diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2014-11-27 14:52:29 +0100 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2014-11-27 14:52:29 +0100 |
| commit | 36ed0c44fccef8ea31bf6e86af6425bbc95a3077 (patch) | |
| tree | 93c2a9a502cb21140f72a35bc23f4dc6a2037c09 /utils/opensc | |
| parent | c67c58126426d61348bfc6e5548630b9f03caa9f (diff) | |
opensc: bump to git codebase of 20141126 and rebase GnuK patches
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'utils/opensc')
27 files changed, 1209 insertions, 175 deletions
diff --git a/utils/opensc/Makefile b/utils/opensc/Makefile index f17357055..a7b830149 100644 --- a/utils/opensc/Makefile +++ b/utils/opensc/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=opensc -PKG_VERSION:=20140317 +PKG_VERSION:=20141126 PKG_RELEASE:=1 PKG_LICENSE:=LGPL-2.1+ PKG_LICENSE_FILES:=COPYING @@ -19,7 +19,7 @@ PKG_RELEASE=$(PKG_SOURCE_VERSION) PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/OpenSC/OpenSC.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=de6d61405b271e22244376e4817e16b49018e1ce +PKG_SOURCE_VERSION:=8aadbbd678730dbafb819382da553439887499fd PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DEPENDS:=+libpcsclite PKG_FIXUP:=libtool diff --git a/utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch b/utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch index 0d79422ca..08b2a8324 100644 --- a/utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch +++ b/utils/opensc/patches/0001-OpenPGP-Detect-and-support-Gnuk-Token.patch @@ -1,18 +1,18 @@ -From c706491fc9b08d4cc6d7b254cf936d6b8d8691bc Mon Sep 17 00:00:00 2001 +From 471b40173b73f213ee72bf05735abf3357658197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Wed, 20 Feb 2013 11:54:30 +0700 -Subject: [PATCH 01/18] OpenPGP: Detect and support Gnuk Token. +Subject: [PATCH 01/26] OpenPGP: Detect and support Gnuk Token. http://www.fsij.org/gnuk/ --- src/libopensc/card-openpgp.c | 61 ++++++++++++++++++++++++++++++++++---------- src/libopensc/cards.h | 1 + - src/tools/openpgp-tool.c | 9 +++++-- - 3 files changed, 56 insertions(+), 15 deletions(-) + src/tools/openpgp-tool.c | 7 ++++- + 3 files changed, 55 insertions(+), 14 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 743e79c..716052b 100644 +index 6774fe1..c785a55 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c @@ -43,6 +43,7 @@ @@ -66,7 +66,7 @@ index 743e79c..716052b 100644 priv->ext_caps |= EXT_CAP_SM; if ((priv->bcd_version >= OPENPGP_CARD_2_0) && (blob->len >= 10)) { -@@ -1055,12 +1060,18 @@ static int +@@ -1057,12 +1062,18 @@ static int pgp_get_pubkey(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) { sc_apdu_t apdu; @@ -86,7 +86,7 @@ index 743e79c..716052b 100644 apdu.lc = 2; apdu.data = ushort2bebytes(idbuf, tag); apdu.datalen = 2; -@@ -1152,6 +1163,7 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) +@@ -1154,6 +1165,7 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) u8 ins = 0xDA; u8 p1 = tag >> 8; u8 p2 = tag & 0xFF; @@ -94,7 +94,7 @@ index 743e79c..716052b 100644 int r; LOG_FUNC_CALLED(card->ctx); -@@ -1193,13 +1205,17 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) +@@ -1195,13 +1207,17 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) /* Build APDU */ if (buf != NULL && buf_len > 0) { @@ -114,7 +114,7 @@ index 743e79c..716052b 100644 apdu.datalen = buf_len; apdu.lc = buf_len; } -@@ -1326,6 +1342,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, +@@ -1328,6 +1344,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, struct pgp_priv_data *priv = DRVDATA(card); sc_security_env_t *env = &priv->sec_env; sc_apdu_t apdu; @@ -122,7 +122,7 @@ index 743e79c..716052b 100644 int r; LOG_FUNC_CALLED(card->ctx); -@@ -1334,14 +1351,19 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, +@@ -1336,14 +1353,19 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, LOG_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "invalid operation"); @@ -144,7 +144,7 @@ index 743e79c..716052b 100644 break; case 0x01: default: -@@ -1350,7 +1372,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, +@@ -1352,7 +1374,7 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, } apdu.lc = data_len; @@ -153,7 +153,7 @@ index 743e79c..716052b 100644 apdu.datalen = data_len; apdu.le = ((outlen >= 256) && !(card->caps & SC_CARD_CAP_APDU_EXT)) ? 256 : outlen; apdu.resp = out; -@@ -1374,6 +1396,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, +@@ -1376,6 +1398,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, struct pgp_priv_data *priv = DRVDATA(card); sc_security_env_t *env = &priv->sec_env; sc_apdu_t apdu; @@ -161,7 +161,7 @@ index 743e79c..716052b 100644 u8 *temp = NULL; int r; -@@ -1398,7 +1421,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, +@@ -1400,7 +1423,7 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, case 0x01: /* Decryption key */ case 0x02: /* authentication key */ /* PSO DECIPHER */ @@ -170,7 +170,7 @@ index 743e79c..716052b 100644 break; case 0x00: /* signature key */ default: -@@ -1407,8 +1430,13 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, +@@ -1409,8 +1432,13 @@ pgp_decipher(sc_card_t *card, const u8 *in, size_t inlen, "invalid key reference"); } @@ -209,10 +209,10 @@ index 743e79c..716052b 100644 * sc_format_apdu() */ apdu_le = card->max_recv_size; diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h -index 0fbf9ca..01b08fd 100644 +index 7be6667..a3f3634 100644 --- a/src/libopensc/cards.h +++ b/src/libopensc/cards.h -@@ -104,6 +104,7 @@ enum { +@@ -105,6 +105,7 @@ enum { SC_CARD_TYPE_OPENPGP_BASE = 9000, SC_CARD_TYPE_OPENPGP_V1, SC_CARD_TYPE_OPENPGP_V2, @@ -221,27 +221,18 @@ index 0fbf9ca..01b08fd 100644 /* jcop driver */ SC_CARD_TYPE_JCOP_BASE = 10000, diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c -index 7058aaa..8b5e327 100644 +index f42e6d6..a24a395 100644 --- a/src/tools/openpgp-tool.c +++ b/src/tools/openpgp-tool.c -@@ -32,6 +32,7 @@ - #include "libopensc/asn1.h" +@@ -33,6 +33,7 @@ #include "libopensc/cards.h" #include "libopensc/cardctl.h" + #include "libopensc/errors.h" +#include "libopensc/log.h" #include "util.h" + #include "libopensc/log.h" - #define OPT_RAW 256 -@@ -216,7 +217,7 @@ static void display_data(const struct ef_name_map *mapping, char *value) - } else { - const char *label = mapping->name; - -- printf("%s:%*s%s\n", label, 10-strlen(label), "", value); -+ printf("%s:%*s%s\n", label, 10 - (int)strlen(label), "", value); - } - } - } -@@ -390,6 +391,8 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len) +@@ -396,6 +397,8 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len) sc_path_t path; sc_file_t *file; @@ -250,7 +241,7 @@ index 7058aaa..8b5e327 100644 if (key_id < 1 || key_id > 3) { printf("Unknown key ID %d.\n", key_id); return 1; -@@ -481,8 +484,10 @@ int main(int argc, char **argv) +@@ -487,8 +490,10 @@ int main(int argc, char **argv) /* check card type */ if ((card->type != SC_CARD_TYPE_OPENPGP_V1) && @@ -263,5 +254,5 @@ index 7058aaa..8b5e327 100644 goto out; } -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch b/utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch index cf8cae6d7..c08a6e0a3 100644 --- a/utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch +++ b/utils/opensc/patches/0002-OpenPGP-Add-Gnuk-in-pkcs15-emulation-layer.patch @@ -1,8 +1,8 @@ -From ecc6460d17147b37def27a9b776e1fc5a61408d0 Mon Sep 17 00:00:00 2001 +From 00a2c08c9125103ee0bff9af9e7ff42c5cdc14fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Fri, 12 Apr 2013 17:24:00 +0700 -Subject: [PATCH 02/18] OpenPGP: Add Gnuk in pkcs15 emulation layer. +Subject: [PATCH 02/26] OpenPGP: Add Gnuk in pkcs15 emulation layer. --- src/libopensc/pkcs15-openpgp.c | 6 ++++-- @@ -10,10 +10,10 @@ Subject: [PATCH 02/18] OpenPGP: Add Gnuk in pkcs15 emulation layer. 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c -index d9dc074..5a8a1ca 100644 +index 4daaa98..fdf720a 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c -@@ -155,7 +155,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) +@@ -151,7 +151,8 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) u8 c4data[10]; u8 c5data[70]; int r, i; @@ -23,7 +23,7 @@ index d9dc074..5a8a1ca 100644 sc_path_t path; sc_file_t *file; -@@ -367,7 +368,8 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e +@@ -363,7 +364,8 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e static int openpgp_detect_card(sc_pkcs15_card_t *p15card) { @@ -34,17 +34,17 @@ index d9dc074..5a8a1ca 100644 else return SC_ERROR_WRONG_CARD; diff --git a/src/libopensc/pkcs15-syn.c b/src/libopensc/pkcs15-syn.c -index e2f6004..a9f8c0b 100644 +index ffbf642..d2c086c 100644 --- a/src/libopensc/pkcs15-syn.c +++ b/src/libopensc/pkcs15-syn.c -@@ -112,6 +112,7 @@ int sc_pkcs15_is_emulation_only(sc_card_t *card) +@@ -115,6 +115,7 @@ int sc_pkcs15_is_emulation_only(sc_card_t *card) case SC_CARD_TYPE_GEMSAFEV1_PTEID: case SC_CARD_TYPE_OPENPGP_V1: case SC_CARD_TYPE_OPENPGP_V2: + case SC_CARD_TYPE_OPENPGP_GNUK: case SC_CARD_TYPE_SC_HSM: - return 1; - default: + case SC_CARD_TYPE_DNIE_BASE: + case SC_CARD_TYPE_DNIE_BLANK: -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch b/utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch index fa15d792c..9e96cfef6 100644 --- a/utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch +++ b/utils/opensc/patches/0003-OpenPGP-Include-private-DO-to-filesystem-at-driver-i.patch @@ -1,8 +1,8 @@ -From 5f751ba5628f9d85e9d8dca9939a93f49d2525d0 Mon Sep 17 00:00:00 2001 +From 2d348b60ab8c22791b56f291600954abd716a791 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Fri, 22 Mar 2013 17:37:16 +0700 -Subject: [PATCH 03/18] OpenPGP: Include private DO to filesystem at driver +Subject: [PATCH 03/26] OpenPGP: Include private DO to filesystem at driver initialization. In old implementation, the DOs which their access is restricted by @@ -13,7 +13,7 @@ leading to that we cannot read their data later, even if we verified PIN. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 716052b..ead07ae 100644 +index c785a55..1cc3923 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c @@ -357,7 +357,7 @@ pgp_init(sc_card_t *card) @@ -26,5 +26,5 @@ index 716052b..ead07ae 100644 child = pgp_new_blob(card, priv->mf, info->id, sc_file_new()); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch b/utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch index 114412f22..b6408de7f 100644 --- a/utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch +++ b/utils/opensc/patches/0004-PKCS15-OpenPGP-Declare-DATA-objects.patch @@ -1,8 +1,8 @@ -From fbf8e392db4456de97796259a62ccb972fe24df8 Mon Sep 17 00:00:00 2001 +From fda9b6dd088e734de372fc85c091f88e8607bc2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Tue, 26 Feb 2013 17:37:16 +0700 -Subject: [PATCH 04/18] PKCS15-OpenPGP: Declare DATA objects. +Subject: [PATCH 04/26] PKCS15-OpenPGP: Declare DATA objects. Begin to support read/write DATA object for PKCS-OpenPGP binding. This object is used by TrueCrypt. @@ -11,18 +11,18 @@ This object is used by TrueCrypt. 1 file changed, 35 insertions(+) diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c -index 5a8a1ca..9f239ef 100644 +index fdf720a..fea2805 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c -@@ -36,6 +36,7 @@ typedef USHORT ushort; - #endif +@@ -32,6 +32,7 @@ + #include "log.h" int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); +static int sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *); #define PGP_USER_PIN_FLAGS (SC_PKCS15_PIN_FLAG_CASE_SENSITIVE \ -@@ -45,6 +46,8 @@ int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); +@@ -41,6 +42,8 @@ int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, sc_pkcs15emu_opt_t *); | SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED \ | SC_PKCS15_PIN_FLAG_SO_PIN) @@ -31,7 +31,7 @@ index 5a8a1ca..9f239ef 100644 typedef struct _pgp_pin_cfg { const char *label; int reference; -@@ -359,6 +362,9 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) +@@ -355,6 +358,9 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card) goto failed; } @@ -41,7 +41,7 @@ index 5a8a1ca..9f239ef 100644 return 0; failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP emulation: %s\n", -@@ -366,6 +372,35 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e +@@ -362,6 +368,35 @@ failed: sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Failed to initialize OpenPGP e return r; } @@ -78,5 +78,5 @@ index 5a8a1ca..9f239ef 100644 { if (p15card->card->type == SC_CARD_TYPE_OPENPGP_V1 || p15card->card->type == SC_CARD_TYPE_OPENPGP_V2 -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch b/utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch index c28ed10cb..0dc495462 100644 --- a/utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch +++ b/utils/opensc/patches/0005-OpenPGP-Support-erasing-reset-card.patch @@ -1,20 +1,20 @@ -From 4cdc5f3102f5ad93d263eea2f8206bb5e9fffc6c Mon Sep 17 00:00:00 2001 +From 6d138f0199575516bfaad18cbbafcfa2ee61e58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Mon, 4 Mar 2013 11:28:08 +0700 -Subject: [PATCH 05/18] OpenPGP: Support erasing (reset) card. +Subject: [PATCH 05/26] OpenPGP: Support erasing (reset) card. Command: openpgp-tool --erase --- src/libopensc/card-openpgp.c | 64 ++++++++++++++++++++++++++++++++++++++++++++ - src/tools/openpgp-tool.c | 23 +++++++++++++++- - 2 files changed, 86 insertions(+), 1 deletion(-) + src/tools/openpgp-tool.c | 22 ++++++++++++++- + 2 files changed, 85 insertions(+), 1 deletion(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index ead07ae..42a9684 100644 +index 1cc3923..7349876 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -2197,6 +2197,66 @@ out: +@@ -2195,6 +2195,66 @@ out: #endif /* ENABLE_OPENSSL */ @@ -81,7 +81,7 @@ index ead07ae..42a9684 100644 /* ABI: card ctl: perform special card-specific operations */ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) { -@@ -2221,6 +2281,10 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) +@@ -2219,6 +2279,10 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) LOG_FUNC_RETURN(card->ctx, r); break; #endif /* ENABLE_OPENSSL */ @@ -93,53 +93,52 @@ index ead07ae..42a9684 100644 LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c -index 8b5e327..0d360a3 100644 +index a24a395..de1c9d4 100644 --- a/src/tools/openpgp-tool.c +++ b/src/tools/openpgp-tool.c -@@ -76,6 +76,7 @@ static int opt_verify = 0; - static char *verifytype = NULL; - static int opt_pin = 0; +@@ -78,6 +78,7 @@ static int opt_pin = 0; static char *pin = NULL; + static int opt_dump_do = 0; + static u8 do_dump_idx; +static int opt_erase = 0; static const char *app_name = "openpgp-tool"; -@@ -92,6 +93,7 @@ static const struct option options[] = { +@@ -94,6 +95,7 @@ static const struct option options[] = { { "help", no_argument, NULL, 'h' }, { "verbose", no_argument, NULL, 'v' }, { "version", no_argument, NULL, 'V' }, + { "erase", no_argument, NULL, 'E' }, { "verify", required_argument, NULL, OPT_VERIFY }, { "pin", required_argument, NULL, OPT_PIN }, - { NULL, 0, NULL, 0 } -@@ -110,6 +112,7 @@ static const char *option_help[] = { + { "do", required_argument, NULL, 'd' }, +@@ -113,6 +115,7 @@ static const char *option_help[] = { /* h */ "Print this help message", /* v */ "Verbose operation. Use several times to enable debug output.", /* V */ "Show version number", +/* E */ "Erase (reset) the card", "Verify PIN (CHV1, CHV2, CHV3...)", - "PIN string" - }; -@@ -228,7 +231,7 @@ static int decode_options(int argc, char **argv) + "PIN string", + /* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)" +@@ -232,7 +235,7 @@ static int decode_options(int argc, char **argv) { int c; -- while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvV", options, (int *) 0)) != EOF) { -+ while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVE", options, (int *) 0)) != EOF) { +- while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVd:", options, (int *) 0)) != EOF) { ++ while ((c = getopt_long(argc, argv,"r:x:CUG:L:hwvVd:E", options, (int *) 0)) != EOF) { switch (c) { case 'r': opt_reader = optarg; -@@ -288,6 +291,9 @@ static int decode_options(int argc, char **argv) - show_version(); - exit(EXIT_SUCCESS); - break; +@@ -296,6 +299,8 @@ static int decode_options(int argc, char **argv) + do_dump_idx = optarg[0] - '0'; + opt_dump_do++; + actions++; + case 'E': + opt_erase++; -+ break; + break; default: util_print_usage_and_die(app_name, options, option_help, NULL); - } -@@ -446,6 +452,18 @@ int do_verify(sc_card_t *card, u8 *type, u8* pin) +@@ -452,6 +457,18 @@ int do_verify(sc_card_t *card, char *type, char *pin) return r; } @@ -158,7 +157,7 @@ index 8b5e327..0d360a3 100644 int main(int argc, char **argv) { sc_context_t *ctx = NULL; -@@ -521,6 +539,9 @@ int main(int argc, char **argv) +@@ -531,6 +548,9 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } @@ -169,5 +168,5 @@ index 8b5e327..0d360a3 100644 sc_unlock(card); sc_disconnect_card(card); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch b/utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch index f73cb22f5..ec9ddf5b0 100644 --- a/utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch +++ b/utils/opensc/patches/0006-openpgp-tool-Support-deleting-key-in-Gnuk.patch @@ -1,18 +1,18 @@ -From bbbedd3b358f80a7f98df2b22cf541cb007dd62e Mon Sep 17 00:00:00 2001 +From 469b6567d9adc4af6f49fa65534162673060454d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Mon, 4 Mar 2013 18:13:03 +0700 -Subject: [PATCH 06/18] openpgp-tool: Support deleting key in Gnuk. +Subject: [PATCH 06/26] openpgp-tool: Support deleting key in Gnuk. --- - src/tools/openpgp-tool.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 143 insertions(+), 1 deletion(-) + src/tools/openpgp-tool.c | 142 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 142 insertions(+) diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c -index 0d360a3..239c86b 100644 +index de1c9d4..374819a 100644 --- a/src/tools/openpgp-tool.c +++ b/src/tools/openpgp-tool.c -@@ -39,6 +39,7 @@ +@@ -41,6 +41,7 @@ #define OPT_PRETTY 257 #define OPT_VERIFY 258 #define OPT_PIN 259 @@ -20,33 +20,31 @@ index 0d360a3..239c86b 100644 /* define structures */ struct ef_name_map { -@@ -77,6 +78,7 @@ static char *verifytype = NULL; - static int opt_pin = 0; - static char *pin = NULL; +@@ -79,6 +80,7 @@ static char *pin = NULL; + static int opt_dump_do = 0; + static u8 do_dump_idx; static int opt_erase = 0; +static int opt_delkey = 0; static const char *app_name = "openpgp-tool"; -@@ -96,6 +98,7 @@ static const struct option options[] = { - { "erase", no_argument, NULL, 'E' }, +@@ -99,6 +101,7 @@ static const struct option options[] = { { "verify", required_argument, NULL, OPT_VERIFY }, { "pin", required_argument, NULL, OPT_PIN }, + { "do", required_argument, NULL, 'd' }, + { "del-key", required_argument, NULL, OPT_DELKEY }, { NULL, 0, NULL, 0 } }; -@@ -114,7 +117,8 @@ static const char *option_help[] = { - /* V */ "Show version number", - /* E */ "Erase (reset) the card", +@@ -119,6 +122,7 @@ static const char *option_help[] = { "Verify PIN (CHV1, CHV2, CHV3...)", -- "PIN string" -+ "PIN string", + "PIN string", + /* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)" + "Delete key (1, 2, 3 or all)" }; static const struct ef_name_map openpgp_data[] = { -@@ -294,6 +298,14 @@ static int decode_options(int argc, char **argv) +@@ -302,6 +306,14 @@ static int decode_options(int argc, char **argv) case 'E': opt_erase++; break; @@ -61,7 +59,7 @@ index 0d360a3..239c86b 100644 default: util_print_usage_and_die(app_name, options, option_help, NULL); } -@@ -452,6 +464,133 @@ int do_verify(sc_card_t *card, u8 *type, u8* pin) +@@ -457,6 +469,133 @@ int do_verify(sc_card_t *card, char *type, char *pin) return r; } @@ -195,7 +193,7 @@ index 0d360a3..239c86b 100644 int do_erase(sc_card_t *card) { int r; -@@ -539,6 +678,9 @@ int main(int argc, char **argv) +@@ -548,6 +687,9 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } @@ -206,5 +204,5 @@ index 0d360a3..239c86b 100644 exit_status != do_erase(card); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch b/utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch index 1d487af32..7d8045679 100644 --- a/utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch +++ b/utils/opensc/patches/0007-OpenPGP-Correct-building-Extended-Header-List-when-i.patch @@ -1,8 +1,8 @@ -From b6bc7a497e1fe20104f923de1092a35d137ba553 Mon Sep 17 00:00:00 2001 +From d210faa377bcec63876f84b82540b110ede16e57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Mon, 4 Mar 2013 18:14:51 +0700 -Subject: [PATCH 07/18] OpenPGP: Correct building Extended Header List when +Subject: [PATCH 07/26] OpenPGP: Correct building Extended Header List when importing keys. --- @@ -10,10 +10,10 @@ Subject: [PATCH 07/18] OpenPGP: Correct building Extended Header List when 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 42a9684..47c1938 100644 +index 7349876..91c311b 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -1978,7 +1978,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info +@@ -1977,7 +1977,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info u8 *p = NULL; u8 *components[] = {key_info->e, key_info->p, key_info->q, key_info->n}; size_t componentlens[] = {key_info->e_len, key_info->p_len, key_info->q_len, key_info->n_len}; @@ -23,5 +23,5 @@ index 42a9684..47c1938 100644 "public exponent", "prime p", -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch b/utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch index 25a69d4cb..17aaf92ca 100644 --- a/utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch +++ b/utils/opensc/patches/0008-OpenPGP-Read-some-empty-DOs-from-Gnuk.patch @@ -1,8 +1,8 @@ -From d1b8d3588336abac4876c1d537d8e8e5e578bc02 Mon Sep 17 00:00:00 2001 +From df98874784a77c96a7a1be54412a02a53fdd3a3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Mon, 25 Mar 2013 11:58:38 +0700 -Subject: [PATCH 08/18] OpenPGP: Read some empty DOs from Gnuk. +Subject: [PATCH 08/26] OpenPGP: Read some empty DOs from Gnuk. In Gnuk, some empty DOs are returned as not exist, instead of existing with empty value. So, we will consider them exist in driver. @@ -11,10 +11,10 @@ So, we will consider them exist in driver. 1 file changed, 25 insertions(+) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 47c1938..9b08bbb 100644 +index 91c311b..e7b25c0 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -813,6 +813,23 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, +@@ -815,6 +815,23 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, } } @@ -38,7 +38,7 @@ index 47c1938..9b08bbb 100644 return SC_ERROR_FILE_NOT_FOUND; } -@@ -1147,6 +1164,14 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) +@@ -1149,6 +1166,14 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); r = sc_check_sw(card, apdu.sw1, apdu.sw2); @@ -54,5 +54,5 @@ index 47c1938..9b08bbb 100644 LOG_FUNC_RETURN(card->ctx, apdu.resplen); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch b/utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch index 5abf6f8db..a75a2c2ce 100644 --- a/utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch +++ b/utils/opensc/patches/0009-PKCS15-OpenPGP-Do-not-show-empty-DO-in-pkcs15-emu_in.patch @@ -1,8 +1,8 @@ -From 6a4457cde65ef44f05b0689415ae7165b06fb8bf Mon Sep 17 00:00:00 2001 +From 42adc35954e18e24f253f710b16d850d1872bce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Wed, 27 Mar 2013 11:38:42 +0700 -Subject: [PATCH 09/18] PKCS15-OpenPGP: Do not show empty DO in pkcs15 +Subject: [PATCH 09/26] PKCS15-OpenPGP: Do not show empty DO in pkcs15 emu_init. --- @@ -10,10 +10,10 @@ Subject: [PATCH 09/18] PKCS15-OpenPGP: Do not show empty DO in pkcs15 1 file changed, 18 insertions(+) diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c -index 9f239ef..850dd74 100644 +index fea2805..51a2032 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c -@@ -385,16 +385,34 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card) +@@ -381,16 +381,34 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card) sc_pkcs15_object_t dat_obj; char name[8]; char path[9]; @@ -49,5 +49,5 @@ index 9f239ef..850dd74 100644 r = sc_pkcs15emu_add_data_object(p15card, &dat_obj, &dat_info); } -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch b/utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch index a3c75309c..7b0f493cc 100644 --- a/utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch +++ b/utils/opensc/patches/0010-PKCS15-OpenPGP-Allow-to-store-data-to-pkcs15-data-ob.patch @@ -1,8 +1,8 @@ -From 88ded8fc5802c073caa71b649cee5a3116699b2a Mon Sep 17 00:00:00 2001 +From f085e6a5f386875b5b071ef3bf115e4d9bb33bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Wed, 27 Mar 2013 11:39:33 +0700 -Subject: [PATCH 10/18] PKCS15-OpenPGP: Allow to store data to pkcs15 data +Subject: [PATCH 10/26] PKCS15-OpenPGP: Allow to store data to pkcs15 data object. Only one DO is supported now. @@ -12,10 +12,10 @@ Only one DO is supported now. 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c -index 850dd74..b701041 100644 +index 51a2032..4cc1c39 100644 --- a/src/libopensc/pkcs15-openpgp.c +++ b/src/libopensc/pkcs15-openpgp.c -@@ -397,7 +397,7 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card) +@@ -393,7 +393,7 @@ sc_pkcs15emu_openpgp_add_data(sc_pkcs15_card_t *p15card) */ r = read_file(p15card->card, path, content, sizeof(content)); if (r <= 0 ) { @@ -87,5 +87,5 @@ index f3a4962..1455580 100755 r = SC_ERROR_NOT_IMPLEMENTED; } -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch b/utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch index 8fc34642d..d133e8059 100644 --- a/utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch +++ b/utils/opensc/patches/0011-OpenPGP-Provide-enough-buffer-to-read-pubkey-from-Gn.patch @@ -1,8 +1,8 @@ -From 7231ee09bb628f0401939778decce818ef6e3665 Mon Sep 17 00:00:00 2001 +From 752f8981bed49a98d3592ead3aa50e743318dea8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Fri, 5 Apr 2013 17:18:50 +0700 -Subject: [PATCH 11/18] OpenPGP: Provide enough buffer to read pubkey from +Subject: [PATCH 11/26] OpenPGP: Provide enough buffer to read pubkey from Gnuk. --- @@ -10,7 +10,7 @@ Subject: [PATCH 11/18] OpenPGP: Provide enough buffer to read pubkey from 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 9b08bbb..8a1a270 100644 +index e7b25c0..1913eca 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c @@ -263,7 +263,12 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ @@ -27,7 +27,7 @@ index 9b08bbb..8a1a270 100644 #define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data)) struct pgp_priv_data { -@@ -729,6 +734,14 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) +@@ -731,6 +736,14 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) u8 buffer[2048]; size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT) ? sizeof(buffer) : 256; @@ -42,7 +42,7 @@ index 9b08bbb..8a1a270 100644 int r = blob->info->get_fn(card, blob->id, buffer, buf_len); if (r < 0) { /* an error occurred */ -@@ -1830,6 +1843,7 @@ static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_in +@@ -1828,6 +1841,7 @@ static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_in u8 apdu_case; u8 *apdu_data; size_t apdu_le; @@ -83,5 +83,5 @@ index 9b08bbb..8a1a270 100644 /* Send */ sc_log(card->ctx, "Waiting for the card to generate key..."); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch b/utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch index 0d54d96fc..3a2526f4e 100644 --- a/utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch +++ b/utils/opensc/patches/0012-OpenPGP-Support-write-certificate-for-Gnuk.patch @@ -1,18 +1,18 @@ -From d8f63eb6fcc1441c12a44850da2fa22a6fe81634 Mon Sep 17 00:00:00 2001 +From 5110ae3ba33d165c43ea5eca8f929a82d81cb3fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Thu, 11 Apr 2013 11:47:51 +0700 -Subject: [PATCH 12/18] OpenPGP: Support write certificate for Gnuk. +Subject: [PATCH 12/26] OpenPGP: Support write certificate for Gnuk. --- src/libopensc/card-openpgp.c | 158 +++++++++++++++++++++++++++++++++---------- 1 file changed, 123 insertions(+), 35 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 8a1a270..d9db948 100644 +index 1913eca..7cea84f 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -725,6 +725,8 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) +@@ -727,6 +727,8 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) static int pgp_read_blob(sc_card_t *card, struct blob *blob) { @@ -21,7 +21,7 @@ index 8a1a270..d9db948 100644 if (blob->data != NULL) return SC_SUCCESS; if (blob->info == NULL) -@@ -735,6 +737,11 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) +@@ -737,6 +739,11 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT) ? sizeof(buffer) : 256; @@ -33,7 +33,7 @@ index 8a1a270..d9db948 100644 /* Buffer length for Gnuk pubkey */ if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800 -@@ -1190,49 +1197,75 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) +@@ -1192,49 +1199,75 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) LOG_FUNC_RETURN(card->ctx, apdu.resplen); } @@ -143,7 +143,7 @@ index 8a1a270..d9db948 100644 /* Extended Header list (004D DO) needs a variant of PUT DATA command */ if (tag == 0x004D) { -@@ -1258,15 +1291,70 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) +@@ -1260,15 +1293,70 @@ pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) apdu.lc = buf_len; } else { @@ -216,5 +216,5 @@ index 8a1a270..d9db948 100644 if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Please verify PIN first."); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch b/utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch index 67d79dd6f..48afb3739 100644 --- a/utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch +++ b/utils/opensc/patches/0013-pkcs15-openpgp-Change-to-sc_put_data-instead-of-sc_u.patch @@ -1,8 +1,8 @@ -From e5c94d3f1f7e6a96a98815d6e51190498c357fb6 Mon Sep 17 00:00:00 2001 +From 7823e836e8279c8d77786d8f10ffaa83cf50bf1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Wed, 10 Apr 2013 18:35:58 +0700 -Subject: [PATCH 13/18] pkcs15-openpgp: Change to sc_put_data instead of +Subject: [PATCH 13/26] pkcs15-openpgp: Change to sc_put_data instead of sc_update_binary when writing certificate. --- @@ -27,5 +27,5 @@ index 1455580..be1291e 100755 case SC_PKCS15_TYPE_DATA_OBJECT: -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch b/utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch index cf1a07c64..0fa8f2c3d 100644 --- a/utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch +++ b/utils/opensc/patches/0014-OpenPGP-Overcome-the-restriction-of-even-data-length.patch @@ -1,8 +1,8 @@ -From df8a78e3c8c9d9d591c0d3fa31db7e010eb2c8c2 Mon Sep 17 00:00:00 2001 +From 3ff1f7234abb4c42273adedbe06d9e7f9f3a5f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Thu, 11 Apr 2013 16:18:31 +0700 -Subject: [PATCH 14/18] OpenPGP: Overcome the restriction of even data length +Subject: [PATCH 14/26] OpenPGP: Overcome the restriction of even data length of Gnuk. When write certificate with odd length to Gnuk, we add zero padding to make it even. @@ -11,10 +11,10 @@ When write certificate with odd length to Gnuk, we add zero padding to make it e 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index d9db948..a666163 100644 +index 7cea84f..7a77a71 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -1206,6 +1206,10 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) +@@ -1208,6 +1208,10 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) sc_apdu_t apdu; u8 *part; size_t plen; @@ -25,7 +25,7 @@ index d9db948..a666163 100644 int r = SC_SUCCESS; LOG_FUNC_CALLED(ctx); -@@ -1236,8 +1240,20 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) +@@ -1238,8 +1242,20 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xD6, i, 0); } apdu.flags |= SC_APDU_FLAGS_CHAINING; @@ -49,5 +49,5 @@ index d9db948..a666163 100644 r = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch b/utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch index cc88a12db..2389cd109 100644 --- a/utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch +++ b/utils/opensc/patches/0015-OpenPGP-Delete-key-as-file-for-Gnuk.patch @@ -1,18 +1,18 @@ -From 693b3ac5a53e89a0cdeab0f728d24a6e16864f5c Mon Sep 17 00:00:00 2001 +From 9af45c4cf052e3a6059a3004082f9ee3d2b3b2bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Fri, 12 Apr 2013 15:33:31 +0700 -Subject: [PATCH 15/18] OpenPGP: Delete key as file, for Gnuk. +Subject: [PATCH 15/26] OpenPGP: Delete key as file, for Gnuk. --- src/libopensc/card-openpgp.c | 51 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index a666163..19d3b04 100644 +index 7a77a71..4d0500d 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -2437,6 +2437,44 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) +@@ -2435,6 +2435,44 @@ static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr) LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); } @@ -57,7 +57,7 @@ index a666163..19d3b04 100644 /* ABI: DELETE FILE */ static int pgp_delete_file(sc_card_t *card, const sc_path_t *path) -@@ -2444,6 +2482,7 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) +@@ -2442,6 +2480,7 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) struct pgp_priv_data *priv = DRVDATA(card); struct blob *blob; sc_file_t *file; @@ -65,7 +65,7 @@ index a666163..19d3b04 100644 int r; LOG_FUNC_CALLED(card->ctx); -@@ -2459,10 +2498,20 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) +@@ -2457,10 +2496,20 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) if (blob == priv->mf) LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); @@ -88,5 +88,5 @@ index a666163..19d3b04 100644 /* call pgp_put_data() with zero-sized NULL-buffer to zap the DO contents */ r = pgp_put_data(card, file->id, NULL, 0); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch b/utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch index c49de13c0..76c8624e3 100644 --- a/utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch +++ b/utils/opensc/patches/0016-OpenPGP-Correct-parameter-checking.patch @@ -1,18 +1,18 @@ -From f96f7536a8c2efd0ba41fd94fe3334e5fa556854 Mon Sep 17 00:00:00 2001 +From ee23d262768e7e54ed0fc554bc0b869c65868ace Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Tue, 16 Apr 2013 10:19:34 +0700 -Subject: [PATCH 16/18] OpenPGP: Correct parameter checking. +Subject: [PATCH 16/26] OpenPGP: Correct parameter checking. --- src/libopensc/card-openpgp.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 19d3b04..196c094 100644 +index 4d0500d..beeee83 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -1221,6 +1221,8 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) +@@ -1223,6 +1223,8 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); /* Check response */ r = sc_check_sw(card, apdu.sw1, apdu.sw2); @@ -21,7 +21,7 @@ index 19d3b04..196c094 100644 LOG_FUNC_RETURN(card->ctx, length); } -@@ -2448,6 +2450,11 @@ gnuk_delete_key(sc_card_t *card, u8 key_id) +@@ -2446,6 +2448,11 @@ gnuk_delete_key(sc_card_t *card, u8 key_id) LOG_FUNC_CALLED(ctx); @@ -33,7 +33,7 @@ index 19d3b04..196c094 100644 /* Delete fingerprint */ sc_log(ctx, "Delete fingerprints"); r = pgp_put_data(card, 0xC6 + key_id, NULL, 0); -@@ -2466,8 +2473,6 @@ gnuk_delete_key(sc_card_t *card, u8 key_id) +@@ -2464,8 +2471,6 @@ gnuk_delete_key(sc_card_t *card, u8 key_id) data = "\x4D\x02\xB8"; else if (key_id == 3) data = "\x4D\x02\xA4"; @@ -43,5 +43,5 @@ index 19d3b04..196c094 100644 r = pgp_put_data(card, 0x4D, data, strlen(data) + 1); -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch b/utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch index 50501e095..2bb6fccaf 100644 --- a/utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch +++ b/utils/opensc/patches/0017-OpenPGP-Make-code-neater.patch @@ -1,18 +1,18 @@ -From 8a69525a60391b46db4994033527d219d2adaa4e Mon Sep 17 00:00:00 2001 +From f4aec38233010953cea72c367bccc71c3687b2f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Tue, 16 Apr 2013 16:02:17 +0700 -Subject: [PATCH 17/18] OpenPGP: Make code neater +Subject: [PATCH 17/26] OpenPGP: Make code neater --- src/libopensc/card-openpgp.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index 196c094..c4ef3b6 100644 +index beeee83..ca0d01b 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -1220,10 +1220,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) +@@ -1222,10 +1222,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) r = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); /* Check response */ @@ -24,7 +24,7 @@ index 196c094..c4ef3b6 100644 } /* Ref: gnuk_put_binary_libusb.py and gnuk_token.py in Gnuk source tree */ -@@ -1260,8 +1257,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) +@@ -1262,8 +1259,7 @@ static int gnuk_write_certificate(sc_card_t *card, const u8 *buf, size_t length) r = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(card->ctx, r, "APDU transmit failed"); /* Check response */ @@ -35,5 +35,5 @@ index 196c094..c4ef3b6 100644 /* To next part */ i++; -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch b/utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch index b05cc59c4..774ed58a1 100644 --- a/utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch +++ b/utils/opensc/patches/0018-Move-declaration-to-top-of-block.patch @@ -1,18 +1,18 @@ -From a099f951d085d3abfefeead14a4af06913cb67d2 Mon Sep 17 00:00:00 2001 +From c84c84169f7a73eab27f6a9b13b77432baa5c3f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= <ng.hong.quan@gmail.com> Date: Wed, 8 May 2013 16:51:21 +0700 -Subject: [PATCH 18/18] Move declaration to top of block. +Subject: [PATCH 18/26] Move declaration to top of block. --- src/libopensc/card-openpgp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c -index c4ef3b6..7f2006e 100644 +index ca0d01b..037ef73 100644 --- a/src/libopensc/card-openpgp.c +++ b/src/libopensc/card-openpgp.c -@@ -736,6 +736,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) +@@ -738,6 +738,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) u8 buffer[2048]; size_t buf_len = (card->caps & SC_CARD_CAP_APDU_EXT) ? sizeof(buffer) : 256; @@ -20,7 +20,7 @@ index c4ef3b6..7f2006e 100644 /* Buffer length for certificate */ if (blob->id == DO_CERT && priv->max_cert_size > 0) { -@@ -749,7 +750,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) +@@ -751,7 +752,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) buf_len = MAXLEN_RESP_PUBKEY_GNUK; } @@ -30,5 +30,5 @@ index c4ef3b6..7f2006e 100644 if (r < 0) { /* an error occurred */ blob->status = r; -- -1.9.3 +2.1.3 diff --git a/utils/opensc/patches/0019-OpenPGP-Make-indentation-consistent-space-tab.patch b/utils/opensc/patches/0019-OpenPGP-Make-indentation-consistent-space-tab.patch new file mode 100644 index 000000000..3702d61be --- /dev/null +++ b/utils/opensc/patches/0019-OpenPGP-Make-indentation-consistent-space-tab.patch @@ -0,0 +1,182 @@ +From c6abf7976f64be5191dc80fecdbcb07daab7a2e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 3 Nov 2013 01:45:56 +0800 +Subject: [PATCH 19/26] OpenPGP: Make indentation consistent (space -> tab). + +--- + src/libopensc/card-openpgp.c | 22 ++++++++--------- + src/tools/openpgp-tool.c | 56 ++++++++++++++++++++++---------------------- + 2 files changed, 39 insertions(+), 39 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index 037ef73..ae40940 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -192,12 +192,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ + { 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, + { 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, + { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, +- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, + { 0, 0, 0, NULL, NULL }, + }; + +@@ -253,11 +253,11 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ + /* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO. + * However, their R/W access condition may block the process of importing key in pkcs15init. + * So we set their accesses condition as WRITE_PIN3 (writable). */ +- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, + { 0, 0, 0, NULL, NULL }, + }; + +diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c +index 374819a..a0334ca 100644 +--- a/src/tools/openpgp-tool.c ++++ b/src/tools/openpgp-tool.c +@@ -37,11 +37,11 @@ + #include "util.h" + #include "libopensc/log.h" + +-#define OPT_RAW 256 +-#define OPT_PRETTY 257 +-#define OPT_VERIFY 258 +-#define OPT_PIN 259 +-#define OPT_DELKEY 260 ++#define OPT_RAW 256 ++#define OPT_PRETTY 257 ++#define OPT_VERIFY 258 ++#define OPT_PIN 259 ++#define OPT_DELKEY 260 + + /* define structures */ + struct ef_name_map { +@@ -142,10 +142,10 @@ static const struct ef_name_map openpgp_data[] = { + static void show_version(void) + { + fprintf(stderr, +- "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n" +- "\n" +- "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n" +- "Licensed under LGPL v2\n"); ++ "openpgp-tool - OpenPGP card utility version " PACKAGE_VERSION "\n" ++ "\n" ++ "Copyright (c) 2012 Peter Marschall <peter@adpm.de>\n" ++ "Licensed under LGPL v2\n"); + } + + +@@ -176,16 +176,16 @@ static char *prettify_language(char *str) + { + if (str != NULL) { + switch (strlen(str)) { +- case 8: memmove(str+7, str+6, 1+strlen(str+6)); ++ case 8: memmove(str+7, str+6, 1+strlen(str+6)); + str[6] = ','; + /* fall through */ +- case 6: memmove(str+5, str+4, 1+strlen(str+4)); ++ case 6: memmove(str+5, str+4, 1+strlen(str+4)); + str[4] = ','; + /* fall through */ +- case 4: memmove(str+3, str+2, 1+strlen(str+2)); ++ case 4: memmove(str+3, str+2, 1+strlen(str+2)); + str[2] = ','; + /* fall through */ +- case 2: return str; ++ case 2: return str; + } + } + return NULL; +@@ -197,10 +197,10 @@ static char *prettify_gender(char *str) + { + if (str != NULL) { + switch (*str) { +- case '0': return "unknown"; +- case '1': return "male"; +- case '2': return "female"; +- case '9': return "not applicable"; ++ case '0': return "unknown"; ++ case '1': return "male"; ++ case '2': return "female"; ++ case '9': return "not applicable"; + } + } + return NULL; +@@ -218,7 +218,7 @@ static void display_data(const struct ef_name_map *mapping, char *value) + char *envvar; + + envvar = malloc(strlen(mapping->env_name) + +- strlen(value) + 2); ++ strlen(value) + 2); + if (envvar != NULL) { + strcpy(envvar, mapping->env_name); + strcat(envvar, "="); +@@ -346,20 +346,20 @@ static int do_userinfo(sc_card_t *card) + if (!count) + continue; + +- if (count > (int)sizeof(buf) - 1) { ++ if (count > (int)sizeof(buf) - 1) { + fprintf(stderr, "Too small buffer to read the OpenPGP data\n"); + return EXIT_FAILURE; + } +- +- r = sc_read_binary(card, 0, buf, count, 0); +- if (r < 0) { ++ ++ r = sc_read_binary(card, 0, buf, count, 0); ++ if (r < 0) { + fprintf(stderr, "%s: read failed - %s\n", openpgp_data[i].ef, sc_strerror(r)); + return EXIT_FAILURE; +- } +- if (r != count) { +- fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r); ++ } ++ if (r != count) { ++ fprintf(stderr, "%s: expecting %d, got only %d bytes\n", openpgp_data[i].ef, count, r); + return EXIT_FAILURE; +- } ++ } + + buf[count] = '\0'; + +@@ -628,7 +628,7 @@ int main(int argc, char **argv) + r = sc_context_create(&ctx, &ctx_param); + if (r) { + util_fatal("failed to establish context: %s\n", +- sc_strerror(r)); ++ sc_strerror(r)); + return EXIT_FAILURE; + } + +@@ -640,7 +640,7 @@ int main(int argc, char **argv) + r = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); + if (r) { + util_fatal("failed to connect to card: %s\n", +- sc_strerror(r)); ++ sc_strerror(r)); + return EXIT_FAILURE; + } + +-- +2.1.3 + diff --git a/utils/opensc/patches/0020-OpenPGP-Don-t-use-sc_log-in-openpgp-tool.patch b/utils/opensc/patches/0020-OpenPGP-Don-t-use-sc_log-in-openpgp-tool.patch new file mode 100644 index 000000000..b73826fa2 --- /dev/null +++ b/utils/opensc/patches/0020-OpenPGP-Don-t-use-sc_log-in-openpgp-tool.patch @@ -0,0 +1,84 @@ +From 9acf5c1ad7d8a32b472203d3bd8860ea2cbde0e7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 3 Nov 2013 02:53:35 +0800 +Subject: [PATCH 20/26] OpenPGP: Don't use sc_log in openpgp-tool. + +--- + src/tools/openpgp-tool.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c +index a0334ca..505abd9 100644 +--- a/src/tools/openpgp-tool.c ++++ b/src/tools/openpgp-tool.c +@@ -414,8 +414,6 @@ int do_genkey(sc_card_t *card, u8 key_id, unsigned int key_len) + sc_path_t path; + sc_file_t *file; + +- LOG_FUNC_CALLED(card->ctx); +- + if (key_id < 1 || key_id > 3) { + printf("Unknown key ID %d.\n", key_id); + return 1; +@@ -479,14 +477,14 @@ int delete_key_gnuk(sc_card_t *card, u8 key_id) + u8 *data = NULL; + + /* Delete fingerprint */ +- sc_log(ctx, "Delete fingerprints"); ++ fprintf(stdout, "Delete fingerprints"); + r |= sc_put_data(card, 0xC6 + key_id, NULL, 0); + /* Delete creation time */ +- sc_log(ctx, "Delete creation time"); ++ fprintf(stdout, "Delete creation time"); + r |= sc_put_data(card, 0xCD + key_id, NULL, 0); + + /* Rewrite Extended Header List */ +- sc_log(ctx, "Rewrite Extended Header List"); ++ fprintf(stdout, "Rewrite Extended Header List"); + + if (key_id == 1) + data = "\x4D\x02\xB6"; +@@ -534,15 +532,18 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) + /* Build APDU from binary array */ + r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); + if (r) { +- sc_log(ctx, "Failed to build APDU"); +- LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL); ++ fprintf(stderr, "Failed to build APDU: %s\n", sc_strerror(r)); ++ return r; + } + apdu.resp = rbuf; + apdu.resplen = sizeof(rbuf); + + /* Send APDU to card */ + r = sc_transmit_apdu(card, &apdu); +- LOG_TEST_RET(ctx, r, "Transmiting APDU failed"); ++ if (r) { ++ fprintf(stderr, "Transmiting APDU failed: %s\n", sc_strerror(r)); ++ return r; ++ } + } + /* TODO: Rewrite Extended Header List. + * Not support by OpenGPG v2 yet */ +@@ -557,7 +558,7 @@ int delete_key(sc_card_t *card, u8 key_id) + LOG_FUNC_CALLED(ctx); + /* Check key ID */ + if (key_id < 1 || key_id > 3) { +- sc_log(ctx, "Invalid key ID %d", key_id); ++ fprintf(stderr, "Invalid key ID %d", key_id); + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); + } + +@@ -649,7 +650,7 @@ int main(int argc, char **argv) + (card->type != SC_CARD_TYPE_OPENPGP_V2) && + (card->type != SC_CARD_TYPE_OPENPGP_GNUK)) { + util_error("not an OpenPGP card"); +- sc_log(card->ctx, "Card type %X", card->type); ++ fprintf(stderr, "Card type %X\n", card->type); + exit_status = EXIT_FAILURE; + goto out; + } +-- +2.1.3 + diff --git a/utils/opensc/patches/0021-OpenPGP-Don-t-reimplement-gnuk_delete_key-in-openpgp.patch b/utils/opensc/patches/0021-OpenPGP-Don-t-reimplement-gnuk_delete_key-in-openpgp.patch new file mode 100644 index 000000000..dc8fe8499 --- /dev/null +++ b/utils/opensc/patches/0021-OpenPGP-Don-t-reimplement-gnuk_delete_key-in-openpgp.patch @@ -0,0 +1,112 @@ +From 0fdbf868976172486af210accafbab163452ff78 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 3 Nov 2013 11:26:25 +0800 +Subject: [PATCH 21/26] OpenPGP: Don't reimplement gnuk_delete_key in + openpgp-tool. + +--- + src/tools/openpgp-tool.c | 64 ++++++------------------------------------------ + 1 file changed, 8 insertions(+), 56 deletions(-) + +diff --git a/src/tools/openpgp-tool.c b/src/tools/openpgp-tool.c +index 505abd9..a7796e7 100644 +--- a/src/tools/openpgp-tool.c ++++ b/src/tools/openpgp-tool.c +@@ -468,38 +468,6 @@ int do_verify(sc_card_t *card, char *type, char *pin) + } + + /** +- * Delete key, for Gnuk. +- **/ +-int delete_key_gnuk(sc_card_t *card, u8 key_id) +-{ +- sc_context_t *ctx = card->ctx; +- int r = SC_SUCCESS; +- u8 *data = NULL; +- +- /* Delete fingerprint */ +- fprintf(stdout, "Delete fingerprints"); +- r |= sc_put_data(card, 0xC6 + key_id, NULL, 0); +- /* Delete creation time */ +- fprintf(stdout, "Delete creation time"); +- r |= sc_put_data(card, 0xCD + key_id, NULL, 0); +- +- /* Rewrite Extended Header List */ +- fprintf(stdout, "Rewrite Extended Header List"); +- +- if (key_id == 1) +- data = "\x4D\x02\xB6"; +- else if (key_id == 2) +- data = "\x4D\x02\xB8"; +- else if (key_id == 3) +- data = "\x4D\x02\xA4"; +- else +- return SC_ERROR_INVALID_ARGUMENTS; +- +- r |= sc_put_data(card, 0x4D, data, strlen(data) + 1); +- return r; +-} +- +-/** + * Delete key, for OpenPGP card. + * This function is not complete and is reserved for future version (> 2) of OpenPGP card. + **/ +@@ -547,32 +515,13 @@ int delete_key_openpgp(sc_card_t *card, u8 key_id) + } + /* TODO: Rewrite Extended Header List. + * Not support by OpenGPG v2 yet */ +- LOG_FUNC_RETURN(ctx, r); +-} +- +-int delete_key(sc_card_t *card, u8 key_id) +-{ +- sc_context_t *ctx = card->ctx; +- int r; +- +- LOG_FUNC_CALLED(ctx); +- /* Check key ID */ +- if (key_id < 1 || key_id > 3) { +- fprintf(stderr, "Invalid key ID %d", key_id); +- LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS); +- } +- +- if (card->type == SC_CARD_TYPE_OPENPGP_GNUK) +- r = delete_key_gnuk(card, key_id); +- else +- r = delete_key_openpgp(card, key_id); +- +- LOG_FUNC_RETURN(ctx, r); ++ return r; + } + + int do_delete_key(sc_card_t *card, u8 key_id) + { + sc_context_t *ctx = card->ctx; ++ sc_path_t path; + int r = SC_SUCCESS; + + /* Currently, only Gnuk supports deleting keys */ +@@ -586,13 +535,16 @@ int do_delete_key(sc_card_t *card, u8 key_id) + return SC_ERROR_INVALID_ARGUMENTS; + } + if (key_id == 1 || key_id == 'a') { +- r |= delete_key(card, 1); ++ sc_format_path("B601", &path); ++ r |= sc_delete_file(card, &path); + } + if (key_id == 2 || key_id == 'a') { +- r |= delete_key(card, 2); ++ sc_format_path("B801", &path); ++ r |= sc_delete_file(card, &path); + } + if (key_id == 3 || key_id == 'a') { +- r |= delete_key(card, 3); ++ sc_format_path("A401", &path); ++ r |= sc_delete_file(card, &path); + } + return r; + } +-- +2.1.3 + diff --git a/utils/opensc/patches/0022-OpenPGP-Use-directly-binary-array-of-APDUs-for-ERASE.patch b/utils/opensc/patches/0022-OpenPGP-Use-directly-binary-array-of-APDUs-for-ERASE.patch new file mode 100644 index 000000000..6297783ec --- /dev/null +++ b/utils/opensc/patches/0022-OpenPGP-Use-directly-binary-array-of-APDUs-for-ERASE.patch @@ -0,0 +1,87 @@ +From 0cd2a488d86006bb2740a4e73e7a0d859e1bf33c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 13 Jul 2014 17:37:59 +0800 +Subject: [PATCH 22/26] OpenPGP: Use directly binary array of APDUs for ERASE + command. + +I used a string presentation before and it needed an extra conversion step. +--- + src/libopensc/card-openpgp.c | 47 +++++++++++++++++++++++--------------------- + 1 file changed, 25 insertions(+), 22 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index ae40940..724fe73 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -2347,24 +2347,27 @@ out: + static int pgp_erase_card(sc_card_t *card) + { + sc_context_t *ctx = card->ctx; +- u8 *apdustring[10] = { +- "00:20:00:81:08:40:40:40:40:40:40:40:40", +- "00:20:00:81:08:40:40:40:40:40:40:40:40", +- "00:20:00:81:08:40:40:40:40:40:40:40:40", +- "00:20:00:81:08:40:40:40:40:40:40:40:40", +- "00:20:00:83:08:40:40:40:40:40:40:40:40", +- "00:20:00:83:08:40:40:40:40:40:40:40:40", +- "00:20:00:83:08:40:40:40:40:40:40:40:40", +- "00:20:00:83:08:40:40:40:40:40:40:40:40", +- "00:e6:00:00", +- "00:44:00:00" ++ /* Special series of commands to erase OpenPGP card, ++ * according to https://www.crypto-stick.com/en/faq ++ * (How to reset a Crypto Stick? question). ++ * Gnuk is known not to support this feature. */ ++ u8 apdu_binaries[10][13] = { ++ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x81, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0x20, 0, 0x83, 0x08, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40}, ++ {0, 0xe6, 0, 0}, ++ {0, 0x44, 0, 0} + }; ++ u8 apdu_lens[10] = {13, 13, 13, 13, 13, 13, 13, 13, 4, 4}; + u8 buf[SC_MAX_APDU_BUFFER_SIZE]; + u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; + sc_apdu_t apdu; +- size_t len0; +- int commandsnum = 10; +- int i, r; ++ int i, l, r; + + LOG_FUNC_CALLED(ctx); + +@@ -2376,17 +2379,17 @@ static int pgp_erase_card(sc_card_t *card) + sc_log(ctx, "Card is OpenPGP v2. Erase card."); + + /* Iterate over 10 commands above */ +- for (i = 0; i < commandsnum; i++) { +- /* Convert the string to binary array */ +- len0 = sizeof(buf); +- sc_hex_to_bin(apdustring[i], buf, &len0); +- printf("Sending: "); +- for (r = 0; r < len0; r++) +- printf("%02X ", buf[r]); ++ for (i = 0; i < sizeof(apdu_lens); i++) { ++ /* Length of the binary array of the current command */ ++ l = apdu_lens[i]; ++ /* Print the command to console */ ++ printf("Sending %d: ", i); ++ for (r = 0; r < l; r++) ++ printf("%02X ", apdu_binaries[i][r]); + printf("\n"); + + /* Build APDU from binary array */ +- r = sc_bytes2apdu(card->ctx, buf, len0, &apdu); ++ r = sc_bytes2apdu(card->ctx, apdu_binaries[i], l, &apdu); + if (r) { + sc_log(ctx, "Failed to build APDU"); + LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL); +-- +2.1.3 + diff --git a/utils/opensc/patches/0023-OpenPGP-Rename-private-blob-type-to-avoid-confusing-.patch b/utils/opensc/patches/0023-OpenPGP-Rename-private-blob-type-to-avoid-confusing-.patch new file mode 100644 index 000000000..f859f7cf1 --- /dev/null +++ b/utils/opensc/patches/0023-OpenPGP-Rename-private-blob-type-to-avoid-confusing-.patch @@ -0,0 +1,339 @@ +From 6f56ea4cfc52323002d818731a50a31e863b6843 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 13 Jul 2014 19:41:36 +0800 +Subject: [PATCH 23/26] OpenPGP: Rename private "blob" type to avoid confusing + with variable name. + +This name has been used for both data type and variable name of that +type. +--- + src/libopensc/card-openpgp.c | 96 ++++++++++++++++++++++---------------------- + 1 file changed, 49 insertions(+), 47 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index 724fe73..ca3173c 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -111,9 +111,9 @@ enum _card_state { + CARD_STATE_ACTIVATED = 0x05 + }; + +-struct blob { +- struct blob * next; /* pointer to next sibling */ +- struct blob * parent; /* pointer to parent */ ++typedef struct pgp_blob { ++ struct pgp_blob * next; /* pointer to next sibling */ ++ struct pgp_blob * parent; /* pointer to parent */ + struct do_info *info; + + sc_file_t * file; +@@ -122,8 +122,8 @@ struct blob { + + unsigned char * data; + unsigned int len; +- struct blob * files; /* pointer to 1st child */ +-}; ++ struct pgp_blob * files; /* pointer to 1st child */ ++} pgp_blob_t; + + struct do_info { + unsigned int id; /* ID of the DO in question */ +@@ -141,12 +141,12 @@ struct do_info { + + static int pgp_get_card_features(sc_card_t *card); + static int pgp_finish(sc_card_t *card); +-static void pgp_iterate_blobs(struct blob *, int, void (*func)()); ++static void pgp_iterate_blobs(pgp_blob_t *, int, void (*func)()); + +-static int pgp_get_blob(sc_card_t *card, struct blob *blob, +- unsigned int id, struct blob **ret); +-static struct blob * pgp_new_blob(sc_card_t *, struct blob *, unsigned int, sc_file_t *); +-static void pgp_free_blob(struct blob *); ++static int pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, ++ unsigned int id, pgp_blob_t **ret); ++static pgp_blob_t * pgp_new_blob(sc_card_t *, pgp_blob_t *, unsigned int, sc_file_t *); ++static void pgp_free_blob(pgp_blob_t *); + static int pgp_get_pubkey(sc_card_t *, unsigned int, + u8 *, size_t); + static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, +@@ -272,8 +272,8 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ + + #define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data)) + struct pgp_priv_data { +- struct blob * mf; +- struct blob * current; /* currently selected file */ ++ pgp_blob_t * mf; ++ pgp_blob_t * current; /* currently selected file */ + + enum _version bcd_version; + struct do_info *pgp_objects; +@@ -311,7 +311,7 @@ pgp_init(sc_card_t *card) + sc_file_t *file = NULL; + struct do_info *info; + int r; +- struct blob *child = NULL; ++ pgp_blob_t *child = NULL; + + LOG_FUNC_CALLED(card->ctx); + +@@ -389,7 +389,7 @@ pgp_get_card_features(sc_card_t *card) + unsigned char *hist_bytes = card->atr.value; + size_t atr_len = card->atr.len; + size_t i = 0; +- struct blob *blob, *blob6e, *blob73; ++ pgp_blob_t *blob, *blob6e, *blob73; + + /* parse card capabilities from historical bytes */ + while ((i < atr_len) && (hist_bytes[i] != 0x73)) +@@ -526,7 +526,7 @@ pgp_finish(sc_card_t *card) + + /* internal: fill a blob's data */ + static int +-pgp_set_blob(struct blob *blob, const u8 *data, size_t len) ++pgp_set_blob(pgp_blob_t *blob, const u8 *data, size_t len) + { + if (blob->data) + free(blob->data); +@@ -620,16 +620,16 @@ pgp_attach_acl(sc_card_t *card, sc_file_t *file, struct do_info *info) + } + + /* internal: append a blob to the list of children of a given parent blob */ +-static struct blob * +-pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, ++static pgp_blob_t * ++pgp_new_blob(sc_card_t *card, pgp_blob_t *parent, unsigned int file_id, + sc_file_t *file) + { +- struct blob *blob = NULL; ++ pgp_blob_t *blob = NULL; + + if (file == NULL) + return NULL; + +- if ((blob = calloc(1, sizeof(struct blob))) != NULL) { ++ if ((blob = calloc(1, sizeof(pgp_blob_t))) != NULL) { + struct pgp_priv_data *priv = DRVDATA (card); + struct do_info *info; + +@@ -643,7 +643,7 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, + blob->parent = parent; + + if (parent != NULL) { +- struct blob **p; ++ pgp_blob_t **p; + + /* set file's path = parent's path + file's id */ + blob->file->path = parent->file->path; +@@ -681,11 +681,11 @@ pgp_new_blob(sc_card_t *card, struct blob *parent, unsigned int file_id, + + /* internal: free a blob including its content */ + static void +-pgp_free_blob(struct blob *blob) ++pgp_free_blob(pgp_blob_t *blob) + { + if (blob) { + if (blob->parent) { +- struct blob **p; ++ pgp_blob_t **p; + + /* remove blob from list of parent's children */ + for (p = &blob->parent->files; *p != NULL && *p != blob; p = &(*p)->next) +@@ -705,14 +705,14 @@ pgp_free_blob(struct blob *blob) + + /* internal: iterate through the blob tree, calling a function for each blob */ + static void +-pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) ++pgp_iterate_blobs(pgp_blob_t *blob, int level, void (*func)()) + { + if (blob) { + if (level > 0) { +- struct blob *child = blob->files; ++ pgp_blob_t *child = blob->files; + + while (child != NULL) { +- struct blob *next = child->next; ++ pgp_blob_t *next = child->next; + + pgp_iterate_blobs(child, level-1, func); + child = next; +@@ -725,7 +725,7 @@ pgp_iterate_blobs(struct blob *blob, int level, void (*func)()) + + /* internal: read a blob's contents from card */ + static int +-pgp_read_blob(sc_card_t *card, struct blob *blob) ++pgp_read_blob(sc_card_t *card, pgp_blob_t *blob) + { + struct pgp_priv_data *priv = DRVDATA (card); + +@@ -772,7 +772,7 @@ pgp_read_blob(sc_card_t *card, struct blob *blob) + * The OpenPGP card has a TLV encoding according ASN.1 BER-encoding rules. + */ + static int +-pgp_enumerate_blob(sc_card_t *card, struct blob *blob) ++pgp_enumerate_blob(sc_card_t *card, pgp_blob_t *blob) + { + const u8 *in; + int r; +@@ -789,7 +789,7 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob) + unsigned int cla, tag, tmptag; + size_t len; + const u8 *data = in; +- struct blob *new; ++ pgp_blob_t *new; + + r = sc_asn1_read_tag(&data, blob->len - (in - blob->data), + &cla, &tag, &len); +@@ -819,10 +819,10 @@ pgp_enumerate_blob(sc_card_t *card, struct blob *blob) + + /* internal: find a blob by ID below a given parent, filling its contents when necessary */ + static int +-pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, +- struct blob **ret) ++pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id, ++ pgp_blob_t **ret) + { +- struct blob *child; ++ pgp_blob_t *child; + int r; + + if ((r = pgp_enumerate_blob(card, blob)) < 0) +@@ -858,10 +858,10 @@ pgp_get_blob(sc_card_t *card, struct blob *blob, unsigned int id, + + /* Internal: search recursively for a blob by ID below a given root */ + static int +-pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id, +- struct blob **ret) ++pgp_seek_blob(sc_card_t *card, pgp_blob_t *root, unsigned int id, ++ pgp_blob_t **ret) + { +- struct blob *child; ++ pgp_blob_t *child; + int r; + + if ((r = pgp_get_blob(card, root, id, ret)) == 0) +@@ -883,11 +883,11 @@ pgp_seek_blob(sc_card_t *card, struct blob *root, unsigned int id, + } + + /* internal: find a blob by tag - pgp_seek_blob with optimizations */ +-static struct blob * ++static pgp_blob_t * + pgp_find_blob(sc_card_t *card, unsigned int tag) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob = NULL; ++ pgp_blob_t *blob = NULL; + int r; + + /* Check if current selected blob is which we want to test*/ +@@ -941,7 +941,7 @@ static int + pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob; ++ pgp_blob_t *blob; + unsigned int path_start = 0; + unsigned int n; + sc_path_t dummy_path; +@@ -1022,7 +1022,7 @@ static int + pgp_list_files(sc_card_t *card, u8 *buf, size_t buflen) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob; ++ pgp_blob_t *blob; + unsigned int k; + int r; + +@@ -1058,7 +1058,7 @@ pgp_read_binary(sc_card_t *card, unsigned int idx, + u8 *buf, size_t count, unsigned long flags) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob; ++ pgp_blob_t *blob; + int r; + + LOG_FUNC_CALLED(card->ctx); +@@ -1134,7 +1134,7 @@ static int + pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob, *mod_blob, *exp_blob; ++ pgp_blob_t *blob, *mod_blob, *exp_blob; + sc_pkcs15_pubkey_t pubkey; + u8 *data; + size_t len; +@@ -1329,7 +1329,7 @@ static int + pgp_put_data(sc_card_t *card, unsigned int tag, const u8 *buf, size_t buf_len) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *affected_blob = NULL; ++ pgp_blob_t *affected_blob = NULL; + struct do_info *dinfo = NULL; + int r; + +@@ -1603,7 +1603,7 @@ static int + pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *algo_blob; ++ pgp_blob_t *algo_blob; + unsigned int old_modulus_len; /* Measured in bit */ + unsigned int old_exponent_len; + const unsigned int tag = 0x00C0 | key_info->keytype; +@@ -1708,7 +1708,7 @@ pgp_calculate_and_store_fingerprint(sc_card_t *card, time_t ctime, + u8 *p; /* Use this pointer to set fp_buffer content */ + size_t pk_packet_len; + unsigned int tag; +- struct blob *fpseq_blob; ++ pgp_blob_t *fpseq_blob; + u8 *newdata; + int r; + +@@ -1797,7 +1797,7 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len, + u8* exponent, size_t exponent_len, u8 key_id) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *pk_blob; ++ pgp_blob_t *pk_blob; + unsigned int blob_id; + sc_pkcs15_pubkey_t pubkey; + u8 *data = NULL; +@@ -1939,6 +1939,8 @@ static int pgp_update_card_algorithms(sc_card_t *card, sc_cardctl_openpgp_keygen + **/ + static int pgp_gen_key(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_info) + { ++ struct pgp_priv_data *priv = DRVDATA(card); ++ pgp_blob_t *algo_blob; + sc_apdu_t apdu; + /* Temporary variables to hold APDU params */ + u8 apdu_case; +@@ -2132,7 +2134,7 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info + }; + size_t comp_to_add = 3; + size_t req_e_len = 0; /* The exponent length specified in Algorithm Attributes */ +- struct blob *alat_blob; ++ pgp_blob_t *alat_blob; + u8 i; + int r; + +@@ -2483,7 +2485,7 @@ static int + pgp_delete_file(sc_card_t *card, const sc_path_t *path) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob; ++ pgp_blob_t *blob; + sc_file_t *file; + u8 key_id; + int r; +@@ -2533,7 +2535,7 @@ pgp_update_binary(sc_card_t *card, unsigned int idx, + const u8 *buf, size_t count, unsigned long flags) + { + struct pgp_priv_data *priv = DRVDATA(card); +- struct blob *blob = priv->current; ++ pgp_blob_t *blob = priv->current; + int r = SC_SUCCESS; + + LOG_FUNC_CALLED(card->ctx); +-- +2.1.3 + diff --git a/utils/opensc/patches/0024-OpenPGP-Fix-crash-after-accessing-inexistent-file.patch b/utils/opensc/patches/0024-OpenPGP-Fix-crash-after-accessing-inexistent-file.patch new file mode 100644 index 000000000..7d8a0ffc1 --- /dev/null +++ b/utils/opensc/patches/0024-OpenPGP-Fix-crash-after-accessing-inexistent-file.patch @@ -0,0 +1,41 @@ +From 8a87a4ee9107f250254d5c93c6fd62224c400ce7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Mon, 14 Jul 2014 01:30:28 +0800 +Subject: [PATCH 24/26] OpenPGP: Fix crash after accessing inexistent file. + +--- + src/libopensc/card-openpgp.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index ca3173c..94c69ae 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -973,7 +973,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) + * So we set its size to be the same as max certificate size the card supports. */ + (*ret)->size = priv->max_cert_size; + } +- priv->current = NULL; + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); + } + +@@ -990,7 +989,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) + /* This file ID is refered when importing key&certificate via pkcs15init, like above. + * We pretend to successfully find this inexistent file. */ + if (id == 0x4402 || id == 0x5f48) { +- priv->current = NULL; + if (ret == NULL) + /* No need to return file */ + LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); +@@ -1002,7 +1000,6 @@ pgp_select_file(sc_card_t *card, const sc_path_t *path, sc_file_t **ret) + } + + if (r < 0) { /* failure */ +- priv->current = NULL; + LOG_FUNC_RETURN(card->ctx, r); + } + } +-- +2.1.3 + diff --git a/utils/opensc/patches/0025-Replace-hardcode.patch b/utils/opensc/patches/0025-Replace-hardcode.patch new file mode 100644 index 000000000..0eb750c34 --- /dev/null +++ b/utils/opensc/patches/0025-Replace-hardcode.patch @@ -0,0 +1,148 @@ +From da70a41383e2ab81fbcc89fb1067f5a189e0fb97 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nguy=E1=BB=85n=20H=E1=BB=93ng=20Qu=C3=A2n?= + <ng.hong.quan@gmail.com> +Date: Sun, 9 Nov 2014 15:58:40 +0700 +Subject: [PATCH 25/26] Replace hardcode. + +--- + src/libopensc/card-openpgp.c | 72 +++++++++++++++++++++++++------------------- + 1 file changed, 41 insertions(+), 31 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index 94c69ae..1e6e338 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -152,6 +152,24 @@ static int pgp_get_pubkey(sc_card_t *, unsigned int, + static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, + u8 *, size_t); + ++/* The DO holding X.509 certificate is constructed but does not contain child DO. ++ * We should notice this when building fake file system later. */ ++#define DO_CERT 0x7f21 ++/* Control Reference Template of private keys. Ref: Section 4.3.3.7 of OpenPGP card v2 spec. ++ * Here we seen it as DO just for convenient */ ++#define DO_SIGN 0xb600 ++#define DO_ENCR 0xb800 ++#define DO_AUTH 0xa400 ++/* These DO does not exist. They are defined and used just for ease of implementation */ ++#define DO_SIGN_SYM 0xb601 ++#define DO_ENCR_SYM 0xb801 ++#define DO_AUTH_SYM 0xa401 ++/* Maximum length for response buffer when reading pubkey. This value is calculated with ++ * 4096-bit key length */ ++#define MAXLEN_RESP_PUBKEY 527 ++/* Gnuk only support 1 key length (2048 bit) */ ++#define MAXLEN_RESP_PUBKEY_GNUK 271 ++ + static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ + { 0x004f, SIMPLE, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, + { 0x005b, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, +@@ -192,12 +210,12 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */ + { 0x5f35, SIMPLE, READ_ALWAYS | WRITE_PIN3, NULL, sc_put_data }, + { 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, + { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, +- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, + { 0, 0, 0, NULL, NULL }, + }; + +@@ -246,30 +264,21 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */ + { 0x5f52, SIMPLE, READ_ALWAYS | WRITE_NEVER, sc_get_data, NULL }, + /* The 7F21 is constructed DO in spec, but in practice, its content can be retrieved + * as simple DO (no need to parse TLV). */ +- { 0x7f21, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, ++ { DO_CERT, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data }, + { 0x7f48, CONSTRUCTED, READ_NEVER | WRITE_NEVER, NULL, NULL }, + { 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL }, +- { 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_AUTH, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, + /* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO. + * However, their R/W access condition may block the process of importing key in pkcs15init. + * So we set their accesses condition as WRITE_PIN3 (writable). */ +- { 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, +- { 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, +- { 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_AUTH_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_SIGN, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_SIGN_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, ++ { DO_ENCR, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL }, ++ { DO_ENCR_SYM, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL }, + { 0, 0, 0, NULL, NULL }, + }; + +-/* The DO holding X.509 certificate is constructed but does not contain child DO. +- * We should notice this when building fake file system later. */ +-#define DO_CERT 0x7f21 +-/* Maximum length for response buffer when reading pubkey. This value is calculated with +- * 4096-bit key length */ +-#define MAXLEN_RESP_PUBKEY 527 +-/* Gnuk only support 1 key length (2048 bit) */ +-#define MAXLEN_RESP_PUBKEY_GNUK 271 +- + #define DRVDATA(card) ((struct pgp_priv_data *) ((card)->drv_data)) + struct pgp_priv_data { + pgp_blob_t * mf; +@@ -747,8 +756,9 @@ pgp_read_blob(sc_card_t *card, pgp_blob_t *blob) + + /* Buffer length for Gnuk pubkey */ + if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && +- (blob->id == 0xa400 || blob->id == 0xb600 || blob->id == 0xb800 +- || blob->id == 0xa401 || blob->id == 0xb601 || blob->id == 0xb801)) { ++ (blob->id == DO_AUTH || blob->id == DO_SIGN || blob->id == DO_ENCR ++ || blob->id == DO_AUTH_SYM || blob->id == DO_SIGN_SYM ++ || blob->id == DO_ENCR_SYM)) { + buf_len = MAXLEN_RESP_PUBKEY_GNUK; + } + +@@ -1804,11 +1814,11 @@ pgp_update_pubkey_blob(sc_card_t *card, u8* modulus, size_t modulus_len, + LOG_FUNC_CALLED(card->ctx); + + if (key_id == SC_OPENPGP_KEY_SIGN) +- blob_id = 0xB601; ++ blob_id = DO_SIGN_SYM; + else if (key_id == SC_OPENPGP_KEY_ENCR) +- blob_id = 0xB801; ++ blob_id = DO_ENCR_SYM; + else if (key_id == SC_OPENPGP_KEY_AUTH) +- blob_id = 0xA401; ++ blob_id = DO_AUTH_SYM; + else { + sc_log(card->ctx, "Unknown key id %X.", key_id); + LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS); +@@ -2501,17 +2511,17 @@ pgp_delete_file(sc_card_t *card, const sc_path_t *path) + LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED); + + if (card->type != SC_CARD_TYPE_OPENPGP_GNUK && +- (file->id == 0xB601 || file->id == 0xB801 || file->id == 0xA401)) { ++ (file->id == DO_SIGN_SYM || file->id == DO_ENCR_SYM || file->id == DO_AUTH_SYM)) { + /* These tags are just symbolic. We don't really delete it. */ + r = SC_SUCCESS; + } +- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB601) { ++ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_SIGN_SYM) { + r = gnuk_delete_key(card, 1); + } +- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xB801) { ++ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_ENCR_SYM) { + r = gnuk_delete_key(card, 2); + } +- else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == 0xA401) { ++ else if (card->type == SC_CARD_TYPE_OPENPGP_GNUK && file->id == DO_AUTH_SYM) { + r = gnuk_delete_key(card, 3); + } + else { +-- +2.1.3 + diff --git a/utils/opensc/patches/0026-hardcode-defines-for-DO-s.patch b/utils/opensc/patches/0026-hardcode-defines-for-DO-s.patch new file mode 100644 index 000000000..d106e868c --- /dev/null +++ b/utils/opensc/patches/0026-hardcode-defines-for-DO-s.patch @@ -0,0 +1,53 @@ +From b9dae832db54b206a15bcc12e290cef50f31c3d0 Mon Sep 17 00:00:00 2001 +From: george <ggkitsas@yahoo.com> +Date: Tue, 11 Nov 2014 16:16:15 +0100 +Subject: [PATCH 26/26] hardcode->defines for DO's + +--- + src/libopensc/card-openpgp.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c +index 1e6e338..8464914 100644 +--- a/src/libopensc/card-openpgp.c ++++ b/src/libopensc/card-openpgp.c +@@ -164,6 +164,18 @@ static int pgp_get_pubkey_pem(sc_card_t *, unsigned int, + #define DO_SIGN_SYM 0xb601 + #define DO_ENCR_SYM 0xb801 + #define DO_AUTH_SYM 0xa401 ++/* Private DO's */ ++#define DO_PRIV1 0x0101 ++#define DO_PRIV2 0x0102 ++#define DO_PRIV3 0x0103 ++#define DO_PRIV4 0x0104 ++/* Cardholder information DO's */ ++#define DO_CARDHOLDER 0x65 ++#define DO_NAME 0x5b ++#define DO_LANG_PREF 0x5f2d ++#define DO_SEX 0x5f35 ++ ++ + /* Maximum length for response buffer when reading pubkey. This value is calculated with + * 4096-bit key length */ + #define MAXLEN_RESP_PUBKEY 527 +@@ -851,7 +863,7 @@ pgp_get_blob(sc_card_t *card, pgp_blob_t *blob, unsigned int id, + /* Special case: + * Gnuk does not have default value for children of DO 65 (DOs 5B, 5F2D, 5F35) + * So, if these blob was not found, we create it. */ +- if (blob->id == 0x65 && (id == 0x5B || id == 0x5F2D || id == 0x5F35)) { ++ if (blob->id == DO_CARDHOLDER && (id == DO_NAME || id == DO_LANG_PREF || id == DO_SEX)) { + sc_log(card->ctx, "Create blob %X under %X", id, blob->id); + child = pgp_new_blob(card, blob, id, sc_file_new()); + if (child) { +@@ -1198,7 +1210,7 @@ pgp_get_data(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len) + /* For Gnuk card, if there is no certificate, it returns error instead of empty data. + * So, for this case, we ignore error and consider success */ + if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND && card->type == SC_CARD_TYPE_OPENPGP_GNUK +- && (tag == DO_CERT || tag == 0x0101 || tag == 0x0102 || tag == 0x0103 || tag == 0x0104)) { ++ && (tag == DO_CERT || tag == DO_PRIV1 || tag == DO_PRIV2 || tag == DO_PRIV3 || tag == DO_PRIV4)) { + r = SC_SUCCESS; + apdu.resplen = 0; + } +-- +2.1.3 + |