| blob | 2286090b661513afac2924ea4039b13199864298 |
1 /* iso7816.c - ISO 7816 commands
2 * Copyright (C) 2003, 2004, 2008 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 *
19 * $Id$
20 */
22 #include <config.h>
23 #include <errno.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
28 #if defined(GNUPG_SCD_MAIN_HEADER)
29 #include GNUPG_SCD_MAIN_HEADER
30 #elif GNUPG_MAJOR_VERSION == 1
31 /* This is used with GnuPG version < 1.9. The code has been source
32 copied from the current GnuPG >= 1.9 and is maintained over
33 there. */
47 #define CMD_SELECT_FILE 0xA4
48 #define CMD_VERIFY ISO7816_VERIFY
49 #define CMD_CHANGE_REFERENCE_DATA ISO7816_CHANGE_REFERENCE_DATA
50 #define CMD_RESET_RETRY_COUNTER ISO7816_RESET_RETRY_COUNTER
51 #define CMD_GET_DATA 0xCA
52 #define CMD_PUT_DATA 0xDA
53 #define CMD_MSE 0x22
54 #define CMD_PSO 0x2A
55 #define CMD_INTERNAL_AUTHENTICATE 0x88
56 #define CMD_GENERATE_KEYPAIR 0x47
57 #define CMD_GET_CHALLENGE 0x84
58 #define CMD_READ_BINARY 0xB0
59 #define CMD_READ_RECORD 0xB2
61 static gpg_error_t
63 {
64 gpg_err_code_t ec;
67 {
106 else
108 }
110 }
112 /* Map a status word from the APDU layer to a gpg-error code. */
113 gpg_error_t
115 {
116 /* All APDU functions should return 0x9000 on success but for
117 historical reasons of the implementation some return 0 to
118 indicate success. We allow for that here. */
120 }
123 /* This function is specialized version of the SELECT FILE command.
124 SLOT is the card and reader as created for example by
125 apdu_open_reader (), AID is a buffer of size AIDLEN holding the
126 requested application ID. The function can't be used to enumerate
127 AIDs and won't return the AID on success. The return value is 0
128 for okay or a GPG error code. Note that ISO error codes are
129 internally mapped. Bit 0 of FLAGS should be set if the card does
130 not understand P2=0xC0. */
131 gpg_error_t
134 {
139 }
142 gpg_error_t
145 {
153 {
157 }
158 else
159 {
165 }
168 }
171 /* Do a select file command with a direct path. */
172 gpg_error_t
175 {
181 {
185 }
191 {
194 }
201 }
204 /* This is a private command currently only working for TCOS cards. */
205 gpg_error_t
208 {
219 {
220 /* Make sure that pending buffers are released. */
224 }
226 }
229 /* Check whether the reader supports the ISO command code COMMAND on
230 the keypad. Returns 0 on success. */
231 gpg_error_t
233 {
240 }
243 /* Perform a VERIFY command on SLOT using the card holder verification
244 vector CHVNO with a CHV of lenght CHVLEN. With PININFO non-NULL
245 the keypad of the reader will be used. Returns 0 on success. */
246 gpg_error_t
249 {
258 else
261 }
263 /* Perform a VERIFY command on SLOT using the card holder verification
264 vector CHVNO with a CHV of lenght CHVLEN. Returns 0 on success. */
265 gpg_error_t
267 {
269 }
271 /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
272 verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
273 0), a "change reference data" is done, otherwise an "exchange
274 reference data". The new reference data is expected in NEWCHV of
275 length NEWCHVLEN. With PININFO non-NULL the keypad of the reader
276 will be used. */
277 gpg_error_t
282 {
305 else
311 }
313 /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
314 verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
315 0), a "change reference data" is done, otherwise an "exchange
316 reference data". The new reference data is expected in NEWCHV of
317 length NEWCHVLEN. */
318 gpg_error_t
322 {
325 }
328 gpg_error_t
332 {
338 /* FIXME: The keypad mode has not yet been tested. */
346 else
350 }
353 gpg_error_t
356 {
365 }
368 gpg_error_t
371 {
373 }
377 /* Perform a GET DATA command requesting TAG and storing the result in
378 a newly allocated buffer at the address passed by RESULT. Return
379 the length of this data at the address of RESULTLEN. */
380 gpg_error_t
383 {
395 {
396 /* Make sure that pending buffers are released. */
401 }
404 }
407 /* Perform a PUT DATA command on card in SLOT. Write DATA of length
408 DATALEN to TAG. EXTENDED_MODE controls whether extended length
409 headers or command chaining is used instead of single length
410 bytes. */
411 gpg_error_t
414 {
421 }
423 /* Same as iso7816_put_data but uses an odd instrcution byte. */
424 gpg_error_t
427 {
434 }
436 /* Manage Security Environment. This is a weird operation and there
437 is no easy abstraction for it. Furthermore, some card seem to have
438 a different interpreation of 7816-8 and thus we resort to let the
439 caller decide what to do. */
440 gpg_error_t
443 {
452 }
455 /* Perform the security operation COMPUTE DIGITAL SIGANTURE. On
456 success 0 is returned and the data is availavle in a newly
457 allocated buffer stored at RESULT with its length stored at
458 RESULTLEN. */
459 gpg_error_t
462 {
473 {
474 /* Make sure that pending buffers are released. */
479 }
482 }
485 /* Perform the security operation DECIPHER. PADIND is the padding
486 indicator to be used. It should be 0 if no padding is required, a
487 value of -1 suppresses the padding byte. On success 0 is returned
488 and the plaintext is available in a newly allocated buffer stored
489 at RESULT with its length stored at RESULTLEN. */
490 gpg_error_t
493 {
503 {
504 /* We need to prepend the padding indicator. */
515 }
516 else
517 {
521 }
523 {
524 /* Make sure that pending buffers are released. */
529 }
532 }
535 gpg_error_t
539 {
550 {
551 /* Make sure that pending buffers are released. */
556 }
559 }
562 static gpg_error_t
566 {
577 {
578 /* Make sure that pending buffers are released. */
583 }
586 }
589 gpg_error_t
593 {
595 }
598 gpg_error_t
602 {
604 }
608 gpg_error_t
610 {
618 do
619 {
623 n,
626 {
627 /* Make sure that pending buffers are released. */
630 }
637 }
641 }
643 /* Perform a READ BINARY command requesting a maximum of NMAX bytes
644 from OFFSET. With NMAX = 0 the entire file is read. The result is
645 stored in a newly allocated buffer at the address passed by RESULT.
646 Returns the length of this data at the address of RESULTLEN. */
647 gpg_error_t
650 {
662 /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
663 we check for this limit. */
667 do
668 {
671 /* Note, that we to set N to 254 due to problems either with the
672 ccid driver or some TCOS cards. It actually should be 0
673 which is the official ISO value to read a variable length
674 object. */
677 else
683 {
688 }
691 {
692 /* Bad Parameter means that the offset is outside of the
693 EF. When reading all data we take this as an indication
694 for EOF. */
696 }
699 {
700 /* Make sure that pending buffers are released. */
706 }
708 {
711 {
718 }
724 }
726 {
729 }
733 files. */
736 else
738 }
742 }
744 /* Perform a READ RECORD command. RECNO gives the record number to
745 read with 0 indicating the current record. RECCOUNT must be 1 (not
746 all cards support reading of more than one record). SHORT_EF
747 should be 0 to read the current EF or contain a short EF. The
748 result is stored in a newly allocated buffer at the address passed
749 by RESULT. Returns the length of this data at the address of
750 RESULTLEN. */
751 gpg_error_t
754 {
764 /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus
765 we check for this limit. */
772 /* Fixme: Either the ccid driver or the TCOS cards have problems
773 with an Le of 0. */
775 recno,
781 {
782 /* Make sure that pending buffers are released. */
788 }
793 }