search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed EOF detection for encrypted packets.
[gnupg.git] / scd / app-openpgp.c
blobd4685916e0bd5bc51f595841bfe077a33530dfd8
1 /* app-openpgp.c - The OpenPGP card application.
2 * Copyright (C) 2003, 2004, 2005, 2007, 2008,
3 * 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 /* Some notes:
22
23 CHV means Card Holder Verification and is nothing else than a PIN
24 or password. That term seems to have been used originally with GSM
25 cards. Version v2 of the specs changes the term to the clearer
26 term PW for password. We use the terms here interchangeable
27 because we do not want to change existing strings i18n wise.
28
29 Version 2 of the specs also drops the separate PW2 which was
30 required in v1 due to ISO requirements. It is now possible to have
31 one physical PW but two reference to it so that they can be
32 individually be verified (e.g. to implement a forced verification
33 for one key). Thus you will noticed the use of PW2 with the verify
34 command but not with change_reference_data because the latter
35 operates directly on the physical PW.
36
37 The Reset Code (RC) as implemented by v2 cards uses the same error
38 counter as the PW2 of v1 cards. By default no RC is set and thus
39 that error counter is set to 0. After setting the RC the error
40 counter will be initialized to 3.
41
42 */
43
44 #include <config.h>
45 #include <errno.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <assert.h>
50 #include <time.h>
51
52 #if GNUPG_MAJOR_VERSION == 1
53 /* This is used with GnuPG version < 1.9. The code has been source
54 copied from the current GnuPG >= 1.9 and is maintained over
55 there. */
56 #include "options.h"
57 #include "errors.h"
58 #include "memory.h"
59 #include "util.h"
60 #include "cardglue.h"
61 #else /* GNUPG_MAJOR_VERSION != 1 */
62 #include "scdaemon.h"
63 #endif /* GNUPG_MAJOR_VERSION != 1 */
64
65 #include "i18n.h"
66 #include "iso7816.h"
67 #include "app-common.h"
68 #include "tlv.h"
69
70
71 /* A table describing the DOs of the card. */
72 static struct {
73 int tag;
74 int constructed;
75 int get_from; /* Constructed DO with this DO or 0 for direct access. */
76 int binary:1;
77 int dont_cache:1;
78 int flush_on_error:1;
79 int get_immediate_in_v11:1; /* Enable a hack to bypass the cache of
80 this data object if it is used in 1.1
81 and later versions of the card. This
82 does not work with composite DO and
83 is currently only useful for the CHV
84 status bytes. */
85 int try_extlen:1; /* Large object; try to use an extended
86 length APDU. */
87 char *desc;
88 } data_objects[] = {
89 { 0x005E, 0, 0, 1, 0, 0, 0, 0, "Login Data" },
90 { 0x5F50, 0, 0, 0, 0, 0, 0, 0, "URL" },
91 { 0x5F52, 0, 0, 1, 0, 0, 0, 0, "Historical Bytes" },
92 { 0x0065, 1, 0, 1, 0, 0, 0, 0, "Cardholder Related Data"},
93 { 0x005B, 0, 0x65, 0, 0, 0, 0, 0, "Name" },
94 { 0x5F2D, 0, 0x65, 0, 0, 0, 0, 0, "Language preferences" },
95 { 0x5F35, 0, 0x65, 0, 0, 0, 0, 0, "Sex" },
96 { 0x006E, 1, 0, 1, 0, 0, 0, 0, "Application Related Data" },
97 { 0x004F, 0, 0x6E, 1, 0, 0, 0, 0, "AID" },
98 { 0x0073, 1, 0, 1, 0, 0, 0, 0, "Discretionary Data Objects" },
99 { 0x0047, 0, 0x6E, 1, 1, 0, 0, 0, "Card Capabilities" },
100 { 0x00C0, 0, 0x6E, 1, 1, 0, 0, 0, "Extended Card Capabilities" },
101 { 0x00C1, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Signature" },
102 { 0x00C2, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Decryption" },
103 { 0x00C3, 0, 0x6E, 1, 1, 0, 0, 0, "Algorithm Attributes Authentication" },
104 { 0x00C4, 0, 0x6E, 1, 0, 1, 1, 0, "CHV Status Bytes" },
105 { 0x00C5, 0, 0x6E, 1, 0, 0, 0, 0, "Fingerprints" },
106 { 0x00C6, 0, 0x6E, 1, 0, 0, 0, 0, "CA Fingerprints" },
107 { 0x00CD, 0, 0x6E, 1, 0, 0, 0, 0, "Generation time" },
108 { 0x007A, 1, 0, 1, 0, 0, 0, 0, "Security Support Template" },
109 { 0x0093, 0, 0x7A, 1, 1, 0, 0, 0, "Digital Signature Counter" },
110 { 0x0101, 0, 0, 0, 0, 0, 0, 0, "Private DO 1"},
111 { 0x0102, 0, 0, 0, 0, 0, 0, 0, "Private DO 2"},
112 { 0x0103, 0, 0, 0, 0, 0, 0, 0, "Private DO 3"},
113 { 0x0104, 0, 0, 0, 0, 0, 0, 0, "Private DO 4"},
114 { 0x7F21, 1, 0, 1, 0, 0, 0, 1, "Cardholder certificate"},
115 { 0 }
116 };
117
118
119 /* The format of RSA private keys. */
120 typedef enum
121 {
122 RSA_UNKNOWN_FMT,
123 RSA_STD,
124 RSA_STD_N,
125 RSA_CRT,
126 RSA_CRT_N
127 }
128 rsa_key_format_t;
129
130
131 /* One cache item for DOs. */
132 struct cache_s {
133 struct cache_s *next;
134 int tag;
135 size_t length;
136 unsigned char data[1];
137 };
138
139
140 /* Object with application (i.e. OpenPGP card) specific data. */
141 struct app_local_s {
142 /* A linked list with cached DOs. */
143 struct cache_s *cache;
144
145 /* Keep track of the public keys. */
146 struct
147 {
148 int read_done; /* True if we have at least tried to read them. */
149 unsigned char *key; /* This is a malloced buffer with a canonical
150 encoded S-expression encoding a public
151 key. Might be NULL if key is not
152 available. */
153 size_t keylen; /* The length of the above S-expression. This
154 is usually only required for cross checks
155 because the length of an S-expression is
156 implicitly available. */
157 } pk[3];
158
159 unsigned char status_indicator; /* The card status indicator. */
160
161 /* Keep track of the ISO card capabilities. */
162 struct
163 {
164 unsigned int cmd_chaining:1; /* Command chaining is supported. */
165 unsigned int ext_lc_le:1; /* Extended Lc and Le are supported. */
166 } cardcap;
167
168 /* Keep track of extended card capabilities. */
169 struct
170 {
171 unsigned int is_v2:1; /* This is a v2.0 compatible card. */
172 unsigned int get_challenge:1;
173 unsigned int key_import:1;
174 unsigned int change_force_chv:1;
175 unsigned int private_dos:1;
176 unsigned int algo_attr_change:1; /* Algorithm attributes changeable. */
177 unsigned int sm_supported:1; /* Secure Messaging is supported. */
178 unsigned int sm_aes128:1; /* Use AES-128 for SM. */
179 unsigned int max_certlen_3:16;
180 unsigned int max_get_challenge:16; /* Maximum size for get_challenge. */
181 unsigned int max_cmd_data:16; /* Maximum data size for a command. */
182 unsigned int max_rsp_data:16; /* Maximum size of a response. */
183 } extcap;
184
185 /* Flags used to control the application. */
186 struct
187 {
188 unsigned int no_sync:1; /* Do not sync CHV1 and CHV2 */
189 unsigned int def_chv2:1; /* Use 123456 for CHV2. */
190 } flags;
191
192 struct
193 {
194 unsigned int n_bits; /* Size of the modulus in bits. The rest
195 of this strucuire is only valid if
196 this is not 0. */
197 unsigned int e_bits; /* Size of the public exponent in bits. */
198 rsa_key_format_t format;
199 } keyattr[3];
200
201 };
202
203
204
205 /***** Local prototypes *****/
206 static unsigned long convert_sig_counter_value (const unsigned char *value,
207 size_t valuelen);
208 static unsigned long get_sig_counter (app_t app);
209 static gpg_error_t do_auth (app_t app, const char *keyidstr,
210 gpg_error_t (*pincb)(void*, const char *, char **),
211 void *pincb_arg,
212 const void *indata, size_t indatalen,
213 unsigned char **outdata, size_t *outdatalen);
214 static void parse_algorithm_attribute (app_t app, int keyno);
215 static gpg_error_t change_keyattr_from_string
216 (app_t app,
217 gpg_error_t (*pincb)(void*, const char *, char **),
218 void *pincb_arg,
219 const void *value, size_t valuelen);
220
221
222
223
224 \f
225 /* Deconstructor. */
226 static void
227 do_deinit (app_t app)
228 {
229 if (app && app->app_local)
230 {
231 struct cache_s *c, *c2;
232 int i;
233
234 for (c = app->app_local->cache; c; c = c2)
235 {
236 c2 = c->next;
237 xfree (c);
238 }
239
240 for (i=0; i < DIM (app->app_local->pk); i++)
241 {
242 xfree (app->app_local->pk[i].key);
243 app->app_local->pk[i].read_done = 0;
244 }
245 xfree (app->app_local);
246 app->app_local = NULL;
247 }
248 }
249
250
251 /* Wrapper around iso7816_get_data which first tries to get the data
252 from the cache. With GET_IMMEDIATE passed as true, the cache is
253 bypassed. With TRY_EXTLEN extended lengths APDUs are use if
254 supported by the card. */
255 static gpg_error_t
256 get_cached_data (app_t app, int tag,
257 unsigned char **result, size_t *resultlen,
258 int get_immediate, int try_extlen)
259 {
260 gpg_error_t err;
261 int i;
262 unsigned char *p;
263 size_t len;
264 struct cache_s *c;
265 int exmode;
266
267 *result = NULL;
268 *resultlen = 0;
269
270 if (!get_immediate)
271 {
272 for (c=app->app_local->cache; c; c = c->next)
273 if (c->tag == tag)
274 {
275 if(c->length)
276 {
277 p = xtrymalloc (c->length);
278 if (!p)
279 return gpg_error (gpg_err_code_from_errno (errno));
280 memcpy (p, c->data, c->length);
281 *result = p;
282 }
283
284 *resultlen = c->length;
285
286 return 0;
287 }
288 }
289
290 if (try_extlen && app->app_local->cardcap.ext_lc_le)
291 exmode = app->app_local->extcap.max_rsp_data;
292 else
293 exmode = 0;
294
295 err = iso7816_get_data (app->slot, exmode, tag, &p, &len);
296 if (err)
297 return err;
298 *result = p;
299 *resultlen = len;
300
301 /* Check whether we should cache this object. */
302 if (get_immediate)
303 return 0;
304
305 for (i=0; data_objects[i].tag; i++)
306 if (data_objects[i].tag == tag)
307 {
308 if (data_objects[i].dont_cache)
309 return 0;
310 break;
311 }
312
313 /* Okay, cache it. */
314 for (c=app->app_local->cache; c; c = c->next)
315 assert (c->tag != tag);
316
317 c = xtrymalloc (sizeof *c + len);
318 if (c)
319 {
320 memcpy (c->data, p, len);
321 c->length = len;
322 c->tag = tag;
323 c->next = app->app_local->cache;
324 app->app_local->cache = c;
325 }
326
327 return 0;
328 }
329
330 /* Remove DO at TAG from the cache. */
331 static void
332 flush_cache_item (app_t app, int tag)
333 {
334 struct cache_s *c, *cprev;
335 int i;
336
337 if (!app->app_local)
338 return;
339
340 for (c=app->app_local->cache, cprev=NULL; c ; cprev=c, c = c->next)
341 if (c->tag == tag)
342 {
343 if (cprev)
344 cprev->next = c->next;
345 else
346 app->app_local->cache = c->next;
347 xfree (c);
348
349 for (c=app->app_local->cache; c ; c = c->next)
350 {
351 assert (c->tag != tag); /* Oops: duplicated entry. */
352 }
353 return;
354 }
355
356 /* Try again if we have an outer tag. */
357 for (i=0; data_objects[i].tag; i++)
358 if (data_objects[i].tag == tag && data_objects[i].get_from
359 && data_objects[i].get_from != tag)
360 flush_cache_item (app, data_objects[i].get_from);
361 }
362
363 /* Flush all entries from the cache which might be out of sync after
364 an error. */
365 static void
366 flush_cache_after_error (app_t app)
367 {
368 int i;
369
370 for (i=0; data_objects[i].tag; i++)
371 if (data_objects[i].flush_on_error)
372 flush_cache_item (app, data_objects[i].tag);
373 }
374
375
376 /* Flush the entire cache. */
377 static void
378 flush_cache (app_t app)
379 {
380 if (app && app->app_local)
381 {
382 struct cache_s *c, *c2;
383
384 for (c = app->app_local->cache; c; c = c2)
385 {
386 c2 = c->next;
387 xfree (c);
388 }
389 app->app_local->cache = NULL;
390 }
391 }
392
393
394 /* Get the DO identified by TAG from the card in SLOT and return a
395 buffer with its content in RESULT and NBYTES. The return value is
396 NULL if not found or a pointer which must be used to release the
397 buffer holding value. */
398 static void *
399 get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
400 int *r_rc)
401 {
402 int rc, i;
403 unsigned char *buffer;
404 size_t buflen;
405 unsigned char *value;
406 size_t valuelen;
407 int dummyrc;
408 int exmode;
409
410 if (!r_rc)
411 r_rc = &dummyrc;
412
413 *result = NULL;
414 *nbytes = 0;
415 *r_rc = 0;
416 for (i=0; data_objects[i].tag && data_objects[i].tag != tag; i++)
417 ;
418
419 if (app->card_version > 0x0100 && data_objects[i].get_immediate_in_v11)
420 {
421 if (data_objects[i].try_extlen && app->app_local->cardcap.ext_lc_le)
422 exmode = app->app_local->extcap.max_rsp_data;
423 else
424 exmode = 0;
425 rc = iso7816_get_data (app->slot, exmode, tag, &buffer, &buflen);
426 if (rc)
427 {
428 *r_rc = rc;
429 return NULL;
430 }
431 *result = buffer;
432 *nbytes = buflen;
433 return buffer;
434 }
435
436 value = NULL;
437 rc = -1;
438 if (data_objects[i].tag && data_objects[i].get_from)
439 {
440 rc = get_cached_data (app, data_objects[i].get_from,
441 &buffer, &buflen,
442 (data_objects[i].dont_cache
443 || data_objects[i].get_immediate_in_v11),
444 data_objects[i].try_extlen);
445 if (!rc)
446 {
447 const unsigned char *s;
448
449 s = find_tlv_unchecked (buffer, buflen, tag, &valuelen);
450 if (!s)
451 value = NULL; /* not found */
452 else if (valuelen > buflen - (s - buffer))
453 {
454 log_error ("warning: constructed DO too short\n");
455 value = NULL;
456 xfree (buffer); buffer = NULL;
457 }
458 else
459 value = buffer + (s - buffer);
460 }
461 }
462
463 if (!value) /* Not in a constructed DO, try simple. */
464 {
465 rc = get_cached_data (app, tag, &buffer, &buflen,
466 (data_objects[i].dont_cache
467 || data_objects[i].get_immediate_in_v11),
468 data_objects[i].try_extlen);
469 if (!rc)
470 {
471 value = buffer;
472 valuelen = buflen;
473 }
474 }
475
476 if (!rc)
477 {
478 *nbytes = valuelen;
479 *result = value;
480 return buffer;
481 }
482 *r_rc = rc;
483 return NULL;
484 }
485
486
487 static void
488 dump_all_do (int slot)
489 {
490 int rc, i, j;
491 unsigned char *buffer;
492 size_t buflen;
493
494 for (i=0; data_objects[i].tag; i++)
495 {
496 if (data_objects[i].get_from)
497 continue;
498
499 /* We don't try extended length APDU because such large DO would
500 be pretty useless in a log file. */
501 rc = iso7816_get_data (slot, 0, data_objects[i].tag, &buffer, &buflen);
502 if (gpg_err_code (rc) == GPG_ERR_NO_OBJ)
503 ;
504 else if (rc)
505 log_info ("DO `%s' not available: %s\n",
506 data_objects[i].desc, gpg_strerror (rc));
507 else
508 {
509 if (data_objects[i].binary)
510 {
511 log_info ("DO `%s': ", data_objects[i].desc);
512 log_printhex ("", buffer, buflen);
513 }
514 else
515 log_info ("DO `%s': `%.*s'\n",
516 data_objects[i].desc,
517 (int)buflen, buffer); /* FIXME: sanitize */
518
519 if (data_objects[i].constructed)
520 {
521 for (j=0; data_objects[j].tag; j++)
522 {
523 const unsigned char *value;
524 size_t valuelen;
525
526 if (j==i || data_objects[i].tag != data_objects[j].get_from)
527 continue;
528 value = find_tlv_unchecked (buffer, buflen,
529 data_objects[j].tag, &valuelen);
530 if (!value)
531 ; /* not found */
532 else if (valuelen > buflen - (value - buffer))
533 log_error ("warning: constructed DO too short\n");
534 else
535 {
536 if (data_objects[j].binary)
537 {
538 log_info ("DO `%s': ", data_objects[j].desc);
539 if (valuelen > 200)
540 log_info ("[%u]\n", (unsigned int)valuelen);
541 else
542 log_printhex ("", value, valuelen);
543 }
544 else
545 log_info ("DO `%s': `%.*s'\n",
546 data_objects[j].desc,
547 (int)valuelen, value); /* FIXME: sanitize */
548 }
549 }
550 }
551 }
552 xfree (buffer); buffer = NULL;
553 }
554 }
555
556
557 /* Count the number of bits, assuming the A represents an unsigned big
558 integer of length LEN bytes. */
559 static unsigned int
560 count_bits (const unsigned char *a, size_t len)
561 {
562 unsigned int n = len * 8;
563 int i;
564
565 for (; len && !*a; len--, a++, n -=8)
566 ;
567 if (len)
568 {
569 for (i=7; i && !(*a & (1<<i)); i--)
570 n--;
571 }
572 return n;
573 }
574
575 /* GnuPG makes special use of the login-data DO, this function parses
576 the login data to store the flags for later use. It may be called
577 at any time and should be called after changing the login-data DO.
578
579 Everything up to a LF is considered a mailbox or account name. If
580 the first LF is followed by DC4 (0x14) control sequence are
581 expected up to the next LF. Control sequences are separated by FS
582 (0x18) and consist of key=value pairs. There is one key defined:
583
584 F=<flags>
585
586 Were FLAGS is a plain hexadecimal number representing flag values.
587 The lsb is here the rightmost bit. Defined flags bits are:
588
589 Bit 0 = CHV1 and CHV2 are not syncronized
590 Bit 1 = CHV2 has been been set to the default PIN of "123456"
591 (this implies that bit 0 is also set).
592
593 */
594 static void
595 parse_login_data (app_t app)
596 {
597 unsigned char *buffer, *p;
598 size_t buflen, len;
599 void *relptr;
600
601 /* Set defaults. */
602 app->app_local->flags.no_sync = 0;
603 app->app_local->flags.def_chv2 = 0;
604
605 /* Read the DO. */
606 relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL);
607 if (!relptr)
608 return; /* Ooops. */
609 for (; buflen; buflen--, buffer++)
610 if (*buffer == '\n')
611 break;
612 if (buflen < 2 || buffer[1] != '\x14')
613 return; /* No control sequences. */
614 buflen--;
615 buffer++;
616 do
617 {
618 buflen--;
619 buffer++;
620 if (buflen > 1 && *buffer == 'F' && buffer[1] == '=')
621 {
622 /* Flags control sequence found. */
623 int lastdig = 0;
624
625 /* For now we are only interested in the last digit, so skip
626 any leading digits but bail out on invalid characters. */
627 for (p=buffer+2, len = buflen-2; len && hexdigitp (p); p++, len--)
628 lastdig = xtoi_1 (p);
629 if (len && !(*p == '\n' || *p == '\x18'))
630 goto next; /* Invalid characters in field. */
631 app->app_local->flags.no_sync = !!(lastdig & 1);
632 app->app_local->flags.def_chv2 = (lastdig & 3) == 3;
633 }
634 next:
635 for (; buflen && *buffer != '\x18'; buflen--, buffer++)
636 if (*buffer == '\n')
637 buflen = 1;
638 }
639 while (buflen);
640
641 xfree (relptr);
642 }
643
644 /* Note, that FPR must be at least 20 bytes. */
645 static gpg_error_t
646 store_fpr (app_t app, int keynumber, u32 timestamp,
647 const unsigned char *m, size_t mlen,
648 const unsigned char *e, size_t elen,
649 unsigned char *fpr, unsigned int card_version)
650 {
651 unsigned int n, nbits;
652 unsigned char *buffer, *p;
653 int tag, tag2;
654 int rc;
655
656 for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
657 ;
658 for (; elen && !*e; elen--, e++) /* strip leading zeroes */
659 ;
660
661 n = 6 + 2 + mlen + 2 + elen;
662 p = buffer = xtrymalloc (3 + n);
663 if (!buffer)
664 return gpg_error_from_syserror ();
665
666 *p++ = 0x99; /* ctb */
667 *p++ = n >> 8; /* 2 byte length header */
668 *p++ = n;
669 *p++ = 4; /* key packet version */
670 *p++ = timestamp >> 24;
671 *p++ = timestamp >> 16;
672 *p++ = timestamp >> 8;
673 *p++ = timestamp;
674 *p++ = 1; /* RSA */
675 nbits = count_bits (m, mlen);
676 *p++ = nbits >> 8;
677 *p++ = nbits;
678 memcpy (p, m, mlen); p += mlen;
679 nbits = count_bits (e, elen);
680 *p++ = nbits >> 8;
681 *p++ = nbits;
682 memcpy (p, e, elen); p += elen;
683
684 gcry_md_hash_buffer (GCRY_MD_SHA1, fpr, buffer, n+3);
685
686 xfree (buffer);
687
688 tag = (card_version > 0x0007? 0xC7 : 0xC6) + keynumber;
689 flush_cache_item (app, tag);
690 tag2 = 0xCE + keynumber;
691 flush_cache_item (app, tag2);
692
693 rc = iso7816_put_data (app->slot, 0, tag, fpr, 20);
694 if (rc)
695 log_error (_("failed to store the fingerprint: %s\n"),gpg_strerror (rc));
696
697 if (!rc && card_version > 0x0100)
698 {
699 unsigned char buf[4];
700
701 buf[0] = timestamp >> 24;
702 buf[1] = timestamp >> 16;
703 buf[2] = timestamp >> 8;
704 buf[3] = timestamp;
705
706 rc = iso7816_put_data (app->slot, 0, tag2, buf, 4);
707 if (rc)
708 log_error (_("failed to store the creation date: %s\n"),
709 gpg_strerror (rc));
710 }
711
712 return rc;
713 }
714
715
716 static void
717 send_fpr_if_not_null (ctrl_t ctrl, const char *keyword,
718 int number, const unsigned char *fpr)
719 {
720 int i;
721 char buf[41];
722 char numbuf[25];
723
724 for (i=0; i < 20 && !fpr[i]; i++)
725 ;
726 if (i==20)
727 return; /* All zero. */
728 bin2hex (fpr, 20, buf);
729 if (number == -1)
730 *numbuf = 0; /* Don't print the key number */
731 else
732 sprintf (numbuf, "%d", number);
733 send_status_info (ctrl, keyword,
734 numbuf, (size_t)strlen(numbuf),
735 buf, (size_t)strlen (buf), NULL, 0);
736 }
737
738 static void
739 send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword,
740 int number, const unsigned char *stamp)
741 {
742 char numbuf1[50], numbuf2[50];
743 unsigned long value;
744
745 value = (stamp[0] << 24) | (stamp[1]<<16) | (stamp[2]<<8) | stamp[3];
746 if (!value)
747 return;
748 sprintf (numbuf1, "%d", number);
749 sprintf (numbuf2, "%lu", value);
750 send_status_info (ctrl, keyword,
751 numbuf1, (size_t)strlen(numbuf1),
752 numbuf2, (size_t)strlen(numbuf2), NULL, 0);
753 }
754
755 static void
756 send_key_data (ctrl_t ctrl, const char *name,
757 const unsigned char *a, size_t alen)
758 {
759 char *buf;
760
761 buf = bin2hex (a, alen, NULL);
762 if (!buf)
763 {
764 log_error ("memory allocation error in send_key_data\n");
765 return;
766 }
767
768 send_status_info (ctrl, "KEY-DATA",
769 name, (size_t)strlen(name),
770 buf, (size_t)strlen (buf),
771 NULL, 0);
772 xfree (buf);
773 }
774
775
776 static void
777 send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number)
778 {
779 char buffer[200];
780
781 assert (number >=0 && number < DIM(app->app_local->keyattr));
782
783 /* We only support RSA thus the algo identifier is fixed to 1. */
784 snprintf (buffer, sizeof buffer, "%d 1 %u %u %d",
785 number+1,
786 app->app_local->keyattr[number].n_bits,
787 app->app_local->keyattr[number].e_bits,
788 app->app_local->keyattr[number].format);
789 send_status_direct (ctrl, keyword, buffer);
790 }
791
792
793 /* Implement the GETATTR command. This is similar to the LEARN
794 command but returns just one value via the status interface. */
795 static gpg_error_t
796 do_getattr (app_t app, ctrl_t ctrl, const char *name)
797 {
798 static struct {
799 const char *name;
800 int tag;
801 int special;
802 } table[] = {
803 { "DISP-NAME", 0x005B },
804 { "LOGIN-DATA", 0x005E },
805 { "DISP-LANG", 0x5F2D },
806 { "DISP-SEX", 0x5F35 },
807 { "PUBKEY-URL", 0x5F50 },
808 { "KEY-FPR", 0x00C5, 3 },
809 { "KEY-TIME", 0x00CD, 4 },
810 { "KEY-ATTR", 0x0000, -5 },
811 { "CA-FPR", 0x00C6, 3 },
812 { "CHV-STATUS", 0x00C4, 1 },
813 { "SIG-COUNTER", 0x0093, 2 },
814 { "SERIALNO", 0x004F, -1 },
815 { "AID", 0x004F },
816 { "EXTCAP", 0x0000, -2 },
817 { "PRIVATE-DO-1", 0x0101 },
818 { "PRIVATE-DO-2", 0x0102 },
819 { "PRIVATE-DO-3", 0x0103 },
820 { "PRIVATE-DO-4", 0x0104 },
821 { "$AUTHKEYID", 0x0000, -3 },
822 { "$DISPSERIALNO",0x0000, -4 },
823 { NULL, 0 }
824 };
825 int idx, i, rc;
826 void *relptr;
827 unsigned char *value;
828 size_t valuelen;
829
830 for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
831 ;
832 if (!table[idx].name)
833 return gpg_error (GPG_ERR_INV_NAME);
834
835 if (table[idx].special == -1)
836 {
837 /* The serial number is very special. We could have used the
838 AID DO to retrieve it, but we have it already in the app
839 context and the stamp argument is required anyway which we
840 can't by other means. The AID DO is available anyway but not
841 hex formatted. */
842 char *serial;
843 time_t stamp;
844 char tmp[50];
845
846 if (!app_get_serial_and_stamp (app, &serial, &stamp))
847 {
848 sprintf (tmp, "%lu", (unsigned long)stamp);
849 send_status_info (ctrl, "SERIALNO",
850 serial, strlen (serial),
851 tmp, strlen (tmp),
852 NULL, 0);
853 xfree (serial);
854 }
855 return 0;
856 }
857 if (table[idx].special == -2)
858 {
859 char tmp[100];
860
861 snprintf (tmp, sizeof tmp,
862 "gc=%d ki=%d fc=%d pd=%d mcl3=%u aac=%d sm=%d",
863 app->app_local->extcap.get_challenge,
864 app->app_local->extcap.key_import,
865 app->app_local->extcap.change_force_chv,
866 app->app_local->extcap.private_dos,
867 app->app_local->extcap.max_certlen_3,
868 app->app_local->extcap.algo_attr_change,
869 (app->app_local->extcap.sm_supported
870 ? (app->app_local->extcap.sm_aes128? 7 : 2)
871 : 0));
872 send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
873 return 0;
874 }
875 if (table[idx].special == -3)
876 {
877 char const tmp[] = "OPENPGP.3";
878 send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
879 return 0;
880 }
881 if (table[idx].special == -4)
882 {
883 char *serial;
884 time_t stamp;
885
886 if (!app_get_serial_and_stamp (app, &serial, &stamp))
887 {
888 if (strlen (serial) > 16+12)
889 {
890 send_status_info (ctrl, table[idx].name, serial+16, 12, NULL, 0);
891 xfree (serial);
892 return 0;
893 }
894 xfree (serial);
895 }
896 return gpg_error (GPG_ERR_INV_NAME);
897 }
898 if (table[idx].special == -5)
899 {
900 for (i=0; i < 3; i++)
901 send_key_attr (ctrl, app, table[idx].name, i);
902 return 0;
903 }
904
905 relptr = get_one_do (app, table[idx].tag, &value, &valuelen, &rc);
906 if (relptr)
907 {
908 if (table[idx].special == 1)
909 {
910 char numbuf[7*23];
911
912 for (i=0,*numbuf=0; i < valuelen && i < 7; i++)
913 sprintf (numbuf+strlen (numbuf), " %d", value[i]);
914 send_status_info (ctrl, table[idx].name,
915 numbuf, strlen (numbuf), NULL, 0);
916 }
917 else if (table[idx].special == 2)
918 {
919 char numbuf[50];
920
921 sprintf (numbuf, "%lu", convert_sig_counter_value (value, valuelen));
922 send_status_info (ctrl, table[idx].name,
923 numbuf, strlen (numbuf), NULL, 0);
924 }
925 else if (table[idx].special == 3)
926 {
927 if (valuelen >= 60)
928 for (i=0; i < 3; i++)
929 send_fpr_if_not_null (ctrl, table[idx].name, i+1, value+i*20);
930 }
931 else if (table[idx].special == 4)
932 {
933 if (valuelen >= 12)
934 for (i=0; i < 3; i++)
935 send_fprtime_if_not_null (ctrl, table[idx].name, i+1, value+i*4);
936 }
937 else
938 send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
939
940 xfree (relptr);
941 }
942 return rc;
943 }
944
945 /* Retrieve the fingerprint from the card inserted in SLOT and write
946 the according hex representation to FPR. Caller must have provide
947 a buffer at FPR of least 41 bytes. Returns 0 on success or an
948 error code. */
949 #if GNUPG_MAJOR_VERSION > 1
950 static gpg_error_t
951 retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
952 {
953 gpg_error_t err = 0;
954 void *relptr;
955 unsigned char *value;
956 size_t valuelen;
957
958 assert (keyno >=0 && keyno <= 2);
959
960 relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
961 if (relptr && valuelen >= 60)
962 bin2hex (value+keyno*20, 20, fpr);
963 else
964 err = gpg_error (GPG_ERR_NOT_FOUND);
965 xfree (relptr);
966 return err;
967 }
968 #endif /*GNUPG_MAJOR_VERSION > 1*/
969
970
971 /* Retrieve the public key material for the RSA key, whose fingerprint
972 is FPR, from gpg output, which can be read through the stream FP.
973 The RSA modulus will be stored at the address of M and MLEN, the
974 public exponent at E and ELEN. Returns zero on success, an error
975 code on failure. Caller must release the allocated buffers at M
976 and E if the function returns success. */
977 #if GNUPG_MAJOR_VERSION > 1
978 static gpg_error_t
979 retrieve_key_material (FILE *fp, const char *hexkeyid,
980 const unsigned char **m, size_t *mlen,
981 const unsigned char **e, size_t *elen)
982 {
983 gcry_error_t err = 0;
984 char *line = NULL; /* read_line() buffer. */
985 size_t line_size = 0; /* Helper for for read_line. */
986 int found_key = 0; /* Helper to find a matching key. */
987 unsigned char *m_new = NULL;
988 unsigned char *e_new = NULL;
989 size_t m_new_n = 0;
990 size_t e_new_n = 0;
991
992 /* Loop over all records until we have found the subkey
993 corresponding to the fingerprint. Inm general the first record
994 should be the pub record, but we don't rely on that. Given that
995 we only need to look at one key, it is sufficient to compare the
996 keyid so that we don't need to look at "fpr" records. */
997 for (;;)
998 {
999 char *p;
1000 char *fields[6];
1001 int nfields;
1002 size_t max_length;
1003 gcry_mpi_t mpi;
1004 int i;
1005
1006 max_length = 4096;
1007 i = read_line (fp, &line, &line_size, &max_length);
1008 if (!i)
1009 break; /* EOF. */
1010 if (i < 0)
1011 {
1012 err = gpg_error_from_syserror ();
1013 goto leave; /* Error. */
1014 }
1015 if (!max_length)
1016 {
1017 err = gpg_error (GPG_ERR_TRUNCATED);
1018 goto leave; /* Line truncated - we better stop processing. */
1019 }
1020
1021 /* Parse the line into fields. */
1022 for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
1023 {
1024 fields[nfields] = p;
1025 p = strchr (p, ':');
1026 if (p)
1027 *(p++) = 0;
1028 }
1029 if (!nfields)
1030 continue; /* No fields at all - skip line. */
1031
1032 if (!found_key)
1033 {
1034 if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
1035 && nfields > 4 && !strcmp (fields[4], hexkeyid))
1036 found_key = 1;
1037 continue;
1038 }
1039
1040 if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
1041 break; /* Next key - stop. */
1042
1043 if ( strcmp (fields[0], "pkd") )
1044 continue; /* Not a key data record. */
1045 i = 0; /* Avoid erroneous compiler warning. */
1046 if ( nfields < 4 || (i = atoi (fields[1])) < 0 || i > 1
1047 || (!i && m_new) || (i && e_new))
1048 {
1049 err = gpg_error (GPG_ERR_GENERAL);
1050 goto leave; /* Error: Invalid key data record or not an RSA key. */
1051 }
1052
1053 err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
1054 if (err)
1055 mpi = NULL;
1056 else if (!i)
1057 err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &m_new, &m_new_n, mpi);
1058 else
1059 err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &e_new, &e_new_n, mpi);
1060 gcry_mpi_release (mpi);
1061 if (err)
1062 goto leave;
1063 }
1064
1065 if (m_new && e_new)
1066 {
1067 *m = m_new;
1068 *mlen = m_new_n;
1069 m_new = NULL;
1070 *e = e_new;
1071 *elen = e_new_n;
1072 e_new = NULL;
1073 }
1074 else
1075 err = gpg_error (GPG_ERR_GENERAL);
1076
1077 leave:
1078 xfree (m_new);
1079 xfree (e_new);
1080 xfree (line);
1081 return err;
1082 }
1083 #endif /*GNUPG_MAJOR_VERSION > 1*/
1084
1085
1086 /* Get the public key for KEYNO and store it as an S-expresion with
1087 the APP handle. On error that field gets cleared. If we already
1088 know about the public key we will just return. Note that this does
1089 not mean a key is available; this is soley indicated by the
1090 presence of the app->app_local->pk[KEYNO-1].key field.
1091
1092 Note that GnuPG 1.x does not need this and it would be too time
1093 consuming to send it just for the fun of it. However, given that we
1094 use the same code in gpg 1.4, we can't use the gcry S-expresion
1095 here but need to open encode it. */
1096 #if GNUPG_MAJOR_VERSION > 1
1097 static gpg_error_t
1098 get_public_key (app_t app, int keyno)
1099 {
1100 gpg_error_t err = 0;
1101 unsigned char *buffer;
1102 const unsigned char *keydata, *m, *e;
1103 size_t buflen, keydatalen, mlen, elen;
1104 unsigned char *mbuf = NULL;
1105 unsigned char *ebuf = NULL;
1106 char *keybuf = NULL;
1107 char *keybuf_p;
1108
1109 if (keyno < 1 || keyno > 3)
1110 return gpg_error (GPG_ERR_INV_ID);
1111 keyno--;
1112
1113 /* Already cached? */
1114 if (app->app_local->pk[keyno].read_done)
1115 return 0;
1116
1117 xfree (app->app_local->pk[keyno].key);
1118 app->app_local->pk[keyno].key = NULL;
1119 app->app_local->pk[keyno].keylen = 0;
1120
1121 m = e = NULL; /* (avoid cc warning) */
1122
1123 if (app->card_version > 0x0100)
1124 {
1125 int exmode, le_value;
1126
1127 /* We may simply read the public key out of these cards. */
1128 if (app->app_local->cardcap.ext_lc_le)
1129 {
1130 exmode = 1; /* Use extended length. */
1131 le_value = app->app_local->extcap.max_rsp_data;
1132 }
1133 else
1134 {
1135 exmode = 0;
1136 le_value = 256; /* Use legacy value. */
1137 }
1138
1139 err = iso7816_read_public_key
1140 (app->slot, exmode,
1141 (const unsigned char*)(keyno == 0? "\xB6" :
1142 keyno == 1? "\xB8" : "\xA4"), 2,
1143 le_value,
1144 &buffer, &buflen);
1145 if (err)
1146 {
1147 log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
1148 goto leave;
1149 }
1150
1151 keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
1152 if (!keydata)
1153 {
1154 err = gpg_error (GPG_ERR_CARD);
1155 log_error (_("response does not contain the public key data\n"));
1156 goto leave;
1157 }
1158
1159 m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
1160 if (!m)
1161 {
1162 err = gpg_error (GPG_ERR_CARD);
1163 log_error (_("response does not contain the RSA modulus\n"));
1164 goto leave;
1165 }
1166
1167
1168 e = find_tlv (keydata, keydatalen, 0x0082, &elen);
1169 if (!e)
1170 {
1171 err = gpg_error (GPG_ERR_CARD);
1172 log_error (_("response does not contain the RSA public exponent\n"));
1173 goto leave;
1174 }
1175
1176 /* Prepend numbers with a 0 if needed. */
1177 if (mlen && (*m & 0x80))
1178 {
1179 mbuf = xtrymalloc ( mlen + 1);
1180 if (!mbuf)
1181 {
1182 err = gpg_error_from_syserror ();
1183 goto leave;
1184 }
1185 *mbuf = 0;
1186 memcpy (mbuf+1, m, mlen);
1187 mlen++;
1188 m = mbuf;
1189 }
1190 if (elen && (*e & 0x80))
1191 {
1192 ebuf = xtrymalloc ( elen + 1);
1193 if (!ebuf)
1194 {
1195 err = gpg_error_from_syserror ();
1196 goto leave;
1197 }
1198 *ebuf = 0;
1199 memcpy (ebuf+1, e, elen);
1200 elen++;
1201 e = ebuf;
1202 }
1203
1204 }
1205 else
1206 {
1207 /* Due to a design problem in v1.0 cards we can't get the public
1208 key out of these cards without doing a verify on CHV3.
1209 Clearly that is not an option and thus we try to locate the
1210 key using an external helper.
1211
1212 The helper we use here is gpg itself, which should know about
1213 the key in any case. */
1214
1215 char fpr[41];
1216 char *hexkeyid;
1217 char *command = NULL;
1218 FILE *fp;
1219 int ret;
1220
1221 buffer = NULL; /* We don't need buffer. */
1222
1223 err = retrieve_fpr_from_card (app, keyno, fpr);
1224 if (err)
1225 {
1226 log_error ("error while retrieving fpr from card: %s\n",
1227 gpg_strerror (err));
1228 goto leave;
1229 }
1230 hexkeyid = fpr + 24;
1231
1232 ret = estream_asprintf (&command,
1233 "gpg --list-keys --with-colons --with-key-data '%s'",
1234 fpr);
1235 if (ret < 0)
1236 {
1237 err = gpg_error_from_syserror ();
1238 goto leave;
1239 }
1240
1241 fp = popen (command, "r");
1242 xfree (command);
1243 if (!fp)
1244 {
1245 err = gpg_error_from_syserror ();
1246 log_error ("running gpg failed: %s\n", gpg_strerror (err));
1247 goto leave;
1248 }
1249
1250 err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
1251 fclose (fp);
1252 if (err)
1253 {
1254 log_error ("error while retrieving key material through pipe: %s\n",
1255 gpg_strerror (err));
1256 goto leave;
1257 }
1258 }
1259
1260 /* Allocate a buffer to construct the S-expression. */
1261 /* FIXME: We should provide a generalized S-expression creation
1262 mechanism. */
1263 keybuf = xtrymalloc (50 + 2*35 + mlen + elen + 1);
1264 if (!keybuf)
1265 {
1266 err = gpg_error_from_syserror ();
1267 goto leave;
1268 }
1269
1270 sprintf (keybuf, "(10:public-key(3:rsa(1:n%u:", (unsigned int) mlen);
1271 keybuf_p = keybuf + strlen (keybuf);
1272 memcpy (keybuf_p, m, mlen);
1273 keybuf_p += mlen;
1274 sprintf (keybuf_p, ")(1:e%u:", (unsigned int)elen);
1275 keybuf_p += strlen (keybuf_p);
1276 memcpy (keybuf_p, e, elen);
1277 keybuf_p += elen;
1278 strcpy (keybuf_p, ")))");
1279 keybuf_p += strlen (keybuf_p);
1280
1281 app->app_local->pk[keyno].key = (unsigned char*)keybuf;
1282 app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);
1283
1284 leave:
1285 /* Set a flag to indicate that we tried to read the key. */
1286 app->app_local->pk[keyno].read_done = 1;
1287
1288 xfree (buffer);
1289 xfree (mbuf);
1290 xfree (ebuf);
1291 return 0;
1292 }
1293 #endif /* GNUPG_MAJOR_VERSION > 1 */
1294
1295
1296
1297 /* Send the KEYPAIRINFO back. KEYNO needs to be in the range [1,3].
1298 This is used by the LEARN command. */
1299 static gpg_error_t
1300 send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
1301 {
1302 gpg_error_t err = 0;
1303 /* Note that GnuPG 1.x does not need this and it would be too time
1304 consuming to send it just for the fun of it. */
1305 #if GNUPG_MAJOR_VERSION > 1
1306 unsigned char grip[20];
1307 char gripstr[41];
1308 char idbuf[50];
1309
1310 err = get_public_key (app, keyno);
1311 if (err)
1312 goto leave;
1313
1314 assert (keyno >= 1 && keyno <= 3);
1315 if (!app->app_local->pk[keyno-1].key)
1316 goto leave; /* No such key - ignore. */
1317
1318 err = keygrip_from_canon_sexp (app->app_local->pk[keyno-1].key,
1319 app->app_local->pk[keyno-1].keylen,
1320 grip);
1321 if (err)
1322 goto leave;
1323
1324 bin2hex (grip, 20, gripstr);
1325
1326 sprintf (idbuf, "OPENPGP.%d", keyno);
1327 send_status_info (ctrl, "KEYPAIRINFO",
1328 gripstr, 40,
1329 idbuf, strlen (idbuf),
1330 NULL, (size_t)0);
1331
1332 leave:
1333 #endif /* GNUPG_MAJOR_VERSION > 1 */
1334
1335 return err;
1336 }
1337
1338
1339 /* Handle the LEARN command for OpenPGP. */
1340 static gpg_error_t
1341 do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
1342 {
1343 (void)flags;
1344
1345 do_getattr (app, ctrl, "EXTCAP");
1346 do_getattr (app, ctrl, "DISP-NAME");
1347 do_getattr (app, ctrl, "DISP-LANG");
1348 do_getattr (app, ctrl, "DISP-SEX");
1349 do_getattr (app, ctrl, "PUBKEY-URL");
1350 do_getattr (app, ctrl, "LOGIN-DATA");
1351 do_getattr (app, ctrl, "KEY-FPR");
1352 if (app->card_version > 0x0100)
1353 do_getattr (app, ctrl, "KEY-TIME");
1354 do_getattr (app, ctrl, "CA-FPR");
1355 do_getattr (app, ctrl, "CHV-STATUS");
1356 do_getattr (app, ctrl, "SIG-COUNTER");
1357 if (app->app_local->extcap.private_dos)
1358 {
1359 do_getattr (app, ctrl, "PRIVATE-DO-1");
1360 do_getattr (app, ctrl, "PRIVATE-DO-2");
1361 if (app->did_chv2)
1362 do_getattr (app, ctrl, "PRIVATE-DO-3");
1363 if (app->did_chv3)
1364 do_getattr (app, ctrl, "PRIVATE-DO-4");
1365 }
1366 send_keypair_info (app, ctrl, 1);
1367 send_keypair_info (app, ctrl, 2);
1368 send_keypair_info (app, ctrl, 3);
1369 /* Note: We do not send the Cardholder Certificate, because that is
1370 relativly long and for OpenPGP applications not really needed. */
1371 return 0;
1372 }
1373
1374
1375 /* Handle the READKEY command for OpenPGP. On success a canonical
1376 encoded S-expression with the public key will get stored at PK and
1377 its length (for assertions) at PKLEN; the caller must release that
1378 buffer. On error PK and PKLEN are not changed and an error code is
1379 returned. */
1380 static gpg_error_t
1381 do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
1382 {
1383 #if GNUPG_MAJOR_VERSION > 1
1384 gpg_error_t err;
1385 int keyno;
1386 unsigned char *buf;
1387
1388 if (!strcmp (keyid, "OPENPGP.1"))
1389 keyno = 1;
1390 else if (!strcmp (keyid, "OPENPGP.2"))
1391 keyno = 2;
1392 else if (!strcmp (keyid, "OPENPGP.3"))
1393 keyno = 3;
1394 else
1395 return gpg_error (GPG_ERR_INV_ID);
1396
1397 err = get_public_key (app, keyno);
1398 if (err)
1399 return err;
1400
1401 buf = app->app_local->pk[keyno-1].key;
1402 if (!buf)
1403 return gpg_error (GPG_ERR_NO_PUBKEY);
1404 *pklen = app->app_local->pk[keyno-1].keylen;;
1405 *pk = xtrymalloc (*pklen);
1406 if (!*pk)
1407 {
1408 err = gpg_error_from_syserror ();
1409 *pklen = 0;
1410 return err;
1411 }
1412 memcpy (*pk, buf, *pklen);
1413 return 0;
1414 #else
1415 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1416 #endif
1417 }
1418
1419 /* Read the standard certificate of an OpenPGP v2 card. It is
1420 returned in a freshly allocated buffer with that address stored at
1421 CERT and the length of the certificate stored at CERTLEN. CERTID
1422 needs to be set to "OPENPGP.3". */
1423 static gpg_error_t
1424 do_readcert (app_t app, const char *certid,
1425 unsigned char **cert, size_t *certlen)
1426 {
1427 #if GNUPG_MAJOR_VERSION > 1
1428 gpg_error_t err;
1429 unsigned char *buffer;
1430 size_t buflen;
1431 void *relptr;
1432
1433 *cert = NULL;
1434 *certlen = 0;
1435 if (strcmp (certid, "OPENPGP.3"))
1436 return gpg_error (GPG_ERR_INV_ID);
1437 if (!app->app_local->extcap.is_v2)
1438 return gpg_error (GPG_ERR_NOT_FOUND);
1439
1440 relptr = get_one_do (app, 0x7F21, &buffer, &buflen, NULL);
1441 if (!relptr)
1442 return gpg_error (GPG_ERR_NOT_FOUND);
1443
1444 if (!buflen)
1445 err = gpg_error (GPG_ERR_NOT_FOUND);
1446 else if (!(*cert = xtrymalloc (buflen)))
1447 err = gpg_error_from_syserror ();
1448 else
1449 {
1450 memcpy (*cert, buffer, buflen);
1451 *certlen = buflen;
1452 err = 0;
1453 }
1454 xfree (relptr);
1455 return err;
1456 #else
1457 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1458 #endif
1459 }
1460
1461
1462 /* Verify a CHV either using using the pinentry or if possibile by
1463 using a keypad. PINCB and PINCB_ARG describe the usual callback
1464 for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
1465 used with CHV1. PINVALUE is the address of a pointer which will
1466 receive a newly allocated block with the actual PIN (this is useful
1467 in case that PIN shall be used for another verify operation). The
1468 caller needs to free this value. If the function returns with
1469 success and NULL is stored at PINVALUE, the caller should take this
1470 as an indication that the keypad has been used.
1471 */
1472 static gpg_error_t
1473 verify_a_chv (app_t app,
1474 gpg_error_t (*pincb)(void*, const char *, char **),
1475 void *pincb_arg,
1476 int chvno, unsigned long sigcount, char **pinvalue)
1477 {
1478 int rc = 0;
1479 char *prompt_buffer = NULL;
1480 const char *prompt;
1481 iso7816_pininfo_t pininfo;
1482 int minlen = 6;
1483
1484 assert (chvno == 1 || chvno == 2);
1485
1486 *pinvalue = NULL;
1487
1488 if (chvno == 2 && app->app_local->flags.def_chv2)
1489 {
1490 /* Special case for def_chv2 mechanism. */
1491 if (opt.verbose)
1492 log_info (_("using default PIN as %s\n"), "CHV2");
1493 rc = iso7816_verify (app->slot, 0x82, "123456", 6);
1494 if (rc)
1495 {
1496 /* Verification of CHV2 with the default PIN failed,
1497 although the card pretends to have the default PIN set as
1498 CHV2. We better disable the def_chv2 flag now. */
1499 log_info (_("failed to use default PIN as %s: %s"
1500 " - disabling further default use\n"),
1501 "CHV2", gpg_strerror (rc));
1502 app->app_local->flags.def_chv2 = 0;
1503 }
1504 return rc;
1505 }
1506
1507 memset (&pininfo, 0, sizeof pininfo);
1508 pininfo.mode = 1;
1509 pininfo.minlen = minlen;
1510
1511
1512 if (chvno == 1)
1513 {
1514 #define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
1515 size_t promptsize = strlen (PROMPTSTRING) + 50;
1516
1517 prompt_buffer = xtrymalloc (promptsize);
1518 if (!prompt_buffer)
1519 return gpg_error_from_syserror ();
1520 snprintf (prompt_buffer, promptsize-1, PROMPTSTRING, sigcount);
1521 prompt = prompt_buffer;
1522 #undef PROMPTSTRING
1523 }
1524 else
1525 prompt = _("||Please enter the PIN");
1526
1527
1528 if (!opt.disable_keypad
1529 && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1530 {
1531 /* The reader supports the verify command through the keypad.
1532 Note that the pincb appends a text to the prompt telling the
1533 user to use the keypad. */
1534 rc = pincb (pincb_arg, prompt, NULL);
1535 prompt = NULL;
1536 xfree (prompt_buffer);
1537 prompt_buffer = NULL;
1538 if (rc)
1539 {
1540 log_info (_("PIN callback returned error: %s\n"),
1541 gpg_strerror (rc));
1542 return rc;
1543 }
1544 rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);
1545 /* Dismiss the prompt. */
1546 pincb (pincb_arg, NULL, NULL);
1547
1548 assert (!*pinvalue);
1549 }
1550 else
1551 {
1552 /* The reader has no keypad or we don't want to use it. */
1553 rc = pincb (pincb_arg, prompt, pinvalue);
1554 prompt = NULL;
1555 xfree (prompt_buffer);
1556 prompt_buffer = NULL;
1557 if (rc)
1558 {
1559 log_info (_("PIN callback returned error: %s\n"),
1560 gpg_strerror (rc));
1561 return rc;
1562 }
1563
1564 if (strlen (*pinvalue) < minlen)
1565 {
1566 log_error (_("PIN for CHV%d is too short;"
1567 " minimum length is %d\n"), chvno, minlen);
1568 xfree (*pinvalue);
1569 *pinvalue = NULL;
1570 return gpg_error (GPG_ERR_BAD_PIN);
1571 }
1572
1573 rc = iso7816_verify (app->slot, 0x80+chvno,
1574 *pinvalue, strlen (*pinvalue));
1575 }
1576
1577 if (rc)
1578 {
1579 log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
1580 xfree (*pinvalue);
1581 *pinvalue = NULL;
1582 flush_cache_after_error (app);
1583 }
1584
1585 return rc;
1586 }
1587
1588
1589 /* Verify CHV2 if required. Depending on the configuration of the
1590 card CHV1 will also be verified. */
1591 static gpg_error_t
1592 verify_chv2 (app_t app,
1593 gpg_error_t (*pincb)(void*, const char *, char **),
1594 void *pincb_arg)
1595 {
1596 int rc;
1597 char *pinvalue;
1598
1599 if (app->did_chv2)
1600 return 0; /* We already verified CHV2. */
1601
1602 rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
1603 if (rc)
1604 return rc;
1605 app->did_chv2 = 1;
1606
1607 if (!app->did_chv1 && !app->force_chv1 && pinvalue)
1608 {
1609 /* For convenience we verify CHV1 here too. We do this only if
1610 the card is not configured to require a verification before
1611 each CHV1 controlled operation (force_chv1) and if we are not
1612 using the keypad (PINVALUE == NULL). */
1613 rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
1614 if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
1615 rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
1616 if (rc)
1617 {
1618 log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
1619 flush_cache_after_error (app);
1620 }
1621 else
1622 app->did_chv1 = 1;
1623 }
1624
1625 xfree (pinvalue);
1626
1627 return rc;
1628 }
1629
1630
1631 /* Build the prompt to enter the Admin PIN. The prompt depends on the
1632 current sdtate of the card. */
1633 static gpg_error_t
1634 build_enter_admin_pin_prompt (app_t app, char **r_prompt)
1635 {
1636 void *relptr;
1637 unsigned char *value;
1638 size_t valuelen;
1639 int remaining;
1640 char *prompt;
1641
1642 *r_prompt = NULL;
1643
1644 relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
1645 if (!relptr || valuelen < 7)
1646 {
1647 log_error (_("error retrieving CHV status from card\n"));
1648 xfree (relptr);
1649 return gpg_error (GPG_ERR_CARD);
1650 }
1651 if (value[6] == 0)
1652 {
1653 log_info (_("card is permanently locked!\n"));
1654 xfree (relptr);
1655 return gpg_error (GPG_ERR_BAD_PIN);
1656 }
1657 remaining = value[6];
1658 xfree (relptr);
1659
1660 log_info(_("%d Admin PIN attempts remaining before card"
1661 " is permanently locked\n"), remaining);
1662
1663 if (remaining < 3)
1664 {
1665 /* TRANSLATORS: Do not translate the "|A|" prefix but keep it at
1666 the start of the string. Use %%0A to force a linefeed. */
1667 prompt = xtryasprintf (_("|A|Please enter the Admin PIN%%0A"
1668 "[remaining attempts: %d]"), remaining);
1669 }
1670 else
1671 prompt = xtrystrdup (_("|A|Please enter the Admin PIN"));
1672
1673 if (!prompt)
1674 return gpg_error_from_syserror ();
1675
1676 *r_prompt = prompt;
1677 return 0;
1678 }
1679
1680
1681 /* Verify CHV3 if required. */
1682 static gpg_error_t
1683 verify_chv3 (app_t app,
1684 gpg_error_t (*pincb)(void*, const char *, char **),
1685 void *pincb_arg)
1686 {
1687 int rc = 0;
1688
1689 #if GNUPG_MAJOR_VERSION != 1
1690 if (!opt.allow_admin)
1691 {
1692 log_info (_("access to admin commands is not configured\n"));
1693 return gpg_error (GPG_ERR_EACCES);
1694 }
1695 #endif
1696
1697 if (!app->did_chv3)
1698 {
1699 iso7816_pininfo_t pininfo;
1700 int minlen = 8;
1701 char *prompt;
1702
1703 memset (&pininfo, 0, sizeof pininfo);
1704 pininfo.mode = 1;
1705 pininfo.minlen = minlen;
1706
1707 rc = build_enter_admin_pin_prompt (app, &prompt);
1708 if (rc)
1709 return rc;
1710
1711 if (!opt.disable_keypad
1712 && !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1713 {
1714 /* The reader supports the verify command through the keypad. */
1715 rc = pincb (pincb_arg, prompt, NULL);
1716 xfree (prompt);
1717 prompt = NULL;
1718 if (rc)
1719 {
1720 log_info (_("PIN callback returned error: %s\n"),
1721 gpg_strerror (rc));
1722 return rc;
1723 }
1724 rc = iso7816_verify_kp (app->slot, 0x83, "", 0, &pininfo);
1725 /* Dismiss the prompt. */
1726 pincb (pincb_arg, NULL, NULL);
1727 }
1728 else
1729 {
1730 char *pinvalue;
1731
1732 rc = pincb (pincb_arg, prompt, &pinvalue);
1733 xfree (prompt);
1734 prompt = NULL;
1735 if (rc)
1736 {
1737 log_info (_("PIN callback returned error: %s\n"),
1738 gpg_strerror (rc));
1739 return rc;
1740 }
1741
1742 if (strlen (pinvalue) < minlen)
1743 {
1744 log_error (_("PIN for CHV%d is too short;"
1745 " minimum length is %d\n"), 3, minlen);
1746 xfree (pinvalue);
1747 return gpg_error (GPG_ERR_BAD_PIN);
1748 }
1749
1750 rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
1751 xfree (pinvalue);
1752 }
1753
1754 if (rc)
1755 {
1756 log_error (_("verify CHV%d failed: %s\n"), 3, gpg_strerror (rc));
1757 flush_cache_after_error (app);
1758 return rc;
1759 }
1760 app->did_chv3 = 1;
1761 }
1762 return rc;
1763 }
1764
1765
1766 /* Handle the SETATTR operation. All arguments are already basically
1767 checked. */
1768 static gpg_error_t
1769 do_setattr (app_t app, const char *name,
1770 gpg_error_t (*pincb)(void*, const char *, char **),
1771 void *pincb_arg,
1772 const unsigned char *value, size_t valuelen)
1773 {
1774 gpg_error_t rc;
1775 int idx;
1776 static struct {
1777 const char *name;
1778 int tag;
1779 int need_chv;
1780 int special;
1781 unsigned int need_v2:1;
1782 } table[] = {
1783 { "DISP-NAME", 0x005B, 3 },
1784 { "LOGIN-DATA", 0x005E, 3, 2 },
1785 { "DISP-LANG", 0x5F2D, 3 },
1786 { "DISP-SEX", 0x5F35, 3 },
1787 { "PUBKEY-URL", 0x5F50, 3 },
1788 { "CHV-STATUS-1", 0x00C4, 3, 1 },
1789 { "CA-FPR-1", 0x00CA, 3 },
1790 { "CA-FPR-2", 0x00CB, 3 },
1791 { "CA-FPR-3", 0x00CC, 3 },
1792 { "PRIVATE-DO-1", 0x0101, 2 },
1793 { "PRIVATE-DO-2", 0x0102, 3 },
1794 { "PRIVATE-DO-3", 0x0103, 2 },
1795 { "PRIVATE-DO-4", 0x0104, 3 },
1796 { "CERT-3", 0x7F21, 3, 0, 1 },
1797 { "SM-KEY-ENC", 0x00D1, 3, 0, 1 },
1798 { "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
1799 { "KEY-ATTR", 0, 0, 3, 1 },
1800 { NULL, 0 }
1801 };
1802 int exmode;
1803
1804 for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
1805 ;
1806 if (!table[idx].name)
1807 return gpg_error (GPG_ERR_INV_NAME);
1808 if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
1809 return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */
1810
1811 if (table[idx].special == 3)
1812 return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
1813
1814 switch (table[idx].need_chv)
1815 {
1816 case 2:
1817 rc = verify_chv2 (app, pincb, pincb_arg);
1818 break;
1819 case 3:
1820 rc = verify_chv3 (app, pincb, pincb_arg);
1821 break;
1822 default:
1823 rc = 0;
1824 }
1825 if (rc)
1826 return rc;
1827
1828 /* Flush the cache before writing it, so that the next get operation
1829 will reread the data from the card and thus get synced in case of
1830 errors (e.g. data truncated by the card). */
1831 flush_cache_item (app, table[idx].tag);
1832
1833 if (app->app_local->cardcap.ext_lc_le && valuelen > 254)
1834 exmode = 1; /* Use extended length w/o a limit. */
1835 else if (app->app_local->cardcap.cmd_chaining && valuelen > 254)
1836 exmode = -254; /* Command chaining with max. 254 bytes. */
1837 else
1838 exmode = 0;
1839 rc = iso7816_put_data (app->slot, exmode, table[idx].tag, value, valuelen);
1840 if (rc)
1841 log_error ("failed to set `%s': %s\n", table[idx].name, gpg_strerror (rc));
1842
1843 if (table[idx].special == 1)
1844 app->force_chv1 = (valuelen && *value == 0);
1845 else if (table[idx].special == 2)
1846 parse_login_data (app);
1847
1848 return rc;
1849 }
1850
1851
1852 /* Handle the WRITECERT command for OpenPGP. This rites the standard
1853 certifciate to the card; CERTID needs to be set to "OPENPGP.3".
1854 PINCB and PINCB_ARG are the usual arguments for the pinentry
1855 callback. */
1856 static gpg_error_t
1857 do_writecert (app_t app, ctrl_t ctrl,
1858 const char *certidstr,
1859 gpg_error_t (*pincb)(void*, const char *, char **),
1860 void *pincb_arg,
1861 const unsigned char *certdata, size_t certdatalen)
1862 {
1863 (void)ctrl;
1864 #if GNUPG_MAJOR_VERSION > 1
1865 if (strcmp (certidstr, "OPENPGP.3"))
1866 return gpg_error (GPG_ERR_INV_ID);
1867 if (!certdata || !certdatalen)
1868 return gpg_error (GPG_ERR_INV_ARG);
1869 if (!app->app_local->extcap.is_v2)
1870 return gpg_error (GPG_ERR_NOT_SUPPORTED);
1871 if (certdatalen > app->app_local->extcap.max_certlen_3)
1872 return gpg_error (GPG_ERR_TOO_LARGE);
1873 return do_setattr (app, "CERT-3", pincb, pincb_arg, certdata, certdatalen);
1874 #else
1875 return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
1876 #endif
1877 }
1878
1879
1880
1881 /* Handle the PASSWD command. The following combinations are
1882 possible:
1883
1884 Flags CHVNO Vers. Description
1885 RESET 1 1 Verify CHV3 and set a new CHV1 and CHV2
1886 RESET 1 2 Verify PW3 and set a new PW1.
1887 RESET 2 1 Verify CHV3 and set a new CHV1 and CHV2.
1888 RESET 2 2 Verify PW3 and set a new Reset Code.
1889 RESET 3 any Returns GPG_ERR_INV_ID.
1890 - 1 1 Verify CHV2 and set a new CHV1 and CHV2.
1891 - 1 2 Verify PW1 and set a new PW1.
1892 - 2 1 Verify CHV2 and set a new CHV1 and CHV2.
1893 - 2 2 Verify Reset Code and set a new PW1.
1894 - 3 any Verify CHV3/PW3 and set a new CHV3/PW3.
1895 */
1896 static gpg_error_t
1897 do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
1898 unsigned int flags,
1899 gpg_error_t (*pincb)(void*, const char *, char **),
1900 void *pincb_arg)
1901 {
1902 int rc = 0;
1903 int chvno = atoi (chvnostr);
1904 char *resetcode = NULL;
1905 char *oldpinvalue = NULL;
1906 char *pinvalue;
1907 int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
1908 int set_resetcode = 0;
1909
1910 (void)ctrl;
1911
1912 if (reset_mode && chvno == 3)
1913 {
1914 rc = gpg_error (GPG_ERR_INV_ID);
1915 goto leave;
1916 }
1917
1918 if (!app->app_local->extcap.is_v2)
1919 {
1920 /* Version 1 cards. */
1921
1922 if (reset_mode || chvno == 3)
1923 {
1924 /* We always require that the PIN is entered. */
1925 app->did_chv3 = 0;
1926 rc = verify_chv3 (app, pincb, pincb_arg);
1927 if (rc)
1928 goto leave;
1929 }
1930 else if (chvno == 1 || chvno == 2)
1931 {
1932 /* On a v1.x card CHV1 and CVH2 should always have the same
1933 value, thus we enforce it here. */
1934 int save_force = app->force_chv1;
1935
1936 app->force_chv1 = 0;
1937 app->did_chv1 = 0;
1938 app->did_chv2 = 0;
1939 rc = verify_chv2 (app, pincb, pincb_arg);
1940 app->force_chv1 = save_force;
1941 if (rc)
1942 goto leave;
1943 }
1944 else
1945 {
1946 rc = gpg_error (GPG_ERR_INV_ID);
1947 goto leave;
1948 }
1949 }
1950 else
1951 {
1952 /* Version 2 cards. */
1953
1954 if (reset_mode)
1955 {
1956 /* To reset a PIN the Admin PIN is required. */
1957 app->did_chv3 = 0;
1958 rc = verify_chv3 (app, pincb, pincb_arg);
1959 if (rc)
1960 goto leave;
1961
1962 if (chvno == 2)
1963 set_resetcode = 1;
1964 }
1965 else if (chvno == 1 || chvno == 3)
1966 {
1967 int minlen = (chvno ==3)? 8 : 6;
1968 char *promptbuf = NULL;
1969 const char *prompt;
1970
1971 if (chvno == 3)
1972 {
1973 rc = build_enter_admin_pin_prompt (app, &promptbuf);
1974 if (rc)
1975 goto leave;
1976 prompt = promptbuf;
1977 }
1978 else
1979 prompt = _("||Please enter the PIN");
1980 rc = pincb (pincb_arg, prompt, &oldpinvalue);
1981 xfree (promptbuf);
1982 promptbuf = NULL;
1983 if (rc)
1984 {
1985 log_info (_("PIN callback returned error: %s\n"),
1986 gpg_strerror (rc));
1987 goto leave;
1988 }
1989
1990 if (strlen (oldpinvalue) < minlen)
1991 {
1992 log_info (_("PIN for CHV%d is too short;"
1993 " minimum length is %d\n"), chvno, minlen);
1994 rc = gpg_error (GPG_ERR_BAD_PIN);
1995 goto leave;
1996 }
1997 }
1998 else if (chvno == 2)
1999 {
2000 /* There is no PW2 for v2 cards. We use this condition to
2001 allow a PW reset using the Reset Code. */
2002 void *relptr;
2003 unsigned char *value;
2004 size_t valuelen;
2005 int remaining;
2006 int minlen = 8;
2007
2008 relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
2009 if (!relptr || valuelen < 7)
2010 {
2011 log_error (_("error retrieving CHV status from card\n"));
2012 xfree (relptr);
2013 rc = gpg_error (GPG_ERR_CARD);
2014 goto leave;
2015 }
2016 remaining = value[5];
2017 xfree (relptr);
2018 if (!remaining)
2019 {
2020 log_error (_("Reset Code not or not anymore available\n"));
2021 rc = gpg_error (GPG_ERR_BAD_PIN);
2022 goto leave;
2023 }
2024
2025 rc = pincb (pincb_arg,
2026 _("||Please enter the Reset Code for the card"),
2027 &resetcode);
2028 if (rc)
2029 {
2030 log_info (_("PIN callback returned error: %s\n"),
2031 gpg_strerror (rc));
2032 goto leave;
2033 }
2034 if (strlen (resetcode) < minlen)
2035 {
2036 log_info (_("Reset Code is too short; minimum length is %d\n"),
2037 minlen);
2038 rc = gpg_error (GPG_ERR_BAD_PIN);
2039 goto leave;
2040 }
2041 }
2042 else
2043 {
2044 rc = gpg_error (GPG_ERR_INV_ID);
2045 goto leave;
2046 }
2047 }
2048
2049 if (chvno == 3)
2050 app->did_chv3 = 0;
2051 else
2052 app->did_chv1 = app->did_chv2 = 0;
2053
2054 /* TRANSLATORS: Do not translate the "|*|" prefixes but
2055 keep it at the start of the string. We need this elsewhere
2056 to get some infos on the string. */
2057 rc = pincb (pincb_arg,
2058 set_resetcode? _("|RN|New Reset Code") :
2059 chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
2060 &pinvalue);
2061 if (rc)
2062 {
2063 log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
2064 goto leave;
2065 }
2066
2067
2068 if (resetcode)
2069 {
2070 char *buffer;
2071
2072 buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
2073 if (!buffer)
2074 rc = gpg_error_from_syserror ();
2075 else
2076 {
2077 strcpy (stpcpy (buffer, resetcode), pinvalue);
2078 rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
2079 buffer, strlen (buffer));
2080 wipememory (buffer, strlen (buffer));
2081 xfree (buffer);
2082 }
2083 }
2084 else if (set_resetcode)
2085 {
2086 if (strlen (pinvalue) < 8)
2087 {
2088 log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
2089 rc = gpg_error (GPG_ERR_BAD_PIN);
2090 }
2091 else
2092 rc = iso7816_put_data (app->slot, 0, 0xD3,
2093 pinvalue, strlen (pinvalue));
2094 }
2095 else if (reset_mode)
2096 {
2097 rc = iso7816_reset_retry_counter (app->slot, 0x81,
2098 pinvalue, strlen (pinvalue));
2099 if (!rc && !app->app_local->extcap.is_v2)
2100 rc = iso7816_reset_retry_counter (app->slot, 0x82,
2101 pinvalue, strlen (pinvalue));
2102 }
2103 else if (!app->app_local->extcap.is_v2)
2104 {
2105 /* Version 1 cards. */
2106 if (chvno == 1 || chvno == 2)
2107 {
2108 rc = iso7816_change_reference_data (app->slot, 0x81, NULL, 0,
2109 pinvalue, strlen (pinvalue));
2110 if (!rc)
2111 rc = iso7816_change_reference_data (app->slot, 0x82, NULL, 0,
2112 pinvalue, strlen (pinvalue));
2113 }
2114 else /* CHVNO == 3 */
2115 {
2116 rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, NULL, 0,
2117 pinvalue, strlen (pinvalue));
2118 }
2119 }
2120 else
2121 {
2122 /* Version 2 cards. */
2123 assert (chvno == 1 || chvno == 3);
2124
2125 rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
2126 oldpinvalue, strlen (oldpinvalue),
2127 pinvalue, strlen (pinvalue));
2128 }
2129
2130 if (pinvalue)
2131 {
2132 wipememory (pinvalue, strlen (pinvalue));
2133 xfree (pinvalue);
2134 }
2135 if (rc)
2136 flush_cache_after_error (app);
2137
2138 leave:
2139 if (resetcode)
2140 {
2141 wipememory (resetcode, strlen (resetcode));
2142 xfree (resetcode);
2143 }
2144 if (oldpinvalue)
2145 {
2146 wipememory (oldpinvalue, strlen (oldpinvalue));
2147 xfree (oldpinvalue);
2148 }
2149 return rc;
2150 }
2151
2152
2153 /* Check whether a key already exists. KEYIDX is the index of the key
2154 (0..2). If FORCE is TRUE a diagnositic will be printed but no
2155 error returned if the key already exists. The flag GENERATING is
2156 only used to print correct messages. */
2157 static gpg_error_t
2158 does_key_exist (app_t app, int keyidx, int generating, int force)
2159 {
2160 const unsigned char *fpr;
2161 unsigned char *buffer;
2162 size_t buflen, n;
2163 int i;
2164
2165 assert (keyidx >=0 && keyidx <= 2);
2166
2167 if (iso7816_get_data (app->slot, 0, 0x006E, &buffer, &buflen))
2168 {
2169 log_error (_("error reading application data\n"));
2170 return gpg_error (GPG_ERR_GENERAL);
2171 }
2172 fpr = find_tlv (buffer, buflen, 0x00C5, &n);
2173 if (!fpr || n < 60)
2174 {
2175 log_error (_("error reading fingerprint DO\n"));
2176 xfree (buffer);
2177 return gpg_error (GPG_ERR_GENERAL);
2178 }
2179 fpr += 20*keyidx;
2180 for (i=0; i < 20 && !fpr[i]; i++)
2181 ;
2182 xfree (buffer);
2183 if (i!=20 && !force)
2184 {
2185 log_error (_("key already exists\n"));
2186 return gpg_error (GPG_ERR_EEXIST);
2187 }
2188 else if (i!=20)
2189 log_info (_("existing key will be replaced\n"));
2190 else if (generating)
2191 log_info (_("generating new key\n"));
2192 else
2193 log_info (_("writing new key\n"));
2194 return 0;
2195 }
2196
2197
2198 /* Create a TLV tag and value and store it at BUFFER. Return the length
2199 of tag and length. A LENGTH greater than 65535 is truncated. */
2200 static size_t
2201 add_tlv (unsigned char *buffer, unsigned int tag, size_t length)
2202 {
2203 unsigned char *p = buffer;
2204
2205 assert (tag <= 0xffff);
2206 if ( tag > 0xff )
2207 *p++ = tag >> 8;
2208 *p++ = tag;
2209 if (length < 128)
2210 *p++ = length;
2211 else if (length < 256)
2212 {
2213 *p++ = 0x81;
2214 *p++ = length;
2215 }
2216 else
2217 {
2218 if (length > 0xffff)
2219 length = 0xffff;
2220 *p++ = 0x82;
2221 *p++ = length >> 8;
2222 *p++ = length;
2223 }
2224
2225 return p - buffer;
2226 }
2227
2228
2229 /* Build the private key template as specified in the OpenPGP specs
2230 v2.0 section 4.3.3.7. */
2231 static gpg_error_t
2232 build_privkey_template (app_t app, int keyno,
2233 const unsigned char *rsa_n, size_t rsa_n_len,
2234 const unsigned char *rsa_e, size_t rsa_e_len,
2235 const unsigned char *rsa_p, size_t rsa_p_len,
2236 const unsigned char *rsa_q, size_t rsa_q_len,
2237 unsigned char **result, size_t *resultlen)
2238 {
2239 size_t rsa_e_reqlen;
2240 unsigned char privkey[7*(1+3)];
2241 size_t privkey_len;
2242 unsigned char exthdr[2+2+3];
2243 size_t exthdr_len;
2244 unsigned char suffix[2+3];
2245 size_t suffix_len;
2246 unsigned char *tp;
2247 size_t datalen;
2248 unsigned char *template;
2249 size_t template_size;
2250
2251 *result = NULL;
2252 *resultlen = 0;
2253
2254 switch (app->app_local->keyattr[keyno].format)
2255 {
2256 case RSA_STD:
2257 case RSA_STD_N:
2258 break;
2259 case RSA_CRT:
2260 case RSA_CRT_N:
2261 return gpg_error (GPG_ERR_NOT_SUPPORTED);
2262
2263 default:
2264 return gpg_error (GPG_ERR_INV_VALUE);
2265 }
2266
2267 /* Get the required length for E. */
2268 rsa_e_reqlen = app->app_local->keyattr[keyno].e_bits/8;
2269 assert (rsa_e_len <= rsa_e_reqlen);
2270
2271 /* Build the 7f48 cardholder private key template. */
2272 datalen = 0;
2273 tp = privkey;
2274
2275 tp += add_tlv (tp, 0x91, rsa_e_reqlen);
2276 datalen += rsa_e_reqlen;
2277
2278 tp += add_tlv (tp, 0x92, rsa_p_len);
2279 datalen += rsa_p_len;
2280
2281 tp += add_tlv (tp, 0x93, rsa_q_len);
2282 datalen += rsa_q_len;
2283
2284 if (app->app_local->keyattr[keyno].format == RSA_STD_N
2285 || app->app_local->keyattr[keyno].format == RSA_CRT_N)
2286 {
2287 tp += add_tlv (tp, 0x97, rsa_n_len);
2288 datalen += rsa_n_len;
2289 }
2290 privkey_len = tp - privkey;
2291
2292 /* Build the extended header list without the private key template. */
2293 tp = exthdr;
2294 *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4;
2295 *tp++ = 0;
2296 tp += add_tlv (tp, 0x7f48, privkey_len);
2297 exthdr_len = tp - exthdr;
2298
2299 /* Build the 5f48 suffix of the data. */
2300 tp = suffix;
2301 tp += add_tlv (tp, 0x5f48, datalen);
2302 suffix_len = tp - suffix;
2303
2304 /* Now concatenate everything. */
2305 template_size = (1 + 3 /* 0x4d and len. */
2306 + exthdr_len
2307 + privkey_len
2308 + suffix_len
2309 + datalen);
2310 tp = template = xtrymalloc_secure (template_size);
2311 if (!template)
2312 return gpg_error_from_syserror ();
2313
2314 tp += add_tlv (tp, 0x4d, exthdr_len + privkey_len + suffix_len + datalen);
2315 memcpy (tp, exthdr, exthdr_len);
2316 tp += exthdr_len;
2317 memcpy (tp, privkey, privkey_len);
2318 tp += privkey_len;
2319 memcpy (tp, suffix, suffix_len);
2320 tp += suffix_len;
2321
2322 memcpy (tp, rsa_e, rsa_e_len);
2323 if (rsa_e_len < rsa_e_reqlen)
2324 {
2325 /* Right justify E. */
2326 memmove (tp + rsa_e_reqlen - rsa_e_len, tp, rsa_e_len);
2327 memset (tp, 0, rsa_e_reqlen - rsa_e_len);
2328 }
2329 tp += rsa_e_reqlen;
2330
2331 memcpy (tp, rsa_p, rsa_p_len);
2332 tp += rsa_p_len;
2333
2334 memcpy (tp, rsa_q, rsa_q_len);
2335 tp += rsa_q_len;
2336
2337 if (app->app_local->keyattr[keyno].format == RSA_STD_N
2338 || app->app_local->keyattr[keyno].format == RSA_CRT_N)
2339 {
2340 memcpy (tp, rsa_n, rsa_n_len);
2341 tp += rsa_n_len;
2342 }
2343
2344 /* Sanity check. We don't know the exact length because we
2345 allocated 3 bytes for the first length header. */
2346 assert (tp - template <= template_size);
2347
2348 *result = template;
2349 *resultlen = tp - template;
2350 return 0;
2351 }
2352
2353
2354 /* Helper for do_writekley to change the size of a key. Not ethat
2355 this deletes the entire key without asking. */
2356 static gpg_error_t
2357 change_keyattr (app_t app, int keyno, unsigned int nbits,
2358 gpg_error_t (*pincb)(void*, const char *, char **),
2359 void *pincb_arg)
2360 {
2361 gpg_error_t err;
2362 unsigned char *buffer;
2363 size_t buflen;
2364 void *relptr;
2365
2366 assert (keyno >=0 && keyno <= 2);
2367
2368 if (nbits > 3072)
2369 return gpg_error (GPG_ERR_TOO_LARGE);
2370
2371 /* Read the current attributes into a buffer. */
2372 relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL);
2373 if (!relptr)
2374 return gpg_error (GPG_ERR_CARD);
2375 if (buflen < 6 || buffer[0] != 1)
2376 {
2377 /* Attriutes too short or not an RSA key. */
2378 xfree (relptr);
2379 return gpg_error (GPG_ERR_CARD);
2380 }
2381
2382 /* We only change n_bits and don't touch anything else. Before we
2383 do so, we round up NBITS to a sensible way in the same way as
2384 gpg's key generation does it. This may help to sort out problems
2385 with a few bits too short keys. */
2386 nbits = ((nbits + 31) / 32) * 32;
2387 buffer[1] = (nbits >> 8);
2388 buffer[2] = nbits;
2389
2390 /* Prepare for storing the key. */
2391 err = verify_chv3 (app, pincb, pincb_arg);
2392 if (err)
2393 {
2394 xfree (relptr);
2395 return err;
2396 }
2397
2398 /* Change the attribute. */
2399 err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buffer, buflen);
2400 xfree (relptr);
2401 if (err)
2402 log_error ("error changing size of key %d to %u bits\n", keyno+1, nbits);
2403 else
2404 log_info ("size of key %d changed to %u bits\n", keyno+1, nbits);
2405 flush_cache (app);
2406 parse_algorithm_attribute (app, keyno);
2407 app->did_chv1 = 0;
2408 app->did_chv2 = 0;
2409 app->did_chv3 = 0;
2410 return err;
2411 }
2412
2413
2414 /* Helper to process an setattr command for name KEY-ATTR. It expects
2415 a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN). */
2416 static gpg_error_t
2417 change_keyattr_from_string (app_t app,
2418 gpg_error_t (*pincb)(void*, const char *, char **),
2419 void *pincb_arg,
2420 const void *value, size_t valuelen)
2421 {
2422 gpg_error_t err;
2423 char *string;
2424 int keyno, algo;
2425 unsigned int nbits;
2426
2427 /* VALUE is expected to be a string but not guaranteed to be
2428 terminated. Thus copy it to an allocated buffer first. */
2429 string = xtrymalloc (valuelen+1);
2430 if (!string)
2431 return gpg_error_from_syserror ();
2432 memcpy (string, value, valuelen);
2433 string[valuelen] = 0;
2434
2435 /* Because this function deletes the key we require the string
2436 "--force" in the data to make clear that something serious might
2437 happen. */
2438 if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
2439 err = gpg_error (GPG_ERR_INV_DATA);
2440 else if (keyno < 1 || keyno > 3)
2441 err = gpg_error (GPG_ERR_INV_ID);
2442 else if (algo != 1)
2443 err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */
2444 else if (nbits < 1024)
2445 err = gpg_error (GPG_ERR_TOO_SHORT);
2446 else
2447 err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
2448
2449 xfree (string);
2450 return err;
2451 }
2452
2453
2454 /* Handle the WRITEKEY command for OpenPGP. This function expects a
2455 canonical encoded S-expression with the secret key in KEYDATA and
2456 its length (for assertions) in KEYDATALEN. KEYID needs to be the
2457 usual keyid which for OpenPGP is the string "OPENPGP.n" with
2458 n=1,2,3. Bit 0 of FLAGS indicates whether an existing key shall
2459 get overwritten. PINCB and PINCB_ARG are the usual arguments for
2460 the pinentry callback. */
2461 static gpg_error_t
2462 do_writekey (app_t app, ctrl_t ctrl,
2463 const char *keyid, unsigned int flags,
2464 gpg_error_t (*pincb)(void*, const char *, char **),
2465 void *pincb_arg,
2466 const unsigned char *keydata, size_t keydatalen)
2467 {
2468 gpg_error_t err;
2469 int force = (flags & 1);
2470 int keyno;
2471 const unsigned char *buf, *tok;
2472 size_t buflen, toklen;
2473 int depth, last_depth1, last_depth2;
2474 const unsigned char *rsa_n = NULL;
2475 const unsigned char *rsa_e = NULL;
2476 const unsigned char *rsa_p = NULL;
2477 const unsigned char *rsa_q = NULL;
2478 size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
2479 unsigned int nbits;
2480 unsigned int maxbits;
2481 unsigned char *template = NULL;
2482 unsigned char *tp;
2483 size_t template_len;
2484 unsigned char fprbuf[20];
2485 u32 created_at = 0;
2486
2487 (void)ctrl;
2488
2489 if (!strcmp (keyid, "OPENPGP.1"))
2490 keyno = 0;
2491 else if (!strcmp (keyid, "OPENPGP.2"))
2492 keyno = 1;
2493 else if (!strcmp (keyid, "OPENPGP.3"))
2494 keyno = 2;
2495 else
2496 return gpg_error (GPG_ERR_INV_ID);
2497
2498 err = does_key_exist (app, keyno, 0, force);
2499 if (err)
2500 return err;
2501
2502
2503 /*
2504 Parse the S-expression
2505 */
2506 buf = keydata;
2507 buflen = keydatalen;
2508 depth = 0;
2509 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2510 goto leave;
2511 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2512 goto leave;
2513 if (!tok || toklen != 11 || memcmp ("private-key", tok, toklen))
2514 {
2515 if (!tok)
2516 ;
2517 else if (toklen == 21 && !memcmp ("protected-private-key", tok, toklen))
2518 log_info ("protected-private-key passed to writekey\n");
2519 else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
2520 log_info ("shadowed-private-key passed to writekey\n");
2521 err = gpg_error (GPG_ERR_BAD_SECKEY);
2522 goto leave;
2523 }
2524 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2525 goto leave;
2526 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2527 goto leave;
2528 if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
2529 {
2530 err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
2531 goto leave;
2532 }
2533 last_depth1 = depth;
2534 while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
2535 && depth && depth >= last_depth1)
2536 {
2537 if (tok)
2538 {
2539 err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
2540 goto leave;
2541 }
2542 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2543 goto leave;
2544 if (tok && toklen == 1)
2545 {
2546 const unsigned char **mpi;
2547 size_t *mpi_len;
2548
2549 switch (*tok)
2550 {
2551 case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
2552 case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
2553 case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break;
2554 case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break;
2555 default: mpi = NULL; mpi_len = NULL; break;
2556 }
2557 if (mpi && *mpi)
2558 {
2559 err = gpg_error (GPG_ERR_DUP_VALUE);
2560 goto leave;
2561 }
2562 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2563 goto leave;
2564 if (tok && mpi)
2565 {
2566 /* Strip off leading zero bytes and save. */
2567 for (;toklen && !*tok; toklen--, tok++)
2568 ;
2569 *mpi = tok;
2570 *mpi_len = toklen;
2571 }
2572 }
2573 /* Skip until end of list. */
2574 last_depth2 = depth;
2575 while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
2576 && depth && depth >= last_depth2)
2577 ;
2578 if (err)
2579 goto leave;
2580 }
2581 /* Parse other attributes. */
2582 last_depth1 = depth;
2583 while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
2584 && depth && depth >= last_depth1)
2585 {
2586 if (tok)
2587 {
2588 err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
2589 goto leave;
2590 }
2591 if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
2592 goto leave;
2593 if (tok && toklen == 10 && !memcmp ("created-at", tok, toklen))
2594 {
2595 if ((err = parse_sexp (&buf,&buflen,&depth,&tok,&toklen)))
2596 goto leave;
2597 if (tok)
2598 {
2599 for (created_at=0; toklen && *tok && *tok >= '0' && *tok <= '9';
2600 tok++, toklen--)
2601 created_at = created_at*10 + (*tok - '0');
2602 }
2603 }
2604 /* Skip until end of list. */
2605 last_depth2 = depth;
2606 while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
2607 && depth && depth >= last_depth2)
2608 ;
2609 if (err)
2610 goto leave;
2611 }
2612
2613
2614 /* Check that we have all parameters and that they match the card
2615 description. */
2616 if (!created_at)
2617 {
2618 log_error (_("creation timestamp missing\n"));
2619 err = gpg_error (GPG_ERR_INV_VALUE);
2620 goto leave;
2621 }
2622
2623 maxbits = app->app_local->keyattr[keyno].n_bits;
2624 nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0;
2625 if (opt.verbose)
2626 log_info ("RSA modulus size is %u bits (%u bytes)\n",
2627 nbits, (unsigned int)rsa_n_len);
2628 if (nbits && nbits != maxbits
2629 && app->app_local->extcap.algo_attr_change)
2630 {
2631 /* Try to switch the key to a new length. */
2632 err = change_keyattr (app, keyno, nbits, pincb, pincb_arg);
2633 if (!err)
2634 maxbits = app->app_local->keyattr[keyno].n_bits;
2635 }
2636 if (nbits != maxbits)
2637 {
2638 log_error (_("RSA modulus missing or not of size %d bits\n"),
2639 (int)maxbits);
2640 err = gpg_error (GPG_ERR_BAD_SECKEY);
2641 goto leave;
2642 }
2643
2644 maxbits = app->app_local->keyattr[keyno].e_bits;
2645 if (maxbits > 32 && !app->app_local->extcap.is_v2)
2646 maxbits = 32; /* Our code for v1 does only support 32 bits. */
2647 nbits = rsa_e? count_bits (rsa_e, rsa_e_len) : 0;
2648 if (nbits < 2 || nbits > maxbits)
2649 {
2650 log_error (_("RSA public exponent missing or larger than %d bits\n"),
2651 (int)maxbits);
2652 err = gpg_error (GPG_ERR_BAD_SECKEY);
2653 goto leave;
2654 }
2655
2656 maxbits = app->app_local->keyattr[keyno].n_bits/2;
2657 nbits = rsa_p? count_bits (rsa_p, rsa_p_len) : 0;
2658 if (nbits != maxbits)
2659 {
2660 log_error (_("RSA prime %s missing or not of size %d bits\n"),
2661 "P", (int)maxbits);
2662 err = gpg_error (GPG_ERR_BAD_SECKEY);
2663 goto leave;
2664 }
2665 nbits = rsa_q? count_bits (rsa_q, rsa_q_len) : 0;
2666 if (nbits != maxbits)
2667 {
2668 log_error (_("RSA prime %s missing or not of size %d bits\n"),
2669 "Q", (int)maxbits);
2670 err = gpg_error (GPG_ERR_BAD_SECKEY);
2671 goto leave;
2672 }
2673
2674 /* We need to remove the cached public key. */
2675 xfree (app->app_local->pk[keyno].key);
2676 app->app_local->pk[keyno].key = NULL;
2677 app->app_local->pk[keyno].keylen = 0;
2678 app->app_local->pk[keyno].read_done = 0;
2679
2680
2681 if (app->app_local->extcap.is_v2)
2682 {
2683 /* Build the private key template as described in section 4.3.3.7 of
2684 the OpenPGP card specs version 2.0. */
2685 int exmode;
2686
2687 err = build_privkey_template (app, keyno,
2688 rsa_n, rsa_n_len,
2689 rsa_e, rsa_e_len,
2690 rsa_p, rsa_p_len,
2691 rsa_q, rsa_q_len,
2692 &template, &template_len);
2693 if (err)
2694 goto leave;
2695
2696 /* Prepare for storing the key. */
2697 err = verify_chv3 (app, pincb, pincb_arg);
2698 if (err)
2699 goto leave;
2700
2701 /* Store the key. */
2702 if (app->app_local->cardcap.ext_lc_le && template_len > 254)
2703 exmode = 1; /* Use extended length w/o a limit. */
2704 else if (app->app_local->cardcap.cmd_chaining && template_len > 254)
2705 exmode = -254;
2706 else
2707 exmode = 0;
2708 err = iso7816_put_data_odd (app->slot, exmode, 0x3fff,
2709 template, template_len);
2710 }
2711 else
2712 {
2713 /* Build the private key template as described in section 4.3.3.6 of
2714 the OpenPGP card specs version 1.1:
2715 0xC0 <length> public exponent
2716 0xC1 <length> prime p
2717 0xC2 <length> prime q
2718 */
2719 assert (rsa_e_len <= 4);
2720 template_len = (1 + 1 + 4
2721 + 1 + 1 + rsa_p_len
2722 + 1 + 1 + rsa_q_len);
2723 template = tp = xtrymalloc_secure (template_len);
2724 if (!template)
2725 {
2726 err = gpg_error_from_syserror ();
2727 goto leave;
2728 }
2729 *tp++ = 0xC0;
2730 *tp++ = 4;
2731 memcpy (tp, rsa_e, rsa_e_len);
2732 if (rsa_e_len < 4)
2733 {
2734 /* Right justify E. */
2735 memmove (tp+4-rsa_e_len, tp, rsa_e_len);
2736 memset (tp, 0, 4-rsa_e_len);
2737 }
2738 tp += 4;
2739
2740 *tp++ = 0xC1;
2741 *tp++ = rsa_p_len;
2742 memcpy (tp, rsa_p, rsa_p_len);
2743 tp += rsa_p_len;
2744
2745 *tp++ = 0xC2;
2746 *tp++ = rsa_q_len;
2747 memcpy (tp, rsa_q, rsa_q_len);
2748 tp += rsa_q_len;
2749
2750 assert (tp - template == template_len);
2751
2752 /* Prepare for storing the key. */
2753 err = verify_chv3 (app, pincb, pincb_arg);
2754 if (err)
2755 goto leave;
2756
2757 /* Store the key. */
2758 err = iso7816_put_data (app->slot, 0,
2759 (app->card_version > 0x0007? 0xE0:0xE9)+keyno,
2760 template, template_len);
2761 }
2762 if (err)
2763 {
2764 log_error (_("failed to store the key: %s\n"), gpg_strerror (err));
2765 goto leave;
2766 }
2767
2768 err = store_fpr (app, keyno, created_at,
2769 rsa_n, rsa_n_len, rsa_e, rsa_e_len,
2770 fprbuf, app->card_version);
2771 if (err)
2772 goto leave;
2773
2774
2775 leave:
2776 xfree (template);
2777 return err;
2778 }
2779
2780
2781 /* Handle the GENKEY command. */
2782 static gpg_error_t
2783 do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
2784 time_t createtime,
2785 gpg_error_t (*pincb)(void*, const char *, char **),
2786 void *pincb_arg)
2787 {
2788 int rc;
2789 char numbuf[30];
2790 unsigned char fprbuf[20];
2791 const unsigned char *keydata, *m, *e;
2792 unsigned char *buffer = NULL;
2793 size_t buflen, keydatalen, mlen, elen;
2794 time_t created_at;
2795 int keyno = atoi (keynostr);
2796 int force = (flags & 1);
2797 time_t start_at;
2798 int exmode;
2799 int le_value;
2800 unsigned int keybits;
2801
2802 if (keyno < 1 || keyno > 3)
2803 return gpg_error (GPG_ERR_INV_ID);
2804 keyno--;
2805
2806 /* We flush the cache to increase the traffic before a key
2807 generation. This _might_ help a card to gather more entropy. */
2808 flush_cache (app);
2809
2810 /* Obviously we need to remove the cached public key. */
2811 xfree (app->app_local->pk[keyno].key);
2812 app->app_local->pk[keyno].key = NULL;
2813 app->app_local->pk[keyno].keylen = 0;
2814 app->app_local->pk[keyno].read_done = 0;
2815
2816 /* Check whether a key already exists. */
2817 rc = does_key_exist (app, keyno, 1, force);
2818 if (rc)
2819 return rc;
2820
2821 /* Because we send the key parameter back via status lines we need
2822 to put a limit on the max. allowed keysize. 2048 bit will
2823 already lead to a 527 byte long status line and thus a 4096 bit
2824 key would exceed the Assuan line length limit. */
2825 keybits = app->app_local->keyattr[keyno].n_bits;
2826 if (keybits > 3072)
2827 return gpg_error (GPG_ERR_TOO_LARGE);
2828
2829 /* Prepare for key generation by verifying the Admin PIN. */
2830 rc = verify_chv3 (app, pincb, pincb_arg);
2831 if (rc)
2832 goto leave;
2833
2834 /* Test whether we will need extended length mode. (1900 is an
2835 arbitrary length which for sure fits into a short apdu.) */
2836 if (app->app_local->cardcap.ext_lc_le && keybits > 1900)
2837 {
2838 exmode = 1; /* Use extended length w/o a limit. */
2839 le_value = app->app_local->extcap.max_rsp_data;
2840 /* No need to check le_value because it comes from a 16 bit
2841 value and thus can't create an overflow on a 32 bit
2842 system. */
2843 }
2844 else
2845 {
2846 exmode = 0;
2847 le_value = 256; /* Use legacy value. */
2848 }
2849
2850 log_info (_("please wait while key is being generated ...\n"));
2851 start_at = time (NULL);
2852 rc = iso7816_generate_keypair
2853 /* # warning key generation temporary replaced by reading an existing key. */
2854 /* rc = iso7816_read_public_key */
2855 (app->slot, exmode,
2856 (const unsigned char*)(keyno == 0? "\xB6" :
2857 keyno == 1? "\xB8" : "\xA4"), 2,
2858 le_value,
2859 &buffer, &buflen);
2860 if (rc)
2861 {
2862 rc = gpg_error (GPG_ERR_CARD);
2863 log_error (_("generating key failed\n"));
2864 goto leave;
2865 }
2866 log_info (_("key generation completed (%d seconds)\n"),
2867 (int)(time (NULL) - start_at));
2868
2869 keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
2870 if (!keydata)
2871 {
2872 rc = gpg_error (GPG_ERR_CARD);
2873 log_error (_("response does not contain the public key data\n"));
2874 goto leave;
2875 }
2876
2877 m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
2878 if (!m)
2879 {
2880 rc = gpg_error (GPG_ERR_CARD);
2881 log_error (_("response does not contain the RSA modulus\n"));
2882 goto leave;
2883 }
2884 /* log_printhex ("RSA n:", m, mlen); */
2885 send_key_data (ctrl, "n", m, mlen);
2886
2887 e = find_tlv (keydata, keydatalen, 0x0082, &elen);
2888 if (!e)
2889 {
2890 rc = gpg_error (GPG_ERR_CARD);
2891 log_error (_("response does not contain the RSA public exponent\n"));
2892 goto leave;
2893 }
2894 /* log_printhex ("RSA e:", e, elen); */
2895 send_key_data (ctrl, "e", e, elen);
2896
2897 created_at = createtime? createtime : gnupg_get_time ();
2898 sprintf (numbuf, "%lu", (unsigned long)created_at);
2899 send_status_info (ctrl, "KEY-CREATED-AT",
2900 numbuf, (size_t)strlen(numbuf), NULL, 0);
2901
2902 rc = store_fpr (app, keyno, (u32)created_at,
2903 m, mlen, e, elen, fprbuf, app->card_version);
2904 if (rc)
2905 goto leave;
2906 send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
2907
2908
2909 leave:
2910 xfree (buffer);
2911 return rc;
2912 }
2913
2914
2915 static unsigned long
2916 convert_sig_counter_value (const unsigned char *value, size_t valuelen)
2917 {
2918 unsigned long ul;
2919
2920 if (valuelen == 3 )
2921 ul = (value[0] << 16) | (value[1] << 8) | value[2];
2922 else
2923 {
2924 log_error (_("invalid structure of OpenPGP card (DO 0x93)\n"));
2925 ul = 0;
2926 }
2927 return ul;
2928 }
2929
2930 static unsigned long
2931 get_sig_counter (app_t app)
2932 {
2933 void *relptr;
2934 unsigned char *value;
2935 size_t valuelen;
2936 unsigned long ul;
2937
2938 relptr = get_one_do (app, 0x0093, &value, &valuelen, NULL);
2939 if (!relptr)
2940 return 0;
2941 ul = convert_sig_counter_value (value, valuelen);
2942 xfree (relptr);
2943 return ul;
2944 }
2945
2946 static gpg_error_t
2947 compare_fingerprint (app_t app, int keyno, unsigned char *sha1fpr)
2948 {
2949 const unsigned char *fpr;
2950 unsigned char *buffer;
2951 size_t buflen, n;
2952 int rc, i;
2953
2954 assert (keyno >= 1 && keyno <= 3);
2955
2956 rc = get_cached_data (app, 0x006E, &buffer, &buflen, 0, 0);
2957 if (rc)
2958 {
2959 log_error (_("error reading application data\n"));
2960 return gpg_error (GPG_ERR_GENERAL);
2961 }
2962 fpr = find_tlv (buffer, buflen, 0x00C5, &n);
2963 if (!fpr || n != 60)
2964 {
2965 xfree (buffer);
2966 log_error (_("error reading fingerprint DO\n"));
2967 return gpg_error (GPG_ERR_GENERAL);
2968 }
2969 fpr += (keyno-1)*20;
2970 for (i=0; i < 20; i++)
2971 if (sha1fpr[i] != fpr[i])
2972 {
2973 xfree (buffer);
2974 log_info (_("fingerprint on card does not match requested one\n"));
2975 return gpg_error (GPG_ERR_WRONG_SECKEY);
2976 }
2977 xfree (buffer);
2978 return 0;
2979 }
2980
2981
2982 /* If a fingerprint has been specified check it against the one on the
2983 card. This allows for a meaningful error message in case the key
2984 on the card has been replaced but the shadow information known to
2985 gpg has not been updated. If there is no fingerprint we assume
2986 that this is okay. */
2987 static gpg_error_t
2988 check_against_given_fingerprint (app_t app, const char *fpr, int keyno)
2989 {
2990 unsigned char tmp[20];
2991 const char *s;
2992 int n;
2993
2994 for (s=fpr, n=0; hexdigitp (s); s++, n++)
2995 ;
2996 if (n != 40)
2997 return gpg_error (GPG_ERR_INV_ID);
2998 else if (!*s)
2999 ; /* okay */
3000 else
3001 return gpg_error (GPG_ERR_INV_ID);
3002
3003 for (s=fpr, n=0; n < 20; s += 2, n++)
3004 tmp[n] = xtoi_2 (s);
3005 return compare_fingerprint (app, keyno, tmp);
3006 }
3007
3008
3009
3010 /* Compute a digital signature on INDATA which is expected to be the
3011 raw message digest. For this application the KEYIDSTR consists of
3012 the serialnumber and the fingerprint delimited by a slash.
3013
3014 Note that this function may return the error code
3015 GPG_ERR_WRONG_CARD to indicate that the card currently present does
3016 not match the one required for the requested action (e.g. the
3017 serial number does not match).
3018
3019 As a special feature a KEYIDSTR of "OPENPGP.3" redirects the
3020 operation to the auth command.
3021 */
3022 static gpg_error_t
3023 do_sign (app_t app, const char *keyidstr, int hashalgo,
3024 gpg_error_t (*pincb)(void*, const char *, char **),
3025 void *pincb_arg,
3026 const void *indata, size_t indatalen,
3027 unsigned char **outdata, size_t *outdatalen )
3028 {
3029 static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
3030 { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
3031 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
3032 static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */
3033 { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
3034 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
3035 static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */
3036 { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
3037 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
3038 0x1C };
3039 static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */
3040 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
3041 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
3042 0x00, 0x04, 0x20 };
3043 static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */
3044 { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
3045 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
3046 0x00, 0x04, 0x30 };
3047 static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */
3048 { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
3049 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
3050 0x00, 0x04, 0x40 };
3051 int rc;
3052 unsigned char data[19+64];
3053 size_t datalen;
3054 unsigned char tmp_sn[20]; /* Actually 16 bytes but also for the fpr. */
3055 const char *s;
3056 int n;
3057 const char *fpr = NULL;
3058 unsigned long sigcount;
3059 int use_auth = 0;
3060 int exmode, le_value;
3061
3062 if (!keyidstr || !*keyidstr)
3063 return gpg_error (GPG_ERR_INV_VALUE);
3064
3065 /* Strip off known prefixes. */
3066 #define X(a,b,c,d) \
3067 if (hashalgo == GCRY_MD_ ## a \
3068 && (d) \
3069 && indatalen == sizeof b ## _prefix + (c) \
3070 && !memcmp (indata, b ## _prefix, sizeof b ## _prefix)) \
3071 { \
3072 indata = (const char*)indata + sizeof b ## _prefix; \
3073 indatalen -= sizeof b ## _prefix; \
3074 }
3075
3076 if (indatalen == 20)
3077 ; /* Assume a plain SHA-1 or RMD160 digest has been given. */
3078 else X(SHA1, sha1, 20, 1)
3079 else X(RMD160, rmd160, 20, 1)
3080 else X(SHA224, sha224, 28, app->app_local->extcap.is_v2)
3081 else X(SHA256, sha256, 32, app->app_local->extcap.is_v2)
3082 else X(SHA384, sha384, 48, app->app_local->extcap.is_v2)
3083 else X(SHA512, sha512, 64, app->app_local->extcap.is_v2)
3084 else if ((indatalen == 28 || indatalen == 32
3085 || indatalen == 48 || indatalen ==64)
3086 && app->app_local->extcap.is_v2)
3087 ; /* Assume a plain SHA-3 digest has been given. */
3088 else
3089 {
3090 log_error (_("card does not support digest algorithm %s\n"),
3091 gcry_md_algo_name (hashalgo));
3092 /* Or the supplied digest length does not match an algorithm. */
3093 return gpg_error (GPG_ERR_INV_VALUE);
3094 }
3095 #undef X
3096
3097 /* Check whether an OpenPGP card of any version has been requested. */
3098 if (!strcmp (keyidstr, "OPENPGP.1"))
3099 ;
3100 else if (!strcmp (keyidstr, "OPENPGP.3"))
3101 use_auth = 1;
3102 else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
3103 return gpg_error (GPG_ERR_INV_ID);
3104 else
3105 {
3106 for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
3107 ;
3108 if (n != 32)
3109 return gpg_error (GPG_ERR_INV_ID);
3110 else if (!*s)
3111 ; /* no fingerprint given: we allow this for now. */
3112 else if (*s == '/')
3113 fpr = s + 1;
3114 else
3115 return gpg_error (GPG_ERR_INV_ID);
3116
3117 for (s=keyidstr, n=0; n < 16; s += 2, n++)
3118 tmp_sn[n] = xtoi_2 (s);
3119
3120 if (app->serialnolen != 16)
3121 return gpg_error (GPG_ERR_INV_CARD);
3122 if (memcmp (app->serialno, tmp_sn, 16))
3123 return gpg_error (GPG_ERR_WRONG_CARD);
3124 }
3125
3126 /* If a fingerprint has been specified check it against the one on
3127 the card. This is allows for a meaningful error message in case
3128 the key on the card has been replaced but the shadow information
3129 known to gpg was not updated. If there is no fingerprint, gpg
3130 will detect a bogus signature anyway due to the
3131 verify-after-signing feature. */
3132 rc = fpr? check_against_given_fingerprint (app, fpr, 1) : 0;
3133 if (rc)
3134 return rc;
3135
3136 /* Concatenate prefix and digest. */
3137 #define X(a,b,d) \
3138 if (hashalgo == GCRY_MD_ ## a && (d) ) \
3139 { \
3140 datalen = sizeof b ## _prefix + indatalen; \
3141 assert (datalen <= sizeof data); \
3142 memcpy (data, b ## _prefix, sizeof b ## _prefix); \
3143 memcpy (data + sizeof b ## _prefix, indata, indatalen); \
3144 }
3145
3146 X(SHA1, sha1, 1)
3147 else X(RMD160, rmd160, 1)
3148 else X(SHA224, sha224, app->app_local->extcap.is_v2)
3149 else X(SHA256, sha256, app->app_local->extcap.is_v2)
3150 else X(SHA384, sha384, app->app_local->extcap.is_v2)
3151 else X(SHA512, sha512, app->app_local->extcap.is_v2)
3152 else
3153 return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
3154 #undef X
3155
3156 /* Redirect to the AUTH command if asked to. */
3157 if (use_auth)
3158 {
3159 return do_auth (app, "OPENPGP.3", pincb, pincb_arg,
3160 data, datalen,
3161 outdata, outdatalen);
3162 }
3163
3164 /* Show the number of signature done using this key. */
3165 sigcount = get_sig_counter (app);
3166 log_info (_("signatures created so far: %lu\n"), sigcount);
3167
3168 /* Check CHV if needed. */
3169 if (!app->did_chv1 || app->force_chv1 )
3170 {
3171 char *pinvalue;
3172
3173 rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
3174 if (rc)
3175 return rc;
3176
3177 app->did_chv1 = 1;
3178
3179 /* For cards with versions < 2 we want to keep CHV1 and CHV2 in
3180 sync, thus we verify CHV2 here using the given PIN. Cards
3181 with version2 to not have the need for a separate CHV2 and
3182 internally use just one. Obviously we can't do that if the
3183 keypad has been used. */
3184 if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
3185 {
3186 rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
3187 if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
3188 rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
3189 if (rc)
3190 {
3191 log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));
3192 xfree (pinvalue);
3193 flush_cache_after_error (app);
3194 return rc;
3195 }
3196 app->did_chv2 = 1;
3197 }
3198 xfree (pinvalue);
3199 }
3200
3201
3202 if (app->app_local->cardcap.ext_lc_le)
3203 {
3204 exmode = 1; /* Use extended length. */
3205 le_value = app->app_local->extcap.max_rsp_data;
3206 }
3207 else
3208 {
3209 exmode = 0;
3210 le_value = 0;
3211 }
3212 rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value,
3213 outdata, outdatalen);
3214 return rc;
3215 }
3216
3217 /* Compute a digital signature using the INTERNAL AUTHENTICATE command
3218 on INDATA which is expected to be the raw message digest. For this
3219 application the KEYIDSTR consists of the serialnumber and the
3220 fingerprint delimited by a slash. Optionally the id OPENPGP.3 may
3221 be given.
3222
3223 Note that this function may return the error code
3224 GPG_ERR_WRONG_CARD to indicate that the card currently present does
3225 not match the one required for the requested action (e.g. the
3226 serial number does not match). */
3227 static gpg_error_t
3228 do_auth (app_t app, const char *keyidstr,
3229 gpg_error_t (*pincb)(void*, const char *, char **),
3230 void *pincb_arg,
3231 const void *indata, size_t indatalen,
3232 unsigned char **outdata, size_t *outdatalen )
3233 {
3234 int rc;
3235 unsigned char tmp_sn[20]; /* Actually 16 but we use it also for the fpr. */
3236 const char *s;
3237 int n;
3238 const char *fpr = NULL;
3239
3240 if (!keyidstr || !*keyidstr)
3241 return gpg_error (GPG_ERR_INV_VALUE);
3242 if (indatalen > 101) /* For a 2048 bit key. */
3243 return gpg_error (GPG_ERR_INV_VALUE);
3244
3245 /* Check whether an OpenPGP card of any version has been requested. */
3246 if (!strcmp (keyidstr, "OPENPGP.3"))
3247 ;
3248 else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
3249 return gpg_error (GPG_ERR_INV_ID);
3250 else
3251 {
3252 for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
3253 ;
3254 if (n != 32)
3255 return gpg_error (GPG_ERR_INV_ID);
3256 else if (!*s)
3257 ; /* no fingerprint given: we allow this for now. */
3258 else if (*s == '/')
3259 fpr = s + 1;
3260 else
3261 return gpg_error (GPG_ERR_INV_ID);
3262
3263 for (s=keyidstr, n=0; n < 16; s += 2, n++)
3264 tmp_sn[n] = xtoi_2 (s);
3265
3266 if (app->serialnolen != 16)
3267 return gpg_error (GPG_ERR_INV_CARD);
3268 if (memcmp (app->serialno, tmp_sn, 16))
3269 return gpg_error (GPG_ERR_WRONG_CARD);
3270 }
3271
3272 /* If a fingerprint has been specified check it against the one on
3273 the card. This is allows for a meaningful error message in case
3274 the key on the card has been replaced but the shadow information
3275 known to gpg was not updated. If there is no fingerprint, gpg
3276 will detect a bogus signature anyway due to the
3277 verify-after-signing feature. */
3278 rc = fpr? check_against_given_fingerprint (app, fpr, 3) : 0;
3279 if (rc)
3280 return rc;
3281
3282 rc = verify_chv2 (app, pincb, pincb_arg);
3283 if (!rc)
3284 {
3285 int exmode, le_value;
3286
3287 if (app->app_local->cardcap.ext_lc_le)
3288 {
3289 exmode = 1; /* Use extended length. */
3290 le_value = app->app_local->extcap.max_rsp_data;
3291 }
3292 else
3293 {
3294 exmode = 0;
3295 le_value = 0;
3296 }
3297 rc = iso7816_internal_authenticate (app->slot, exmode,
3298 indata, indatalen, le_value,
3299 outdata, outdatalen);
3300 }
3301 return rc;
3302 }
3303
3304
3305 static gpg_error_t
3306 do_decipher (app_t app, const char *keyidstr,
3307 gpg_error_t (*pincb)(void*, const char *, char **),
3308 void *pincb_arg,
3309 const void *indata, size_t indatalen,
3310 unsigned char **outdata, size_t *outdatalen )
3311 {
3312 int rc;
3313 unsigned char tmp_sn[20]; /* actually 16 but we use it also for the fpr. */
3314 const char *s;
3315 int n;
3316 const char *fpr = NULL;
3317 int exmode, le_value;
3318
3319 if (!keyidstr || !*keyidstr || !indatalen)
3320 return gpg_error (GPG_ERR_INV_VALUE);
3321
3322 /* Check whether an OpenPGP card of any version has been requested. */
3323 if (!strcmp (keyidstr, "OPENPGP.2"))
3324 ;
3325 else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
3326 return gpg_error (GPG_ERR_INV_ID);
3327 else
3328 {
3329 for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
3330 ;
3331 if (n != 32)
3332 return gpg_error (GPG_ERR_INV_ID);
3333 else if (!*s)
3334 ; /* no fingerprint given: we allow this for now. */
3335 else if (*s == '/')
3336 fpr = s + 1;
3337 else
3338 return gpg_error (GPG_ERR_INV_ID);
3339
3340 for (s=keyidstr, n=0; n < 16; s += 2, n++)
3341 tmp_sn[n] = xtoi_2 (s);
3342
3343 if (app->serialnolen != 16)
3344 return gpg_error (GPG_ERR_INV_CARD);
3345 if (memcmp (app->serialno, tmp_sn, 16))
3346 return gpg_error (GPG_ERR_WRONG_CARD);
3347 }
3348
3349 /* If a fingerprint has been specified check it against the one on
3350 the card. This is allows for a meaningful error message in case
3351 the key on the card has been replaced but the shadow information
3352 known to gpg was not updated. If there is no fingerprint, the
3353 decryption won't produce the right plaintext anyway. */
3354 rc = fpr? check_against_given_fingerprint (app, fpr, 2) : 0;
3355 if (rc)
3356 return rc;
3357
3358 rc = verify_chv2 (app, pincb, pincb_arg);
3359 if (!rc)
3360 {
3361 size_t fixuplen;
3362 unsigned char *fixbuf = NULL;
3363 int padind = 0;
3364
3365 /* We might encounter a couple of leading zeroes in the
3366 cryptogram. Due to internal use of MPIs thease leading
3367 zeroes are stripped. However the OpenPGP card expects
3368 exactly 128 bytes for the cryptogram (for a 1k key). Thus we
3369 need to fix it up. We do this for up to 16 leading zero
3370 bytes; a cryptogram with more than this is with a very high
3371 probability anyway broken. */
3372 if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */
3373 fixuplen = 128 - indatalen;
3374 else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */
3375 fixuplen = 192 - indatalen;
3376 else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */
3377 fixuplen = 256 - indatalen;
3378 else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key. */
3379 fixuplen = 384 - indatalen;
3380 else
3381 fixuplen = 0;
3382
3383 if (fixuplen)
3384 {
3385 /* While we have to prepend stuff anyway, we can also
3386 include the padding byte here so that iso1816_decipher
3387 does not need to do another data mangling. */
3388 fixuplen++;
3389
3390 fixbuf = xtrymalloc (fixuplen + indatalen);
3391 if (!fixbuf)
3392 return gpg_error_from_syserror ();
3393
3394 memset (fixbuf, 0, fixuplen);
3395 memcpy (fixbuf+fixuplen, indata, indatalen);
3396 indata = fixbuf;
3397 indatalen = fixuplen + indatalen;
3398 padind = -1; /* Already padded. */
3399 }
3400
3401 if (app->app_local->cardcap.ext_lc_le && indatalen > 254 )
3402 {
3403 exmode = 1; /* Extended length w/o a limit. */
3404 le_value = app->app_local->extcap.max_rsp_data;
3405 }
3406 else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
3407 {
3408 exmode = -254; /* Command chaining with max. 254 bytes. */
3409 le_value = 0;
3410 }
3411 else
3412 exmode = le_value = 0;
3413
3414 rc = iso7816_decipher (app->slot, exmode,
3415 indata, indatalen, le_value, padind,
3416 outdata, outdatalen);
3417 xfree (fixbuf);
3418 }
3419
3420 return rc;
3421 }
3422
3423
3424 /* Perform a simple verify operation for CHV1 and CHV2, so that
3425 further operations won't ask for CHV2 and it is possible to do a
3426 cheap check on the PIN: If there is something wrong with the PIN
3427 entry system, only the regular CHV will get blocked and not the
3428 dangerous CHV3. KEYIDSTR is the usual card's serial number; an
3429 optional fingerprint part will be ignored.
3430
3431 There is a special mode if the keyidstr is "<serialno>[CHV3]" with
3432 the "[CHV3]" being a literal string: The Admin Pin is checked if
3433 and only if the retry counter is still at 3. */
3434 static gpg_error_t
3435 do_check_pin (app_t app, const char *keyidstr,
3436 gpg_error_t (*pincb)(void*, const char *, char **),
3437 void *pincb_arg)
3438 {
3439 unsigned char tmp_sn[20];
3440 const char *s;
3441 int n;
3442 int admin_pin = 0;
3443
3444 if (!keyidstr || !*keyidstr)
3445 return gpg_error (GPG_ERR_INV_VALUE);
3446
3447 /* Check whether an OpenPGP card of any version has been requested. */
3448 if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
3449 return gpg_error (GPG_ERR_INV_ID);
3450
3451 for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
3452 ;
3453 if (n != 32)
3454 return gpg_error (GPG_ERR_INV_ID);
3455 else if (!*s)
3456 ; /* No fingerprint given: we allow this for now. */
3457 else if (*s == '/')
3458 ; /* We ignore a fingerprint. */
3459 else if (!strcmp (s, "[CHV3]") )
3460 admin_pin = 1;
3461 else
3462 return gpg_error (GPG_ERR_INV_ID);
3463
3464 for (s=keyidstr, n=0; n < 16; s += 2, n++)
3465 tmp_sn[n] = xtoi_2 (s);
3466
3467 if (app->serialnolen != 16)
3468 return gpg_error (GPG_ERR_INV_CARD);
3469 if (memcmp (app->serialno, tmp_sn, 16))
3470 return gpg_error (GPG_ERR_WRONG_CARD);
3471
3472 /* Yes, there is a race conditions: The user might pull the card
3473 right here and we won't notice that. However this is not a
3474 problem and the check above is merely for a graceful failure
3475 between operations. */
3476
3477 if (admin_pin)
3478 {
3479 void *relptr;
3480 unsigned char *value;
3481 size_t valuelen;
3482 int count;
3483
3484 relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
3485 if (!relptr || valuelen < 7)
3486 {
3487 log_error (_("error retrieving CHV status from card\n"));
3488 xfree (relptr);
3489 return gpg_error (GPG_ERR_CARD);
3490 }
3491 count = value[6];
3492 xfree (relptr);
3493
3494 if (!count)
3495 {
3496 log_info (_("card is permanently locked!\n"));
3497 return gpg_error (GPG_ERR_BAD_PIN);
3498 }
3499 else if (value[6] < 3)
3500 {
3501 log_info (_("verification of Admin PIN is currently prohibited "
3502 "through this command\n"));
3503 return gpg_error (GPG_ERR_GENERAL);
3504 }
3505
3506 app->did_chv3 = 0; /* Force verification. */
3507 return verify_chv3 (app, pincb, pincb_arg);
3508 }
3509 else
3510 return verify_chv2 (app, pincb, pincb_arg);
3511 }
3512
3513
3514 /* Show information about card capabilities. */
3515 static void
3516 show_caps (struct app_local_s *s)
3517 {
3518 log_info ("Version-2 ......: %s\n", s->extcap.is_v2? "yes":"no");
3519 log_info ("Get-Challenge ..: %s", s->extcap.get_challenge? "yes":"no");
3520 if (s->extcap.get_challenge)
3521 log_printf (" (%u bytes max)", s->extcap.max_get_challenge);
3522 log_info ("Key-Import .....: %s\n", s->extcap.key_import? "yes":"no");
3523 log_info ("Change-Force-PW1: %s\n", s->extcap.change_force_chv? "yes":"no");
3524 log_info ("Private-DOs ....: %s\n", s->extcap.private_dos? "yes":"no");
3525 log_info ("Algo-Attr-Change: %s\n", s->extcap.algo_attr_change? "yes":"no");
3526 log_info ("SM-Support .....: %s", s->extcap.sm_supported? "yes":"no");
3527 if (s->extcap.sm_supported)
3528 log_printf (" (%s)", s->extcap.sm_aes128? "AES-128":"3DES");
3529 log_info ("Max-Cert3-Len ..: %u\n", s->extcap.max_certlen_3);
3530 log_info ("Max-Cmd-Data ...: %u\n", s->extcap.max_cmd_data);
3531 log_info ("Max-Rsp-Data ...: %u\n", s->extcap.max_rsp_data);
3532 log_info ("Cmd-Chaining ...: %s\n", s->cardcap.cmd_chaining?"yes":"no");
3533 log_info ("Ext-Lc-Le ......: %s\n", s->cardcap.ext_lc_le?"yes":"no");
3534 log_info ("Status Indicator: %02X\n", s->status_indicator);
3535
3536 log_info ("GnuPG-No-Sync ..: %s\n", s->flags.no_sync? "yes":"no");
3537 log_info ("GnuPG-Def-PW2 ..: %s\n", s->flags.def_chv2? "yes":"no");
3538 }
3539
3540
3541 /* Parse the historical bytes in BUFFER of BUFLEN and store them in
3542 APPLOC. */
3543 static void
3544 parse_historical (struct app_local_s *apploc,
3545 const unsigned char * buffer, size_t buflen)
3546 {
3547 /* Example buffer: 00 31 C5 73 C0 01 80 00 90 00 */
3548 if (buflen < 4)
3549 {
3550 log_error ("warning: historical bytes are too short\n");
3551 return; /* Too short. */
3552 }
3553 if (*buffer)
3554 {
3555 log_error ("warning: bad category indicator in historical bytes\n");
3556 return;
3557 }
3558
3559 /* Skip category indicator. */
3560 buffer++;
3561 buflen--;
3562
3563 /* Get the status indicator. */
3564 apploc->status_indicator = buffer[buflen-3];
3565 buflen -= 3;
3566
3567 /* Parse the compact TLV. */
3568 while (buflen)
3569 {
3570 unsigned int tag = (*buffer & 0xf0) >> 4;
3571 unsigned int len = (*buffer & 0x0f);
3572 if (len+1 > buflen)
3573 {
3574 log_error ("warning: bad Compact-TLV in historical bytes\n");
3575 return; /* Error. */
3576 }
3577 buffer++;
3578 buflen--;
3579 if (tag == 7 && len == 3)
3580 {
3581 /* Card capabilities. */
3582 apploc->cardcap.cmd_chaining = !!(buffer[2] & 0x80);
3583 apploc->cardcap.ext_lc_le = !!(buffer[2] & 0x40);
3584 }
3585 buffer += len;
3586 buflen -= len;
3587 }
3588 }
3589
3590
3591 /* Parse and optionally show the algorithm attributes for KEYNO.
3592 KEYNO must be in the range 0..2. */
3593 static void
3594 parse_algorithm_attribute (app_t app, int keyno)
3595 {
3596 unsigned char *buffer;
3597 size_t buflen;
3598 void *relptr;
3599 const char const desc[3][5] = {"sign", "encr", "auth"};
3600
3601 assert (keyno >=0 && keyno <= 2);
3602
3603 app->app_local->keyattr[keyno].n_bits = 0;
3604
3605 relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL);
3606 if (!relptr)
3607 {
3608 log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
3609 return;
3610 }
3611 if (buflen < 1)
3612 {
3613 log_error ("error reading DO 0x%02X\n", 0xc1+keyno);
3614 xfree (relptr);
3615 return;
3616 }
3617
3618 if (opt.verbose)
3619 log_info ("Key-Attr-%s ..: ", desc[keyno]);
3620 if (*buffer == 1 && (buflen == 5 || buflen == 6))
3621 {
3622 app->app_local->keyattr[keyno].n_bits = (buffer[1]<<8 | buffer[2]);
3623 app->app_local->keyattr[keyno].e_bits = (buffer[3]<<8 | buffer[4]);
3624 app->app_local->keyattr[keyno].format = 0;
3625 if (buflen < 6)
3626 app->app_local->keyattr[keyno].format = RSA_STD;
3627 else
3628 app->app_local->keyattr[keyno].format = (buffer[5] == 0? RSA_STD :
3629 buffer[5] == 1? RSA_STD_N :
3630 buffer[5] == 2? RSA_CRT :
3631 buffer[5] == 3? RSA_CRT_N :
3632 RSA_UNKNOWN_FMT);
3633
3634 if (opt.verbose)
3635 log_printf
3636 ("RSA, n=%u, e=%u, fmt=%s\n",
3637 app->app_local->keyattr[keyno].n_bits,
3638 app->app_local->keyattr[keyno].e_bits,
3639 app->app_local->keyattr[keyno].format == RSA_STD? "std" :
3640 app->app_local->keyattr[keyno].format == RSA_STD_N?"std+n":
3641 app->app_local->keyattr[keyno].format == RSA_CRT? "crt" :
3642 app->app_local->keyattr[keyno].format == RSA_CRT_N?"crt+n":"?");
3643 }
3644 else if (opt.verbose)
3645 log_printhex ("", buffer, buflen);
3646
3647 xfree (relptr);
3648 }
3649
3650 /* Select the OpenPGP application on the card in SLOT. This function
3651 must be used before any other OpenPGP application functions. */
3652 gpg_error_t
3653 app_select_openpgp (app_t app)
3654 {
3655 static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 };
3656 int slot = app->slot;
3657 int rc;
3658 unsigned char *buffer;
3659 size_t buflen;
3660 void *relptr;
3661
3662 /* Note that the card can't cope with P2=0xCO, thus we need to pass a
3663 special flag value. */
3664 rc = iso7816_select_application (slot, aid, sizeof aid, 0x0001);
3665 if (!rc)
3666 {
3667 unsigned int manufacturer;
3668
3669 app->apptype = "OPENPGP";
3670
3671 app->did_chv1 = 0;
3672 app->did_chv2 = 0;
3673 app->did_chv3 = 0;
3674 app->app_local = NULL;
3675
3676 /* The OpenPGP card returns the serial number as part of the
3677 AID; because we prefer to use OpenPGP serial numbers, we
3678 replace a possibly already set one from a EF.GDO with this
3679 one. Note, that for current OpenPGP cards, no EF.GDO exists
3680 and thus it won't matter at all. */
3681 rc = iso7816_get_data (slot, 0, 0x004F, &buffer, &buflen);
3682 if (rc)
3683 goto leave;
3684 if (opt.verbose)
3685 {
3686 log_info ("AID: ");
3687 log_printhex ("", buffer, buflen);
3688 }
3689
3690 app->card_version = buffer[6] << 8;
3691 app->card_version |= buffer[7];
3692 manufacturer = (buffer[8]<<8 | buffer[9]);
3693
3694 xfree (app->serialno);
3695 app->serialno = buffer;
3696 app->serialnolen = buflen;
3697 buffer = NULL;
3698 app->app_local = xtrycalloc (1, sizeof *app->app_local);
3699 if (!app->app_local)
3700 {
3701 rc = gpg_error (gpg_err_code_from_errno (errno));
3702 goto leave;
3703 }
3704
3705 if (app->card_version >= 0x0200)
3706 app->app_local->extcap.is_v2 = 1;
3707
3708
3709 /* Read the historical bytes. */
3710 relptr = get_one_do (app, 0x5f52, &buffer, &buflen, NULL);
3711 if (relptr)
3712 {
3713 if (opt.verbose)
3714 {
3715 log_info ("Historical Bytes: ");
3716 log_printhex ("", buffer, buflen);
3717 }
3718 parse_historical (app->app_local, buffer, buflen);
3719 xfree (relptr);
3720 }
3721
3722 /* Read the force-chv1 flag. */
3723 relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
3724 if (!relptr)
3725 {
3726 log_error (_("can't access %s - invalid OpenPGP card?\n"),
3727 "CHV Status Bytes");
3728 goto leave;
3729 }
3730 app->force_chv1 = (buflen && *buffer == 0);
3731 xfree (relptr);
3732
3733 /* Read the extended capabilities. */
3734 relptr = get_one_do (app, 0x00C0, &buffer, &buflen, NULL);
3735 if (!relptr)
3736 {
3737 log_error (_("can't access %s - invalid OpenPGP card?\n"),
3738 "Extended Capability Flags" );
3739 goto leave;
3740 }
3741 if (buflen)
3742 {
3743 app->app_local->extcap.sm_supported = !!(*buffer & 0x80);
3744 app->app_local->extcap.get_challenge = !!(*buffer & 0x40);
3745 app->app_local->extcap.key_import = !!(*buffer & 0x20);
3746 app->app_local->extcap.change_force_chv = !!(*buffer & 0x10);
3747 app->app_local->extcap.private_dos = !!(*buffer & 0x08);
3748 app->app_local->extcap.algo_attr_change = !!(*buffer & 0x04);
3749 }
3750 if (buflen >= 10)
3751 {
3752 /* Available with v2 cards. */
3753 app->app_local->extcap.sm_aes128 = (buffer[1] == 1);
3754 app->app_local->extcap.max_get_challenge
3755 = (buffer[2] << 8 | buffer[3]);
3756 app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
3757 app->app_local->extcap.max_cmd_data = (buffer[6] << 8 | buffer[7]);
3758 app->app_local->extcap.max_rsp_data = (buffer[8] << 8 | buffer[9]);
3759 }
3760 xfree (relptr);
3761
3762 /* Some of the first cards accidently don't set the
3763 CHANGE_FORCE_CHV bit but allow it anyway. */
3764 if (app->card_version <= 0x0100 && manufacturer == 1)
3765 app->app_local->extcap.change_force_chv = 1;
3766
3767 parse_login_data (app);
3768
3769 if (opt.verbose)
3770 show_caps (app->app_local);
3771
3772 parse_algorithm_attribute (app, 0);
3773 parse_algorithm_attribute (app, 1);
3774 parse_algorithm_attribute (app, 2);
3775
3776 if (opt.verbose > 1)
3777 dump_all_do (slot);
3778
3779 app->fnc.deinit = do_deinit;
3780 app->fnc.learn_status = do_learn_status;
3781 app->fnc.readcert = do_readcert;
3782 app->fnc.readkey = do_readkey;
3783 app->fnc.getattr = do_getattr;
3784 app->fnc.setattr = do_setattr;
3785 app->fnc.writecert = do_writecert;
3786 app->fnc.writekey = do_writekey;
3787 app->fnc.genkey = do_genkey;
3788 app->fnc.sign = do_sign;
3789 app->fnc.auth = do_auth;
3790 app->fnc.decipher = do_decipher;
3791 app->fnc.change_pin = do_change_pin;
3792 app->fnc.check_pin = do_check_pin;
3793 }
3794
3795 leave:
3796 if (rc)
3797 do_deinit (app);
3798 return rc;
3799 }
3800
3801
3802
gnupg svn clone