| blob | b38ae4fd0bec78c20d063a304853a9f0f8d436a1 |
1 /* iso7816.c - ISO 7816 commands
2 * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 *
19 * $Id$
20 */
22 #include <config.h>
23 #include <errno.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
28 #if defined(GNUPG_SCD_MAIN_HEADER)
29 #include GNUPG_SCD_MAIN_HEADER
30 #elif GNUPG_MAJOR_VERSION == 1
31 /* This is used with GnuPG version < 1.9. The code has been source
32 copied from the current GnuPG >= 1.9 and is maintained over
33 there. */
47 #define CMD_SELECT_FILE 0xA4
48 #define CMD_VERIFY ISO7816_VERIFY
49 #define CMD_CHANGE_REFERENCE_DATA ISO7816_CHANGE_REFERENCE_DATA
50 #define CMD_RESET_RETRY_COUNTER ISO7816_RESET_RETRY_COUNTER
51 #define CMD_GET_DATA 0xCA
52 #define CMD_PUT_DATA 0xDA
53 #define CMD_MSE 0x22
54 #define CMD_PSO 0x2A
55 #define CMD_INTERNAL_AUTHENTICATE 0x88
56 #define CMD_GENERATE_KEYPAIR 0x47
57 #define CMD_GET_CHALLENGE 0x84
58 #define CMD_READ_BINARY 0xB0
59 #define CMD_READ_RECORD 0xB2
61 static gpg_error_t
63 {
64 gpg_err_code_t ec;
67 {
103 else
105 }
107 }
109 /* Map a status word from the APDU layer to a gpg-error code. */
110 gpg_error_t
112 {
113 /* All APDU functions should return 0x9000 on success but for
114 historical reasons of the implementation some return 0 to
115 indicate success. We allow for that here. */
117 }
120 /* This function is specialized version of the SELECT FILE command.
121 SLOT is the card and reader as created for example by
122 apdu_open_reader (), AID is a buffer of size AIDLEN holding the
123 requested application ID. The function can't be used to enumerate
124 AIDs and won't return the AID on success. The return value is 0
125 for okay or a GPG error code. Note that ISO error codes are
126 internally mapped. Bit 0 of FLAGS should be set if the card does
127 not understand P2=0xC0. */
128 gpg_error_t
131 {
136 }
139 gpg_error_t
142 {
150 {
154 }
155 else
156 {
162 }
165 }
168 /* Do a select file command with a direct path. */
169 gpg_error_t
172 {
178 {
182 }
188 {
191 }
198 }
201 /* This is a private command currently only working for TCOS cards. */
202 gpg_error_t
205 {
216 {
217 /* Make sure that pending buffers are released. */
221 }
223 }
226 /* Check whether the reader supports the ISO command code COMMAND on
227 the keypad. Returns 0 on success. */
228 gpg_error_t
230 {
237 }
240 /* Perform a VERIFY command on SLOT using the card holder verification
241 vector CHVNO with a CHV of lenght CHVLEN. With PININFO non-NULL
242 the keypad of the reader will be used. Returns 0 on success. */
243 gpg_error_t
246 {
255 else
258 }
260 /* Perform a VERIFY command on SLOT using the card holder verification
261 vector CHVNO with a CHV of lenght CHVLEN. Returns 0 on success. */
262 gpg_error_t
264 {
266 }
268 /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
269 verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
270 0), a "change reference data" is done, otherwise an "exchange
271 reference data". The new reference data is expected in NEWCHV of
272 length NEWCHVLEN. With PININFO non-NULL the keypad of the reader
273 will be used. */
274 gpg_error_t
279 {
302 else
308 }
310 /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
311 verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
312 0), a "change reference data" is done, otherwise an "exchange
313 reference data". The new reference data is expected in NEWCHV of
314 length NEWCHVLEN. */
315 gpg_error_t
319 {
322 }
325 gpg_error_t
329 {
342 else
346 }
349 gpg_error_t
352 {
354 }
358 /* Perform a GET DATA command requesting TAG and storing the result in
359 a newly allocated buffer at the address passed by RESULT. Return
360 the length of this data at the address of RESULTLEN. */
361 gpg_error_t
364 {
376 {
377 /* Make sure that pending buffers are released. */
382 }
385 }
388 /* Perform a PUT DATA command on card in SLOT. Write DATA of length
389 DATALEN to TAG. */
390 gpg_error_t
393 {
400 }
402 /* Manage Security Environment. This is a weird operation and there
403 is no easy abstraction for it. Furthermore, some card seem to have
404 a different interpreation of 7816-8 and thus we resort to let the
405 caller decide what to do. */
406 gpg_error_t
409 {
418 }
421 /* Perform the security operation COMPUTE DIGITAL SIGANTURE. On
422 success 0 is returned and the data is availavle in a newly
423 allocated buffer stored at RESULT with its length stored at
424 RESULTLEN. */
425 gpg_error_t
428 {
439 {
440 /* Make sure that pending buffers are released. */
445 }
448 }
451 /* Perform the security operation DECIPHER. PADIND is the padding
452 indicator to be used. It should be 0 if no padding is required, a
453 value of -1 suppresses the padding byte. On success 0 is returned
454 and the plaintext is available in a newly allocated buffer stored
455 at RESULT with its length stored at RESULTLEN. */
456 gpg_error_t
459 {
469 {
470 /* We need to prepend the padding indicator. */
481 }
482 else
483 {
487 }
489 {
490 /* Make sure that pending buffers are released. */
495 }
498 }
501 gpg_error_t
505 {
516 {
517 /* Make sure that pending buffers are released. */
522 }
525 }
528 static gpg_error_t
532 {
543 {
544 /* Make sure that pending buffers are released. */
549 }
552 }
555 gpg_error_t
559 {
561 }
564 gpg_error_t
568 {
570 }
574 gpg_error_t
576 {
584 do
585 {
589 n,
592 {
593 /* Make sure that pending buffers are released. */
596 }
603 }
607 }
609 /* Perform a READ BINARY command requesting a maximum of NMAX bytes
610 from OFFSET. With NMAX = 0 the entire file is read. The result is
611 stored in a newly allocated buffer at the address passed by RESULT.
612 Returns the length of this data at the address of RESULTLEN. */
613 gpg_error_t
616 {
628 /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
629 we check for this limit. */
633 do
634 {
637 /* Note, that we to set N to 254 due to problems either with the
638 ccid driver or some TCOS cards. It actually should be 0
639 which is the official ISO value to read a variable length
640 object. */
643 else
649 {
654 }
657 {
658 /* Bad Parameter means that the offset is outside of the
659 EF. When reading all data we take this as an indication
660 for EOF. */
662 }
665 {
666 /* Make sure that pending buffers are released. */
672 }
674 {
677 {
684 }
690 }
692 {
695 }
699 files. */
702 else
704 }
708 }
710 /* Perform a READ RECORD command. RECNO gives the record number to
711 read with 0 indicating the current record. RECCOUNT must be 1 (not
712 all cards support reading of more than one record). SHORT_EF
713 should be 0 to read the current EF or contain a short EF. The
714 result is stored in a newly allocated buffer at the address passed
715 by RESULT. Returns the length of this data at the address of
716 RESULTLEN. */
717 gpg_error_t
720 {
730 /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
731 we check for this limit. */
738 /* Fixme: Either the ccid driver or the TCOS cards have problems
739 with an Le of 0. */
741 recno,
747 {
748 /* Make sure that pending buffers are released. */
754 }
759 }