin_cmd_verify(card, data, tries_left); |
760 | 0 | break; |
761 | | |
762 | 0 | case SC_PIN_CMD_CHANGE: |
763 | | /* The card requires a secure channel to change the PIN. |
764 | | * Although we could return the error code of the card, we |
765 | | * prevent to send the APDU in case no secure channel was |
766 | | * established. This prevents us from exposing our new PIN |
767 | | * inadvertently in plaintext over the contactless interface in |
768 | | * case of a software error in the upper layers. */ |
769 | 0 | if (!drv_data->pace) { |
770 | 0 | sc_log(card->ctx, "Secure channel required for PIN change"); |
771 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_SECURITY_STATUS_NOT_SATISFIED); |
772 | 0 | } |
773 | | |
774 | 0 | if (data->pin1.len != 0 || !(data->flags & SC_PIN_CMD_IMPLICIT_CHANGE)) { |
775 | 0 | sc_log(card->ctx, "Card supports implicit PIN change only"); |
776 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); |
777 | 0 | } |
778 | | |
779 | 0 | if (data->pin2.len == 0 && !(data->flags & SC_PIN_CMD_USE_PINPAD)) { |
780 | 0 | sc_log(card->ctx, "No value provided for the new PIN"); |
781 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); |
782 | 0 | } |
783 | | |
784 | 0 | r = iso_ops->pin_cmd(card, data, tries_left); |
785 | 0 | break; |
786 | | |
787 | 0 | case SC_PIN_CMD_UNBLOCK: |
788 | | /* The supports only to reset the retry counter to its default |
789 | | * value, but not to set verify or set a PIN. */ |
790 | 0 | if (data->pin1.len != 0 || data->pin2.len != 0 || |
791 | 0 | data->flags & SC_PIN_CMD_USE_PINPAD) { |
792 | 0 | sc_log(card->ctx, "Card supports retry counter reset only"); |
793 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); |
794 | 0 | } |
795 | | |
796 | 0 | r = iso_ops->pin_cmd(card, data, tries_left); |
797 | 0 | break; |
798 | | |
799 | 0 | default: |
800 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL); |
801 | 0 | } |
802 | | |
803 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
804 | 0 | } |
805 | | |
806 | | static int |
807 | | dtrust_set_security_env(sc_card_t *card, |
808 | | const sc_security_env_t *env, |
809 | | int se_num) |
810 | 0 | { |
811 | 0 | struct dtrust_drv_data_t *drv_data; |
812 | |
|
813 | 0 | if (card == NULL || env == NULL) |
814 | 0 | return SC_ERROR_INVALID_ARGUMENTS; |
815 | | |
816 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
817 | |
|
818 | 0 | drv_data = card->drv_data; |
819 | 0 | drv_data->env = env; |
820 | |
|
821 | 0 | if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT) || env->key_ref_len != 1) { |
822 | 0 | sc_log(card->ctx, "No or invalid key reference"); |
823 | 0 | return SC_ERROR_INVALID_ARGUMENTS; |
824 | 0 | } |
825 | | |
826 | | /* |
827 | | * The card does not support to set a security environment. Instead a |
828 | | * predefined template has to be loaded via MSE RESTORE which depends |
829 | | * on the algorithm used. |
830 | | */ |
831 | | |
832 | 0 | switch (env->operation) { |
833 | 0 | case SC_SEC_OPERATION_DECIPHER: |
834 | 0 | if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1_TYPE_02) { |
835 | 0 | se_num = 0x31; |
836 | 0 | } else if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_OAEP) { |
837 | 0 | switch (env->algorithm_flags & SC_ALGORITHM_MGF1_HASHES) { |
838 | 0 | case SC_ALGORITHM_MGF1_SHA256: |
839 | 0 | se_num = 0x32; |
840 | 0 | break; |
841 | 0 | case SC_ALGORITHM_MGF1_SHA384: |
842 | 0 | se_num = 0x33; |
843 | 0 | break; |
844 | 0 | case SC_ALGORITHM_MGF1_SHA512: |
845 | 0 | se_num = 0x34; |
846 | 0 | break; |
847 | | |
848 | 0 | default: |
849 | 0 | return SC_ERROR_NOT_SUPPORTED; |
850 | 0 | } |
851 | 0 | } else { |
852 | 0 | return SC_ERROR_NOT_SUPPORTED; |
853 | 0 | } |
854 | 0 | break; |
855 | | |
856 | 0 | case SC_SEC_OPERATION_SIGN: |
857 | 0 | if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1_TYPE_01) { |
858 | 0 | switch (env->algorithm_flags & SC_ALGORITHM_RSA_HASHES) { |
859 | 0 | case SC_ALGORITHM_RSA_HASH_SHA256: |
860 | 0 | se_num = 0x25; |
861 | 0 | break; |
862 | 0 | case SC_ALGORITHM_RSA_HASH_SHA384: |
863 | 0 | se_num = 0x26; |
864 | 0 | break; |
865 | 0 | case SC_ALGORITHM_RSA_HASH_SHA512: |
866 | 0 | se_num = 0x27; |
867 | 0 | break; |
868 | | |
869 | 0 | default: |
870 | 0 | return SC_ERROR_NOT_SUPPORTED; |
871 | 0 | } |
872 | 0 | } else if (env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PSS) { |
873 | | /* |
874 | | * According to the specification the message digest has |
875 | | * to match the hash function used for the PSS scheme. |
876 | | * We don't enforce this constraint here as the output |
877 | | * is valid in all cases as long as the message digest |
878 | | * is calculated in software and not on the card. |
879 | | */ |
880 | |
|
881 | 0 | switch (env->algorithm_flags & SC_ALGORITHM_MGF1_HASHES) { |
882 | 0 | case SC_ALGORITHM_MGF1_SHA256: |
883 | 0 | se_num = 0x19; |
884 | 0 | break; |
885 | 0 | case SC_ALGORITHM_MGF1_SHA384: |
886 | 0 | se_num = 0x1A; |
887 | 0 | break; |
888 | 0 | case SC_ALGORITHM_MGF1_SHA512: |
889 | 0 | se_num = 0x1B; |
890 | 0 | break; |
891 | | |
892 | 0 | default: |
893 | 0 | return SC_ERROR_NOT_SUPPORTED; |
894 | 0 | } |
895 | 0 | } else if (env->algorithm_flags & SC_ALGORITHM_ECDSA_RAW) { |
896 | 0 | switch (card->type) { |
897 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_MULTI: |
898 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_M100: |
899 | 0 | case SC_CARD_TYPE_DTRUST_V4_4_MULTI: |
900 | | /* ECDSA on SHA-256 hashes. Other hashes will work though. */ |
901 | 0 | se_num = 0x21; |
902 | 0 | break; |
903 | | |
904 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_MULTI: |
905 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_M100: |
906 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_MULTI: |
907 | | /* ECDSA on SHA-384 hashes. Other hashes will work though. */ |
908 | 0 | se_num = 0x22; |
909 | 0 | break; |
910 | | |
911 | 0 | default: |
912 | 0 | return SC_ERROR_NOT_SUPPORTED; |
913 | 0 | } |
914 | 0 | } else { |
915 | 0 | return SC_ERROR_NOT_SUPPORTED; |
916 | 0 | } |
917 | 0 | break; |
918 | | |
919 | 0 | case SC_SEC_OPERATION_DERIVE: |
920 | 0 | if (env->algorithm_flags & SC_ALGORITHM_ECDH_CDH_RAW) { |
921 | 0 | se_num = 0x39; |
922 | 0 | } else { |
923 | 0 | return SC_ERROR_NOT_SUPPORTED; |
924 | 0 | } |
925 | 0 | break; |
926 | | |
927 | 0 | default: |
928 | 0 | return SC_ERROR_NOT_SUPPORTED; |
929 | 0 | } |
930 | | |
931 | 0 | return iso_ops->restore_security_env(card, se_num); |
932 | 0 | } |
933 | | |
934 | | static int |
935 | | dtrust_compute_signature(struct sc_card *card, const u8 *data, |
936 | | size_t data_len, u8 *out, size_t outlen) |
937 | 0 | { |
938 | 0 | struct dtrust_drv_data_t *drv_data; |
939 | 0 | unsigned long flags; |
940 | 0 | size_t buflen = 0, tmplen; |
941 | 0 | u8 *buf = NULL; |
942 | 0 | int r; |
943 | |
|
944 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
945 | |
|
946 | 0 | drv_data = card->drv_data; |
947 | 0 | flags = drv_data->env->algorithm_flags; |
948 | | |
949 | | /* |
950 | | * PKCS#1 padded signatures require some special handling. When using |
951 | | * the PKCS#1 scheme, first a digest info OID is prepended to the |
952 | | * message digest. Afterward this resulting octet string is padded to |
953 | | * the length of the key modulus. The card performs padding, but |
954 | | * requires the digest info to be prepended in software. |
955 | | */ |
956 | | |
957 | | /* Only PKCS#1 signature scheme requires special handling */ |
958 | 0 | if (!(flags & SC_ALGORITHM_RSA_PAD_PKCS1)) |
959 | 0 | return iso_ops->compute_signature(card, data, data_len, out, outlen); |
960 | | |
961 | | /* |
962 | | * We have to clear the padding flag, because padding is done in |
963 | | * hardware. We are keeping the hash algorithm flags, to ensure the |
964 | | * digest info is prepended before padding. |
965 | | */ |
966 | 0 | flags &= ~SC_ALGORITHM_RSA_PAD_PKCS1; |
967 | 0 | flags |= SC_ALGORITHM_RSA_PAD_NONE; |
968 | | |
969 | | /* 32 Bytes should be enough to prepend the digest info */ |
970 | 0 | buflen = data_len + 32; |
971 | 0 | buf = sc_mem_secure_alloc(buflen); |
972 | 0 | if (buf == NULL) |
973 | 0 | LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); |
974 | | |
975 | 0 | tmplen = buflen; |
976 | | |
977 | | /* Prepend digest info */ |
978 | 0 | r = sc_pkcs1_encode(card->ctx, flags, data, data_len, buf, &tmplen, 0, NULL); |
979 | 0 | LOG_TEST_GOTO_ERR(card->ctx, r, "Prepending digest info failed"); |
980 | | |
981 | | /* Do padding in hardware and compute signature */ |
982 | 0 | r = iso_ops->compute_signature(card, buf, tmplen, out, outlen); |
983 | |
|
984 | 0 | err: |
985 | 0 | sc_mem_secure_clear_free(buf, buflen); |
986 | |
|
987 | 0 | return r; |
988 | 0 | } |
989 | | |
990 | | static int |
991 | | dtrust_decipher(struct sc_card *card, const u8 *data, |
992 | | size_t data_len, u8 *out, size_t outlen) |
993 | 0 | { |
994 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
995 | |
|
996 | 0 | switch (card->type) { |
997 | | /* No special handling necessary for RSA cards. */ |
998 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_STD: |
999 | 0 | case SC_CARD_TYPE_DTRUST_V4_4_STD: |
1000 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_STD: |
1001 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_STD: |
1002 | 0 | LOG_FUNC_RETURN(card->ctx, iso_ops->decipher(card, data, data_len, out, outlen)); |
1003 | | |
1004 | | /* Elliptic Curve cards cannot use PSO:DECIPHER command and need to |
1005 | | * perform key agreement by a CardOS specific command. */ |
1006 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_MULTI: |
1007 | 0 | case SC_CARD_TYPE_DTRUST_V4_1_M100: |
1008 | 0 | case SC_CARD_TYPE_DTRUST_V4_4_MULTI: |
1009 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_MULTI: |
1010 | 0 | case SC_CARD_TYPE_DTRUST_V5_1_M100: |
1011 | 0 | case SC_CARD_TYPE_DTRUST_V5_4_MULTI: |
1012 | 0 | LOG_FUNC_RETURN(card->ctx, cardos_ec_compute_shared_value(card, data, data_len, out, outlen)); |
1013 | | |
1014 | 0 | default: |
1015 | 0 | return SC_ERROR_NOT_SUPPORTED; |
1016 | 0 | } |
1017 | 0 | } |
1018 | | |
1019 | | static int |
1020 | | dtrust_logout(sc_card_t *card) |
1021 | 0 | { |
1022 | 0 | struct dtrust_drv_data_t *drv_data; |
1023 | 0 | int r; |
1024 | |
|
1025 | 0 | SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); |
1026 | |
|
1027 | 0 | drv_data = card->drv_data; |
1028 | |
|
1029 | 0 | sc_sm_stop(card); |
1030 | 0 | drv_data->pace = 0; |
1031 | 0 | drv_data->can = 0; |
1032 | | |
1033 | | /* If PACE is done between reader and card, SM is transparent to us as |
1034 | | * it ends at the reader. With CLA=0x0C we provoke a SM error to |
1035 | | * disable SM on the reader. */ |
1036 | 0 | if (card->reader->capabilities & SC_READER_CAP_PACE_GENERIC) { |
1037 | 0 | struct sc_apdu apdu; |
1038 | |
|
1039 | 0 | sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xA4, 0x00, 0x00); |
1040 | 0 | apdu.cla = 0x0C; |
1041 | |
|
1042 | 0 | r = sc_transmit_apdu(card, &apdu); |
1043 | 0 | if (r != SC_SUCCESS) |
1044 | 0 | sc_log(card->ctx, "Warning: Could not logout."); |
1045 | 0 | } |
1046 | |
|
1047 | 0 | r = sc_select_file(card, sc_get_mf_path(), NULL); |
1048 | |
|
1049 | 0 | LOG_FUNC_RETURN(card->ctx, r); |
1050 | 0 | } |
1051 | | |
1052 | | struct sc_card_driver * |
1053 | | sc_get_dtrust_driver(void) |
1054 | 101k | { |
1055 | 101k | if (iso_ops == NULL) |
1056 | 10 | iso_ops = sc_get_iso7816_driver()->ops; |
1057 | | |
1058 | 101k | dtrust_ops = *iso_ops; |
1059 | 101k | dtrust_ops.match_card = dtrust_match_card; |
1060 | 101k | dtrust_ops.init = dtrust_init; |
1061 | 101k | dtrust_ops.finish = dtrust_finish; |
1062 | 101k | dtrust_ops.pin_cmd = dtrust_pin_cmd; |
1063 | 101k | dtrust_ops.set_security_env = dtrust_set_security_env; |
1064 | 101k | dtrust_ops.compute_signature = dtrust_compute_signature; |
1065 | 101k | dtrust_ops.decipher = dtrust_decipher; |
1066 | 101k | dtrust_ops.logout = dtrust_logout; |
1067 | | |
1068 | 101k | return &dtrust_drv; |
1069 | 101k | } |