scd/app.c

   1 /* app.c - Application selection.
   2  *      Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
   3  *
   4  * This file is part of GnuPG.
   5  *
   6  * GnuPG is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 2 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * GnuPG is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, write to the Free Software
  18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  19  */
  20
  21 #include <config.h>
  22 #include <errno.h>
  23 #include <stdio.h>
  24 #include <stdlib.h>
  25 #include <string.h>
  26
  27
  28 #include "scdaemon.h"
  29 #include "app-common.h"
  30 #include "apdu.h"
  31 #include "iso7816.h"
  32 #include "tlv.h"
  33
  34
  35 /* Check wether the application NAME is allowed.  This does not mean
  36    we have support for it though.  */
  37 static int
  38 is_app_allowed (const char *name)
  39 {
  40   strlist_t l;
  41
  42   for (l=opt.disabled_applications; l; l = l->next)
  43     if (!strcmp (l->d, name))
  44       return 0; /* no */
  45   return 1; /* yes */
  46 }
  47
  48
  49 /* If called with NAME as NULL, select the best fitting application
  50    and return a context; otherwise select the application with NAME
  51    and return a context.  SLOT identifies the reader device. Returns
  52    an error code and stores NULL at R_APP if no application was found
  53    or no card is present. */
  54 gpg_error_t
  55 select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
  56 {
  57   int rc;
  58   app_t app;
  59   unsigned char *result = NULL;
  60   size_t resultlen;
  61
  62   *r_app = NULL;
  63   app = xtrycalloc (1, sizeof *app);
  64   if (!app)
  65     {
  66       rc = gpg_error_from_errno (errno);
  67       log_info ("error allocating context: %s\n", gpg_strerror (rc));
  68       return rc;
  69     }
  70   app->slot = slot;
  71
  72   /* Fixme: We should now first check whether a card is at all
  73      present. */
  74
  75   /* Try to read the GDO file first to get a default serial number. */
  76   rc = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
  77   if (!rc)
  78     rc = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
  79   if (!rc)
  80      rc = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
  81   if (!rc)
  82     {
  83       size_t n;
  84       const unsigned char *p;
  85
  86       p = find_tlv (result, resultlen, 0x5A, &n);
  87       if (p)
  88         resultlen -= (p-result);
  89       if (p && n > resultlen && n == 0x0d && resultlen+1 == n)
  90         {
  91           /* The object it does not fit into the buffer.  This is an
  92              invalid encoding (or the buffer is too short.  However, I
  93              have some test cards with such an invalid encoding and
  94              therefore I use this ugly workaround to return something
  95              I can further experiment with. */
  96           log_debug ("enabling BMI testcard workaround\n");
  97           n--;
  98         }
  99
 100       if (p && n <= resultlen)
 101         {
 102           /* The GDO file is pretty short, thus we simply reuse it for
 103              storing the serial number. */
 104           memmove (result, p, n);
 105           app->serialno = result;
 106           app->serialnolen = n;
 107           rc = app_munge_serialno (app);
 108           if (rc)
 109             goto leave;
 110         }
 111       else
 112         xfree (result);
 113       result = NULL;
 114     }
 115
 116   /* For certain error codes, there is no need to try more.  */
 117   if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
 118     goto leave;
 119
 120
 121   /* Figure out the application to use.  */
 122   rc = gpg_error (GPG_ERR_NOT_FOUND);
 123
 124   if (rc && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp")))
 125     rc = app_select_openpgp (app);
 126   if (rc && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
 127     rc = app_select_nks (app);
 128 /*   if (rc && is_app_allowed ("p12") && (!name || !strcmp (name, "p12"))) */
 129 /*     rc = app_select_p12 (app); */
 130   if (rc && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
 131     rc = app_select_dinsig (app);
 132   if (rc && name)
 133     rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
 134
 135  leave:
 136   if (rc)
 137     {
 138       if (name)
 139         log_info ("can't select application `%s': %s\n",
 140                   name, gpg_strerror (rc));
 141       else
 142         log_info ("no supported card application found: %s\n",
 143                   gpg_strerror (rc));
 144       xfree (app);
 145       return rc;
 146     }
 147
 148   app->initialized = 1;
 149   *r_app = app;
 150   return 0;
 151 }
 152
 153
 154 void
 155 release_application (app_t app)
 156 {
 157   if (!app)
 158     return;
 159
 160   if (app->fnc.deinit)
 161     {
 162       app->fnc.deinit (app);
 163       app->fnc.deinit = NULL;
 164     }
 165
 166   xfree (app->serialno);
 167   xfree (app);
 168 }
 169
 170
 171
 172 /* The serial number may need some cosmetics.  Do it here.  This
 173    function shall only be called once after a new serial number has
 174    been put into APP->serialno.
 175
 176    Prefixes we use:
 177
 178      FF 00 00 = For serial numbers starting with an FF
 179      FF 01 00 = Some german p15 cards return an empty serial number so the
 180                 serial number from the EF(TokeInfo is used instead.
 181
 182      All other serial number not starting with FF are used as they are.
 183 */
 184 int
 185 app_munge_serialno (app_t app)
 186 {
 187   if (app->serialnolen && app->serialno[0] == 0xff)
 188     {
 189       /* The serial number starts with our special prefix.  This
 190          requires that we put our default prefix "FF0000" in front. */
 191       unsigned char *p = xtrymalloc (app->serialnolen + 3);
 192       if (!p)
 193         return gpg_error (gpg_err_code_from_errno (errno));
 194       memcpy (p, "\xff\0", 3);
 195       memcpy (p+3, app->serialno, app->serialnolen);
 196       app->serialnolen += 3;
 197       xfree (app->serialno);
 198       app->serialno = p;
 199     }
 200   return 0;
 201 }
 202
 203
 204
 205 /* Retrieve the serial number and the time of the last update of the
 206    card.  The serial number is returned as a malloced string (hex
 207    encoded) in SERIAL and the time of update is returned in STAMP.  If
 208    no update time is available the returned value is 0.  Caller must
 209    free SERIAL unless the function returns an error.  If STAMP is not
 210    of interest, NULL may be passed. */
 211 int
 212 app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp)
 213 {
 214   unsigned char *buf, *p;
 215   int i;
 216
 217   if (!app || !serial)
 218     return gpg_error (GPG_ERR_INV_VALUE);
 219
 220   *serial = NULL;
 221   if (stamp)
 222     *stamp = 0; /* not available */
 223
 224   buf = xtrymalloc (app->serialnolen * 2 + 1);
 225   if (!buf)
 226     return gpg_error_from_errno (errno);
 227   for (p=buf, i=0; i < app->serialnolen; p +=2, i++)
 228     sprintf (p, "%02X", app->serialno[i]);
 229   *p = 0;
 230   *serial = buf;
 231   return 0;
 232 }
 233
 234
 235 /* Write out the application specifig status lines for the LEARN
 236    command. */
 237 int
 238 app_write_learn_status (APP app, CTRL ctrl)
 239 {
 240   if (!app)
 241     return gpg_error (GPG_ERR_INV_VALUE);
 242   if (!app->initialized)
 243     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 244   if (!app->fnc.learn_status)
 245     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 246
 247   if (app->apptype)
 248     send_status_info (ctrl, "APPTYPE",
 249                       app->apptype, strlen (app->apptype), NULL, 0);
 250
 251   return app->fnc.learn_status (app, ctrl);
 252 }
 253
 254
 255 /* Read the certificate with id CERTID (as returned by learn_status in
 256    the CERTINFO status lines) and return it in the freshly allocated
 257    buffer put into CERT and the length of the certificate put into
 258    CERTLEN. */
 259 int
 260 app_readcert (app_t app, const char *certid,
 261               unsigned char **cert, size_t *certlen)
 262 {
 263   if (!app)
 264     return gpg_error (GPG_ERR_INV_VALUE);
 265   if (!app->initialized)
 266     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 267   if (!app->fnc.readcert)
 268     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 269
 270   return app->fnc.readcert (app, certid, cert, certlen);
 271 }
 272
 273
 274 /* Read the key with ID KEYID.  On success a canonical encoded
 275    S-expression with the public key will get stored at PK and its
 276    length (for assertions) at PKLEN; the caller must release that
 277    buffer. On error NULL will be stored at PK and PKLEN and an error
 278    code returned.
 279
 280    This function might not be supported by all applications.  */
 281 int
 282 app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
 283 {
 284   if (pk)
 285     *pk = NULL;
 286   if (pklen)
 287     *pklen = 0;
 288
 289   if (!app || !keyid || !pk || !pklen)
 290     return gpg_error (GPG_ERR_INV_VALUE);
 291   if (!app->initialized)
 292     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 293   if (!app->fnc.readkey)
 294     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 295
 296   return app->fnc.readkey (app, keyid, pk, pklen);
 297 }
 298
 299
 300 /* Perform a GETATTR operation.  */
 301 int
 302 app_getattr (APP app, CTRL ctrl, const char *name)
 303 {
 304   if (!app || !name || !*name)
 305     return gpg_error (GPG_ERR_INV_VALUE);
 306   if (!app->initialized)
 307     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 308
 309   if (app->apptype && name && !strcmp (name, "APPTYPE"))
 310     {
 311       send_status_info (ctrl, "APPTYPE",
 312                         app->apptype, strlen (app->apptype), NULL, 0);
 313       return 0;
 314     }
 315   if (name && !strcmp (name, "SERIALNO"))
 316     {
 317       char *serial;
 318       time_t stamp;
 319       int rc;
 320
 321       rc = app_get_serial_and_stamp (app, &serial, &stamp);
 322       if (rc)
 323         return rc;
 324       send_status_info (ctrl, "SERIALNO", serial, strlen (serial), NULL, 0);
 325       xfree (serial);
 326       return 0;
 327     }
 328
 329   if (!app->fnc.getattr)
 330     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 331   return app->fnc.getattr (app, ctrl, name);
 332 }
 333
 334 /* Perform a SETATTR operation.  */
 335 int
 336 app_setattr (APP app, const char *name,
 337              int (*pincb)(void*, const char *, char **),
 338              void *pincb_arg,
 339              const unsigned char *value, size_t valuelen)
 340 {
 341   if (!app || !name || !*name || !value)
 342     return gpg_error (GPG_ERR_INV_VALUE);
 343   if (!app->initialized)
 344     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 345   if (!app->fnc.setattr)
 346     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 347   return app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
 348 }
 349
 350 /* Create the signature and return the allocated result in OUTDATA.
 351    If a PIN is required the PINCB will be used to ask for the PIN; it
 352    should return the PIN in an allocated buffer and put it into PIN.  */
 353 int
 354 app_sign (APP app, const char *keyidstr, int hashalgo,
 355           int (pincb)(void*, const char *, char **),
 356           void *pincb_arg,
 357           const void *indata, size_t indatalen,
 358           unsigned char **outdata, size_t *outdatalen )
 359 {
 360   int rc;
 361
 362   if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
 363     return gpg_error (GPG_ERR_INV_VALUE);
 364   if (!app->initialized)
 365     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 366   if (!app->fnc.sign)
 367     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 368   rc = app->fnc.sign (app, keyidstr, hashalgo,
 369                       pincb, pincb_arg,
 370                       indata, indatalen,
 371                       outdata, outdatalen);
 372   if (opt.verbose)
 373     log_info ("operation sign result: %s\n", gpg_strerror (rc));
 374   return rc;
 375 }
 376
 377 /* Create the signature using the INTERNAL AUTHENTICATE command and
 378    return the allocated result in OUTDATA.  If a PIN is required the
 379    PINCB will be used to ask for the PIN; it should return the PIN in
 380    an allocated buffer and put it into PIN.  */
 381 int
 382 app_auth (APP app, const char *keyidstr,
 383           int (pincb)(void*, const char *, char **),
 384           void *pincb_arg,
 385           const void *indata, size_t indatalen,
 386           unsigned char **outdata, size_t *outdatalen )
 387 {
 388   int rc;
 389
 390   if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
 391     return gpg_error (GPG_ERR_INV_VALUE);
 392   if (!app->initialized)
 393     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 394   if (!app->fnc.auth)
 395     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 396   rc = app->fnc.auth (app, keyidstr,
 397                       pincb, pincb_arg,
 398                       indata, indatalen,
 399                       outdata, outdatalen);
 400   if (opt.verbose)
 401     log_info ("operation auth result: %s\n", gpg_strerror (rc));
 402   return rc;
 403 }
 404
 405
 406 /* Decrypt the data in INDATA and return the allocated result in OUTDATA.
 407    If a PIN is required the PINCB will be used to ask for the PIN; it
 408    should return the PIN in an allocated buffer and put it into PIN.  */
 409 int
 410 app_decipher (APP app, const char *keyidstr,
 411               int (pincb)(void*, const char *, char **),
 412               void *pincb_arg,
 413               const void *indata, size_t indatalen,
 414               unsigned char **outdata, size_t *outdatalen )
 415 {
 416   int rc;
 417
 418   if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
 419     return gpg_error (GPG_ERR_INV_VALUE);
 420   if (!app->initialized)
 421     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 422   if (!app->fnc.decipher)
 423     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 424   rc = app->fnc.decipher (app, keyidstr,
 425                           pincb, pincb_arg,
 426                           indata, indatalen,
 427                           outdata, outdatalen);
 428   if (opt.verbose)
 429     log_info ("operation decipher result: %s\n", gpg_strerror (rc));
 430   return rc;
 431 }
 432
 433
 434 /* Perform a SETATTR operation.  */
 435 int
 436 app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
 437             int (*pincb)(void*, const char *, char **),
 438             void *pincb_arg)
 439 {
 440   int rc;
 441
 442   if (!app || !keynostr || !*keynostr || !pincb)
 443     return gpg_error (GPG_ERR_INV_VALUE);
 444   if (!app->initialized)
 445     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 446   if (!app->fnc.genkey)
 447     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 448   rc = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
 449   if (opt.verbose)
 450     log_info ("operation genkey result: %s\n", gpg_strerror (rc));
 451   return rc;
 452 }
 453
 454
 455 /* Perform a GET CHALLENGE operation.  This fucntion is special as it
 456    directly accesses the card without any application specific
 457    wrapper. */
 458 int
 459 app_get_challenge (APP app, size_t nbytes, unsigned char *buffer)
 460 {
 461   if (!app || !nbytes || !buffer)
 462     return gpg_error (GPG_ERR_INV_VALUE);
 463   if (!app->initialized)
 464     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 465   return iso7816_get_challenge (app->slot, nbytes, buffer);
 466 }
 467
 468
 469
 470 /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation.  */
 471 int
 472 app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
 473                 int (*pincb)(void*, const char *, char **),
 474                 void *pincb_arg)
 475 {
 476   int rc;
 477
 478   if (!app || !chvnostr || !*chvnostr || !pincb)
 479     return gpg_error (GPG_ERR_INV_VALUE);
 480   if (!app->initialized)
 481     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 482   if (!app->fnc.change_pin)
 483     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 484   rc = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode, pincb, pincb_arg);
 485   if (opt.verbose)
 486     log_info ("operation change_pin result: %s\n", gpg_strerror (rc));
 487   return rc;
 488 }
 489
 490
 491 /* Perform a VERIFY operation without doing anything lese.  This may
 492    be used to initialze a the PIN cache for long lasting other
 493    operations.  Its use is highly application dependent. */
 494 int
 495 app_check_pin (APP app, const char *keyidstr,
 496                int (*pincb)(void*, const char *, char **),
 497                void *pincb_arg)
 498 {
 499   int rc;
 500
 501   if (!app || !keyidstr || !*keyidstr || !pincb)
 502     return gpg_error (GPG_ERR_INV_VALUE);
 503   if (!app->initialized)
 504     return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
 505   if (!app->fnc.check_pin)
 506     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 507   rc = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg);
 508   if (opt.verbose)
 509     log_info ("operation check_pin result: %s\n", gpg_strerror (rc));
 510   return rc;
 511 }
 512