diff options
| author | Werner Koch <[email protected]> | 2019-06-19 06:50:40 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-06-19 06:50:40 +0000 |
| commit | 5a5288d051a551a1a8f169225e62572f6ee8cb10 (patch) | |
| tree | a6e668abb9f5b8674df607244b54afde4902a9bd | |
| parent | scd: KEYINFO: Send LF for --data. (diff) | |
| download | gnupg-5a5288d051a551a1a8f169225e62572f6ee8cb10.tar.gz gnupg-5a5288d051a551a1a8f169225e62572f6ee8cb10.zip | |
scd: Split data structures into app and card related objects.
* scd/app-common.h (struct card_ctx_s): New.
(struct app_ctx_s): Factor card specific fields out to card_ctx_s.
(app_get_slot): New.
* scd/scdaemon.h (card_t): New.
(struct server_control_s): Rename field app_ctx to card_ctx and change
all users.
* scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
related fields.
* scd/app-geldkarte.c: Ditto.
* scd/app-nks.c: Ditto.
* scd/app-openpgp.c: Ditto.
* scd/app-p15.c: Ditto.
* scd/app-sc-hsm.c: Ditto.
* scd/app.c: Lost of changes to adjust for the changed data
structures. Change all callers.
(app_list_lock): Rename to card_list_lock.
(app_top): Remove.
(card_top): New.
(lock_app): Rename to lock_card and change arg type.
(unlock_app): Rename to unlock_card.
(app_dump_state): Print card and app info.
(app_reset): Rename to card_reset.
(app_new_register): Change for the new data structure.
(deallocate_card): Dealloc card and all apps.
(app_ref): Rename to card_ref.
(app_unref): Rename to card_unref.
(app_unref_locked): Rename to card_unref_locked.
(card_get_serialno): New.
* scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
former app object and not the standard one from the context.
--
Although quite large, this is a straightforward change to separate
card/token related data from card application related data. Before
this change there was a one-to-one relation between card and
application and no way to represent several applications on a card.
The new data structure will allow for such a representation.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | scd/app-common.h | 118 | ||||
| -rw-r--r-- | scd/app-dinsig.c | 25 | ||||
| -rw-r--r-- | scd/app-geldkarte.c | 14 | ||||
| -rw-r--r-- | scd/app-nks.c | 61 | ||||
| -rw-r--r-- | scd/app-openpgp.c | 103 | ||||
| -rw-r--r-- | scd/app-p15.c | 80 | ||||
| -rw-r--r-- | scd/app-piv.c | 65 | ||||
| -rw-r--r-- | scd/app-sc-hsm.c | 44 | ||||
| -rw-r--r-- | scd/app.c | 699 | ||||
| -rw-r--r-- | scd/command.c | 168 | ||||
| -rw-r--r-- | scd/scdaemon.h | 8 |
11 files changed, 771 insertions, 614 deletions
diff --git a/scd/app-common.h b/scd/app-common.h index 8dc43285e..cdb941283 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -46,29 +46,53 @@ struct app_local_s; /* Defined by all app-*.c. */ -struct app_ctx_s { - struct app_ctx_s *next; + +/* The object describing a card. */ +struct card_ctx_s { + struct card_ctx_s *next; npth_mutex_t lock; - /* Number of connections currently using this application context. - If this is not 0 the application has been initialized and the - function pointers may be used. Note that for unsupported - operations the particular function pointer is set to NULL */ + /* Number of connections currently using this application context. */ unsigned int ref_count; /* Used reader slot. */ int slot; - unsigned char *serialno; /* Serialnumber in raw form, allocated. */ - size_t serialnolen; /* Length in octets of serialnumber. */ const char *cardtype; /* NULL or string with the token's type. */ - const char *apptype; unsigned int cardversion;/* Firmware version of the token or 0. */ - unsigned int appversion; /* Version of the application or 0. */ + unsigned int card_status; + + /* The serial number is associated with the card and not with a + * specific app. If a card uses different serial numbers for its + * applications, our code picks the serial number of a specific + * application and uses that. */ + unsigned char *serialno; /* Serialnumber in raw form, allocated. */ + size_t serialnolen; /* Length in octets of serialnumber. */ + + /* A linked list of applications used on this card. The app at the + * head of the list is the currently active app; To work with the + * other apps, switching to that app might be needed. Switching will + * put the active app at the head of the list. */ + app_t app; + + /* Various flags. */ unsigned int reset_requested:1; unsigned int periodical_check_needed:1; +}; + + +/* The object describing a card's applications. A card may have + * several applications and it is usuallay required to explicity + * switch between applications. */ +struct app_ctx_s { + struct app_ctx_s *next; + + card_t card; /* Link back to the card. */ + + const char *apptype; + unsigned int appversion; /* Version of the application or 0. */ unsigned int did_chv1:1; unsigned int force_chv1:1; /* True if the card does not cache CHV1. */ unsigned int did_chv2:1; @@ -141,6 +165,16 @@ enum }; +/* Helper to get the slot from an APP object. */ +static inline int +app_get_slot (app_t app) +{ + if (app && app->card) + return app->card->slot; + return -1; +} + + /*-- app-help.c --*/ unsigned int app_help_count_bits (const unsigned char *a, size_t len); gpg_error_t app_help_get_keygrip_string_pk (const void *pk, size_t pklen, @@ -154,75 +188,77 @@ size_t app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff); /*-- app.c --*/ void app_update_priority_list (const char *arg); void app_send_card_list (ctrl_t ctrl); +char *card_get_serialno (card_t card); char *app_get_serialno (app_t app); void app_dump_state (void); void application_notify_card_reset (int slot); -gpg_error_t check_application_conflict (const char *name, app_t app); -gpg_error_t app_reset (app_t app, ctrl_t ctrl, int send_reset); -gpg_error_t select_application (ctrl_t ctrl, const char *name, app_t *r_app, +gpg_error_t check_application_conflict (const char *name, card_t card); +gpg_error_t card_reset (card_t card, ctrl_t ctrl, int send_reset); +gpg_error_t select_application (ctrl_t ctrl, const char *name, card_t *r_app, int scan, const unsigned char *serialno_bin, size_t serialno_bin_len); char *get_supported_applications (void); -app_t app_ref (app_t app); -void app_unref (app_t app); -void app_unref_locked (app_t app); +card_t card_ref (card_t card); +void card_unref (card_t card); +void card_unref_locked (card_t card); -gpg_error_t app_munge_serialno (app_t app); -gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl, +gpg_error_t app_munge_serialno (card_t card); +gpg_error_t app_write_learn_status (card_t card, ctrl_t ctrl, unsigned int flags); -gpg_error_t app_readcert (app_t app, ctrl_t ctrl, const char *certid, +gpg_error_t app_readcert (card_t card, ctrl_t ctrl, const char *certid, unsigned char **cert, size_t *certlen); -gpg_error_t app_readkey (app_t app, ctrl_t ctrl, +gpg_error_t app_readkey (card_t card, ctrl_t ctrl, const char *keyid, unsigned int flags, unsigned char **pk, size_t *pklen); -gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name); -gpg_error_t app_setattr (app_t app, ctrl_t ctrl, const char *name, - gpg_error_t (*pincb)(void*, const char *, char **), - void *pincb_arg, - const unsigned char *value, size_t valuelen); -gpg_error_t app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, - gpg_error_t (*pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ); -gpg_error_t app_auth (app_t app, ctrl_t ctrl, const char *keyidstr, +gpg_error_t app_getattr (card_t card, ctrl_t ctrl, const char *name); +gpg_error_t app_setattr (card_t card, ctrl_t ctrl, const char *name, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg, + const unsigned char *value, size_t valuelen); +gpg_error_t app_sign (card_t card, ctrl_t ctrl, + const char *keyidstr, int hashalgo, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg, + const void *indata, size_t indatalen, + unsigned char **outdata, size_t *outdatalen); +gpg_error_t app_auth (card_t card, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen); -gpg_error_t app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, +gpg_error_t app_decipher (card_t card, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen, unsigned int *r_info); -gpg_error_t app_writecert (app_t app, ctrl_t ctrl, +gpg_error_t app_writecert (card_t card, ctrl_t ctrl, const char *certidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *keydata, size_t keydatalen); -gpg_error_t app_writekey (app_t app, ctrl_t ctrl, +gpg_error_t app_writekey (card_t card, ctrl_t ctrl, const char *keyidstr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *keydata, size_t keydatalen); -gpg_error_t app_genkey (app_t app, ctrl_t ctrl, +gpg_error_t app_genkey (card_t card, ctrl_t ctrl, const char *keynostr, const char *keytype, unsigned int flags, time_t createtime, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg); -gpg_error_t app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes, +gpg_error_t app_get_challenge (card_t card, ctrl_t ctrl, size_t nbytes, unsigned char *buffer); -gpg_error_t app_change_pin (app_t app, ctrl_t ctrl, +gpg_error_t app_change_pin (card_t card, ctrl_t ctrl, const char *chvnostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg); -gpg_error_t app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, - gpg_error_t (*pincb)(void*, const char *, char **), - void *pincb_arg); -app_t app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str); +gpg_error_t app_check_pin (card_t card, ctrl_t ctrl, const char *keyidstr, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg); +card_t app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str); /*-- app-openpgp.c --*/ diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 983bed6e1..74de30cc5 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -101,7 +101,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) /* Return the certificate of the card holder. */ fid = 0xC000; - len = app_help_read_length_of_cert (app->slot, fid, &certoff); + len = app_help_read_length_of_cert (app_get_slot (app), fid, &certoff); if (!len) return 0; /* Card has not been personalized. */ @@ -114,7 +114,8 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) /* Now we need to read the certificate, so that we can get the public key out of it. */ - err = iso7816_read_binary (app->slot, certoff, len-certoff, &der, &derlen); + err = iso7816_read_binary (app_get_slot (app), certoff, len-certoff, + &der, &derlen); if (err) { log_info ("error reading entire certificate from FID 0x%04X: %s\n", @@ -193,14 +194,14 @@ do_readcert (app_t app, const char *certid, /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ - err = iso7816_select_file (app->slot, fid, 0); + err = iso7816_select_file (app_get_slot (app), fid, 0); if (err) { log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); return err; } - err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen); + err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen); if (err) { log_error ("error reading certificate from FID 0x%04X: %s\n", @@ -293,7 +294,7 @@ verify_pin (app_t app, pininfo.maxlen = 8; if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, _("||Please enter your PIN at the reader's pinpad"), @@ -304,7 +305,7 @@ verify_pin (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x81, &pininfo); + rc = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } @@ -345,7 +346,8 @@ verify_pin (app_t app, return gpg_error (GPG_ERR_BAD_PIN); } - rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue)); + rc = iso7816_verify (app_get_slot (app), 0x81, + pinvalue, strlen (pinvalue)); if (gpg_err_code (rc) == GPG_ERR_INV_VALUE) { /* We assume that ISO 9564-1 encoding is used and we failed @@ -366,7 +368,8 @@ verify_pin (app_t app, paddedpin[i++] = (((*s - '0') << 4) | 0x0f); while (i < sizeof paddedpin) paddedpin[i++] = 0xff; - rc = iso7816_verify (app->slot, 0x81, paddedpin, sizeof paddedpin); + rc = iso7816_verify (app_get_slot (app), 0x81, + paddedpin, sizeof paddedpin); } xfree (pinvalue); } @@ -482,7 +485,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, rc = verify_pin (app, pincb, pincb_arg); if (!rc) - rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0, + rc = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0, outdata, outdatalen); return rc; } @@ -532,7 +535,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, return err; } - err = iso7816_change_reference_data (app->slot, 0x81, + err = iso7816_change_reference_data (app_get_slot (app), 0x81, oldpin, oldpinlen, pinvalue, strlen (pinvalue)); xfree (pinvalue); @@ -547,7 +550,7 @@ gpg_error_t app_select_dinsig (app_t app) { static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 }; - int slot = app->slot; + int slot = app_get_slot (app); int rc; rc = iso7816_select_application (slot, aid, sizeof aid, 0); diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c index 85bcedc4f..e126f2adb 100644 --- a/scd/app-geldkarte.c +++ b/scd/app-geldkarte.c @@ -277,7 +277,7 @@ app_select_geldkarte (app_t app) static char const aid[] = { 0xD2, 0x76, 0x00, 0x00, 0x25, 0x45, 0x50, 0x02, 0x00 }; gpg_error_t err; - int slot = app->slot; + int slot = app_get_slot (app); unsigned char *result = NULL; size_t resultlen; struct app_local_s *ld; @@ -316,17 +316,17 @@ app_select_geldkarte (app_t app) app->fnc.deinit = do_deinit; /* If we don't have a serialno yet construct it from the EF_ID. */ - if (!app->serialno) + if (!app->card->serialno) { - app->serialno = xtrymalloc (10); - if (!app->serialno) + app->card->serialno = xtrymalloc (10); + if (!app->card->serialno) { err = gpg_error_from_syserror (); goto leave; } - memcpy (app->serialno, result, 10); - app->serialnolen = 10; - err = app_munge_serialno (app); + memcpy (app->card->serialno, result, 10); + app->card->serialnolen = 10; + err = app_munge_serialno (app->card); if (err) goto leave; } diff --git a/scd/app-nks.c b/scd/app-nks.c index 2785ad014..bc54c016e 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -151,13 +151,15 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr) int i; int offset[2] = { 0, 0 }; - err = iso7816_select_file (app->slot, fid, 0); + err = iso7816_select_file (app_get_slot (app), fid, 0); if (err) return err; - err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]); + err = iso7816_read_record (app_get_slot (app), 1, 1, 0, + &buffer[0], &buflen[0]); if (err) return err; - err = iso7816_read_record (app->slot, 2, 1, 0, &buffer[1], &buflen[1]); + err = iso7816_read_record (app_get_slot (app), 2, 1, 0, + &buffer[1], &buflen[1]); if (err) { xfree (buffer[0]); @@ -272,7 +274,7 @@ get_chv_status (app_t app, int sigg, int pwid) command[2] = 0x00; command[3] = pwid; - if (apdu_send_direct (app->slot, 0, (unsigned char *)command, + if (apdu_send_direct (app_get_slot (app), 0, (unsigned char *)command, 4, 0, NULL, &result, &resultlen)) rc = -1; /* Error. */ else if (resultlen < 2) @@ -406,7 +408,7 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg) { size_t len; - len = app_help_read_length_of_cert (app->slot, + len = app_help_read_length_of_cert (app_get_slot (app), filelist[i].fid, NULL); if (len) { @@ -528,14 +530,14 @@ do_readcert (app_t app, const char *certid, /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ - err = iso7816_select_file (app->slot, fid, 0); + err = iso7816_select_file (app_get_slot (app), fid, 0); if (err) { log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); return err; } - err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen); + err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen); if (err) { log_error ("error reading certificate from FID 0x%04X: %s\n", @@ -633,13 +635,14 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* Access the KEYD file which is always in the master directory. */ - err = iso7816_select_path (app->slot, path, DIM (path)); + err = iso7816_select_path (app_get_slot (app), path, DIM (path)); if (err) return err; /* Due to the above select we need to re-select our application. */ app->app_local->need_app_select = 1; /* Get the two records. */ - err = iso7816_read_record (app->slot, 5, 1, 0, &buffer[0], &buflen[0]); + err = iso7816_read_record (app_get_slot (app), 5, 1, 0, + &buffer[0], &buflen[0]); if (err) return err; if (all_zero_p (buffer[0], buflen[0])) @@ -647,7 +650,8 @@ do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, xfree (buffer[0]); return gpg_error (GPG_ERR_NOT_FOUND); } - err = iso7816_read_record (app->slot, 6, 1, 0, &buffer[1], &buflen[1]); + err = iso7816_read_record (app_get_slot (app), 6, 1, 0, + &buffer[1], &buflen[1]); if (err) { xfree (buffer[0]); @@ -760,7 +764,7 @@ do_writekey (app_t app, ctrl_t ctrl, /* mse[10] = 0x82; /\* RSA public exponent of up to 4 bytes. *\/ */ /* mse[12] = rsa_e_len; */ /* memcpy (mse+12, rsa_e, rsa_e_len); */ -/* err = iso7816_manage_security_env (app->slot, 0x81, 0xB6, */ +/* err = iso7816_manage_security_env (app_get_slot (app), 0x81, 0xB6, */ /* mse, sizeof mse); */ leave: @@ -803,7 +807,7 @@ verify_pin (app_t app, int pwid, const char *desc, pininfo.maxlen = 16; if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) ) { rc = pincb (pincb_arg, desc, NULL); if (rc) @@ -813,7 +817,7 @@ verify_pin (app_t app, int pwid, const char *desc, return rc; } - rc = iso7816_verify_kp (app->slot, pwid, &pininfo); + rc = iso7816_verify_kp (app_get_slot (app), pwid, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else @@ -834,7 +838,8 @@ verify_pin (app_t app, int pwid, const char *desc, return rc; } - rc = iso7816_verify (app->slot, pwid, pinvalue, strlen (pinvalue)); + rc = iso7816_verify (app_get_slot (app), pwid, + pinvalue, strlen (pinvalue)); xfree (pinvalue); } @@ -972,7 +977,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, mse[3] = 0x84; /* Private key reference. */ mse[4] = 1; mse[5] = kid; - rc = iso7816_manage_security_env (app->slot, 0x41, 0xB6, + rc = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, mse, sizeof mse); } /* Verify using PW1.CH. */ @@ -980,7 +985,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, rc = verify_pin (app, 0, NULL, pincb, pincb_arg); /* Compute the signature. */ if (!rc) - rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0, + rc = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0, outdata, outdatalen); return rc; } @@ -1047,7 +1052,7 @@ do_decipher (app_t app, const char *keyidstr, mse[3] = 0x84; /* Private key reference. */ mse[4] = 1; mse[5] = kid; - rc = iso7816_manage_security_env (app->slot, 0x41, 0xB8, + rc = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB8, mse, sizeof mse); } else @@ -1057,7 +1062,7 @@ do_decipher (app_t app, const char *keyidstr, 0x80, 1, 0x10, /* Select algorithm RSA. */ 0x84, 1, 0x81 /* Select local secret key 1 for decryption. */ }; - rc = iso7816_manage_security_env (app->slot, 0xC1, 0xB8, + rc = iso7816_manage_security_env (app_get_slot (app), 0xC1, 0xB8, mse, sizeof mse); } @@ -1068,7 +1073,8 @@ do_decipher (app_t app, const char *keyidstr, /* Note that we need to use extended length APDUs for TCOS 3 cards. Command chaining does not work. */ if (!rc) - rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0, + rc = iso7816_decipher (app_get_slot (app), + app->app_local->nks_version > 2? 1:0, indata, indatalen, 0, 0x81, outdata, outdatalen); return rc; @@ -1260,13 +1266,13 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr, } memcpy (data, oldpin, oldpinlen); memcpy (data+oldpinlen, newpin, newpinlen); - err = iso7816_reset_retry_counter_with_rc (app->slot, pwid, + err = iso7816_reset_retry_counter_with_rc (app_get_slot (app), pwid, data, datalen); wipememory (data, datalen); xfree (data); } else - err = iso7816_change_reference_data (app->slot, pwid, + err = iso7816_change_reference_data (app_get_slot (app), pwid, oldpin, oldpinlen, newpin, newpinlen); leave: @@ -1347,9 +1353,11 @@ switch_application (app_t app, int enable_sigg) log_info ("app-nks: switching to %s\n", enable_sigg? "SigG":"NKS"); if (enable_sigg) - err = iso7816_select_application (app->slot, aid_sigg, sizeof aid_sigg, 0); + err = iso7816_select_application (app_get_slot (app), + aid_sigg, sizeof aid_sigg, 0); else - err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0); + err = iso7816_select_application (app_get_slot (app), + aid_nks, sizeof aid_nks, 0); if (!err && enable_sigg && app->app_local->nks_version >= 3 && !app->app_local->sigg_msig_checked) @@ -1362,9 +1370,10 @@ switch_application (app_t app, int enable_sigg) app->app_local->sigg_msig_checked = 1; app->app_local->sigg_is_msig = 1; - err = iso7816_select_file (app->slot, 0x5349, 0); + err = iso7816_select_file (app_get_slot (app), 0x5349, 0); if (!err) - err = iso7816_read_record (app->slot, 1, 1, 0, &buffer, &buflen); + err = iso7816_read_record (app_get_slot (app), 1, 1, 0, + &buffer, &buflen); if (!err) { tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen); @@ -1396,7 +1405,7 @@ switch_application (app_t app, int enable_sigg) gpg_error_t app_select_nks (app_t app) { - int slot = app->slot; + int slot = app_get_slot (app); int rc; rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5e67a7b53..4f17a3c44 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -338,7 +338,7 @@ get_cached_data (app_t app, int tag, else exmode = 0; - err = iso7816_get_data (app->slot, exmode, tag, &p, &len); + err = iso7816_get_data (app_get_slot (app), exmode, tag, &p, &len); if (err) return err; if (len) @@ -469,7 +469,7 @@ get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes, if (app->appversion > 0x0100 && data_objects[i].get_immediate_in_v11) { exmode = 0; - rc = iso7816_get_data (app->slot, exmode, tag, &buffer, &buflen); + rc = iso7816_get_data (app_get_slot (app), exmode, tag, &buffer, &buflen); if (rc) { *r_rc = rc; @@ -811,7 +811,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, tag2 = 0xCE + keynumber; flush_cache_item (app, 0xCD); - rc = iso7816_put_data (app->slot, 0, tag, fpr, 20); + rc = iso7816_put_data (app_get_slot (app), 0, tag, fpr, 20); if (rc) log_error (_("failed to store the fingerprint: %s\n"),gpg_strerror (rc)); @@ -824,7 +824,7 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, buf[2] = timestamp >> 8; buf[3] = timestamp; - rc = iso7816_put_data (app->slot, 0, tag2, buf, 4); + rc = iso7816_put_data (app_get_slot (app), 0, tag2, buf, 4); if (rc) log_error (_("failed to store the creation date: %s\n"), gpg_strerror (rc)); @@ -1691,7 +1691,7 @@ get_public_key (app_t app, int keyno) le_value = 256; /* Use legacy value. */ } - err = iso7816_read_public_key (app->slot, exmode, + err = iso7816_read_public_key (app_get_slot (app), exmode, (keyno == 0? "\xB6" : keyno == 1? "\xB8" : "\xA4"), 2, le_value, &buffer, &buflen); @@ -2161,7 +2161,7 @@ verify_a_chv (app_t app, /* Special case for def_chv2 mechanism. */ if (opt.verbose) log_info (_("using default PIN as %s\n"), "CHV2"); - rc = iso7816_verify (app->slot, 0x82, "123456", 6); + rc = iso7816_verify (app_get_slot (app), 0x82, "123456", 6); if (rc) { /* Verification of CHV2 with the default PIN failed, @@ -2194,7 +2194,7 @@ verify_a_chv (app_t app, } if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) && !check_pinpad_request (app, &pininfo, 0)) { /* The reader supports the verify command through the pinpad. @@ -2210,7 +2210,7 @@ verify_a_chv (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x80+chvno, &pininfo); + rc = iso7816_verify_kp (app_get_slot (app), 0x80+chvno, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); @@ -2241,7 +2241,8 @@ verify_a_chv (app_t app, rc = pin2hash_if_kdf (app, chvno, *pinvalue, pinlen); if (!rc) - rc = iso7816_verify (app->slot, 0x80+chvno, *pinvalue, *pinlen); + rc = iso7816_verify (app_get_slot (app), + 0x80 + chvno, *pinvalue, *pinlen); } if (rc) @@ -2281,7 +2282,7 @@ verify_chv2 (app_t app, the card is not configured to require a verification before each CHV1 controlled operation (force_chv1) and if we are not using the pinpad (PINVALUE == NULL). */ - rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen); + rc = iso7816_verify (app_get_slot (app), 0x81, pinvalue, pinlen); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); if (rc) @@ -2369,7 +2370,8 @@ verify_chv3 (app_t app, return rc; if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) + && !iso7816_check_pinpad (app_get_slot (app), + ISO7816_VERIFY, &pininfo) && !check_pinpad_request (app, &pininfo, 1)) { /* The reader supports the verify command through the pinpad. */ @@ -2382,7 +2384,7 @@ verify_chv3 (app_t app, gpg_strerror (rc)); return rc; } - rc = iso7816_verify_kp (app->slot, 0x83, &pininfo); + rc = iso7816_verify_kp (app_get_slot (app), 0x83, &pininfo); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); } @@ -2411,7 +2413,7 @@ verify_chv3 (app_t app, rc = pin2hash_if_kdf (app, 3, pinvalue, &pinlen); if (!rc) - rc = iso7816_verify (app->slot, 0x83, pinvalue, pinlen); + rc = iso7816_verify (app_get_slot (app), 0x83, pinvalue, pinlen); xfree (pinvalue); } @@ -2510,7 +2512,8 @@ do_setattr (app_t app, const char *name, exmode = -254; /* Command chaining with max. 254 bytes. */ else exmode = 0; - rc = iso7816_put_data (app->slot, exmode, table[idx].tag, value, valuelen); + rc = iso7816_put_data (app_get_slot (app), + exmode, table[idx].tag, value, valuelen); if (rc) log_error ("failed to set '%s': %s\n", table[idx].name, gpg_strerror (rc)); @@ -2567,7 +2570,7 @@ clear_chv_status (app_t app, int chvno) apdu[2] = 0xff; apdu[3] = 0x80+chvno; - err = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL); + err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, NULL, NULL, NULL); if (err) { if (gpg_err_code (err) == GPG_ERR_INV_VALUE) @@ -2578,7 +2581,8 @@ clear_chv_status (app_t app, int chvno) if (chvno == 1) { apdu[3]++; - err = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL); + err = iso7816_apdu_direct (app_get_slot (app), + apdu, 4, 0, NULL, NULL, NULL); app->did_chv1 = app->did_chv2 = 0; } else if (chvno == 2) @@ -2689,7 +2693,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, /* Version 2 cards. */ if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, + && !iso7816_check_pinpad (app_get_slot (app), ISO7816_CHANGE_REFERENCE_DATA, &pininfo) && !check_pinpad_request (app, &pininfo, chvno == 3)) use_pinpad = 1; @@ -2832,7 +2836,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, rc = pin2hash_if_kdf (app, 0, buffer+pinlen0, &pinlen); } if (!rc) - rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, + rc = iso7816_reset_retry_counter_with_rc (app_get_slot (app), 0x81, buffer, pinlen0+pinlen); wipememory (buffer, pinlen0 + pinlen); xfree (buffer); @@ -2849,31 +2853,37 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, { rc = pin2hash_if_kdf (app, 0, pinvalue, &pinlen); if (!rc) - rc = iso7816_put_data (app->slot, 0, 0xD3, pinvalue, pinlen); + rc = iso7816_put_data (app_get_slot (app), + 0, 0xD3, pinvalue, pinlen); } } else if (reset_mode) { rc = pin2hash_if_kdf (app, 1, pinvalue, &pinlen); if (!rc) - rc = iso7816_reset_retry_counter (app->slot, 0x81, pinvalue, pinlen); + rc = iso7816_reset_retry_counter (app_get_slot (app), + 0x81, pinvalue, pinlen); if (!rc && !app->app_local->extcap.is_v2) - rc = iso7816_reset_retry_counter (app->slot, 0x82, pinvalue, pinlen); + rc = iso7816_reset_retry_counter (app_get_slot (app), + 0x82, pinvalue, pinlen); } else if (!app->app_local->extcap.is_v2) { /* Version 1 cards. */ if (chvno == 1 || chvno == 2) { - rc = iso7816_change_reference_data (app->slot, 0x81, NULL, 0, + rc = iso7816_change_reference_data (app_get_slot (app), + 0x81, NULL, 0, pinvalue, strlen (pinvalue)); if (!rc) - rc = iso7816_change_reference_data (app->slot, 0x82, NULL, 0, + rc = iso7816_change_reference_data (app_get_slot (app), + 0x82, NULL, 0, pinvalue, strlen (pinvalue)); } else /* CHVNO == 3 */ { - rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, NULL, 0, + rc = iso7816_change_reference_data (app_get_slot (app), + 0x80 + chvno, NULL, 0, pinvalue, strlen (pinvalue)); } } @@ -2894,7 +2904,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, gpg_strerror (rc)); goto leave; } - rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0, + rc = iso7816_change_reference_data_kp (app_get_slot (app), + 0x80 + chvno, 0, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } @@ -2904,7 +2915,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (!rc) rc = pin2hash_if_kdf (app, chvno, pinvalue, &pinlen); if (!rc) - rc = iso7816_change_reference_data (app->slot, 0x80 + chvno, + rc = iso7816_change_reference_data (app_get_slot (app), + 0x80 + chvno, oldpinvalue, pinlen0, pinvalue, pinlen); } @@ -2947,7 +2959,7 @@ does_key_exist (app_t app, int keyidx, int generating, int force) assert (keyidx >=0 && keyidx <= 2); - if (iso7816_get_data (app->slot, 0, 0x006E, &buffer, &buflen)) + if (iso7816_get_data (app_get_slot (app), 0, 0x006E, &buffer, &buflen)) { log_error (_("error reading application data\n")); return gpg_error (GPG_ERR_GENERAL); @@ -3261,7 +3273,7 @@ change_keyattr (app_t app, int keyno, const unsigned char *buf, size_t buflen, return err; /* Change the attribute. */ - err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buf, buflen); + err = iso7816_put_data (app_get_slot (app), 0, 0xC1+keyno, buf, buflen); if (err) log_error ("error changing key attribute (key=%d)\n", keyno+1); else @@ -3653,7 +3665,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), exmode = -254; else exmode = 0; - err = iso7816_put_data_odd (app->slot, exmode, 0x3fff, + err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff, template, template_len); } else @@ -3703,7 +3715,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), goto leave; /* Store the key. */ - err = iso7816_put_data (app->slot, 0, + err = iso7816_put_data (app_get_slot (app), 0, (app->appversion > 0x0007? 0xE0:0xE9)+keyno, template, template_len); } @@ -3975,7 +3987,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), exmode = -254; else exmode = 0; - err = iso7816_put_data_odd (app->slot, exmode, 0x3fff, + err = iso7816_put_data_odd (app_get_slot (app), exmode, 0x3fff, template, template_len); xfree (template); } @@ -4143,7 +4155,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, const char *keytype, log_info (_("please wait while key is being generated ...\n")); start_at = time (NULL); - err = iso7816_generate_keypair (app->slot, exmode, 0x80, 0, + err = iso7816_generate_keypair (app_get_slot (app), exmode, 0x80, 0, (keyno == 0? "\xB6" : keyno == 1? "\xB8" : "\xA4"), 2, le_value, &buffer, &buflen); @@ -4325,9 +4337,9 @@ check_keyidstr (app_t app, const char *keyidstr, int keyno) for (s=keyidstr, n=0; n < 16; s += 2, n++) tmp_sn[n] = xtoi_2 (s); - if (app->serialnolen != 16) + if (app->card->serialnolen != 16) return gpg_error (GPG_ERR_INV_CARD); - if (memcmp (app->serialno, tmp_sn, 16)) + if (memcmp (app->card->serialno, tmp_sn, 16)) return gpg_error (GPG_ERR_WRONG_CARD); } @@ -4485,7 +4497,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, char *pinvalue; int pinlen; - rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen); + rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, + &pinvalue, &pinlen); if (rc) return rc; @@ -4498,7 +4511,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, pinpad has been used. */ if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2) { - rc = iso7816_verify (app->slot, 0x82, pinvalue, pinlen); + rc = iso7816_verify (app_get_slot (app), 0x82, pinvalue, pinlen); if (gpg_err_code (rc) == GPG_ERR_BAD_PIN) rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED); if (rc) @@ -4526,7 +4539,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, exmode = 0; le_value = 0; } - rc = iso7816_compute_ds (app->slot, exmode, data, datalen, le_value, + rc = iso7816_compute_ds (app_get_slot (app), exmode, data, datalen, le_value, outdata, outdatalen); if (gpg_err_code (rc) == GPG_ERR_TIMEOUT) clear_chv_status (app, 1); @@ -4605,7 +4618,7 @@ do_auth (app_t app, const char *keyidstr, exmode = 0; le_value = 0; } - rc = iso7816_internal_authenticate (app->slot, exmode, + rc = iso7816_internal_authenticate (app_get_slot (app), exmode, indata, indatalen, le_value, outdata, outdatalen); if (gpg_err_code (rc) == GPG_ERR_TIMEOUT) @@ -4800,7 +4813,7 @@ do_decipher (app_t app, const char *keyidstr, else exmode = le_value = 0; - rc = iso7816_decipher (app->slot, exmode, + rc = iso7816_decipher (app_get_slot (app), exmode, indata, indatalen, le_value, padind, outdata, outdatalen); xfree (fixbuf); @@ -4938,10 +4951,10 @@ do_with_keygrip (app_t app, ctrl_t ctrl, int action, const char *keygrip_str) char buf[65]; int data = (action == KEYGRIP_ACTION_SEND_DATA); - if (DIM (buf) < 2 * app->serialnolen + 1) + if (DIM (buf) < 2 * app->card->serialnolen + 1) return gpg_error (GPG_ERR_BUFFER_TOO_SHORT); - bin2hex (app->serialno, app->serialnolen, buf); + bin2hex (app->card->serialno, app->card->serialnolen, buf); if (keygrip_str == NULL) { @@ -5198,7 +5211,7 @@ gpg_error_t app_select_openpgp (app_t app) { static char const aid[] = { 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01 }; - int slot = app->slot; + int slot = app_get_slot (app); int rc; unsigned char *buffer; size_t buflen; @@ -5236,9 +5249,9 @@ app_select_openpgp (app_t app) app->appversion |= buffer[7]; manufacturer = (buffer[8]<<8 | buffer[9]); - xfree (app->serialno); - app->serialno = buffer; - app->serialnolen = buflen; + xfree (app->card->serialno); + app->card->serialno = buffer; + app->card->serialnolen = buflen; buffer = NULL; app->app_local = xtrycalloc (1, sizeof *app->app_local); if (!app->app_local) diff --git a/scd/app-p15.c b/scd/app-p15.c index 190292433..59cc195fb 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -443,7 +443,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) if (app->app_local->direct_path_selection) { - err = iso7816_select_path (app->slot, path+1, pathlen-1); + err = iso7816_select_path (app_get_slot (app), path+1, pathlen-1); if (err) { log_error ("error selecting path "); @@ -461,7 +461,8 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) supported by the card. */ for (i=0; i < pathlen; i++) { - err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen)); + err = iso7816_select_file (app_get_slot (app), + path[i], !(i+1 == pathlen)); if (err) { log_error ("error selecting part %d from path ", i); @@ -612,7 +613,8 @@ read_ef_odf (app_t app, unsigned short odf_fid) unsigned short value; size_t offset; - err = select_and_read_binary (app->slot, odf_fid, "ODF", &buffer, &buflen); + err = select_and_read_binary (app_get_slot (app), odf_fid, "ODF", + &buffer, &buflen); if (err) return err; @@ -826,7 +828,8 @@ read_ef_prkdf (app_t app, unsigned short fid, prkdf_object_t *result) if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */ - err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen); + err = select_and_read_binary (app_get_slot (app), fid, "PrKDF", + &buffer, &buflen); if (err) return err; @@ -1282,7 +1285,8 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result) if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */ - err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen); + err = select_and_read_binary (app_get_slot (app), fid, "CDF", + &buffer, &buflen); if (err) return err; @@ -1555,7 +1559,8 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No authentication objects. */ - err = select_and_read_binary (app->slot, fid, "AODF", &buffer, &buflen); + err = select_and_read_binary (app_get_slot (app), fid, "AODF", + &buffer, &buflen); if (err) return err; @@ -2216,7 +2221,7 @@ read_ef_tokeninfo (app_t app) int class, tag, constructed, ndef; unsigned long ul; - err = select_and_read_binary (app->slot, 0x5032, "TokenInfo", + err = select_and_read_binary (app_get_slot (app), 0x5032, "TokenInfo", &buffer, &buflen); if (err) return err; @@ -2294,13 +2299,13 @@ read_p15_info (app_t app) { /* If we don't have a serial number yet but the TokenInfo provides one, use that. */ - if (!app->serialno && app->app_local->serialno) + if (!app->card->serialno && app->app_local->serialno) { - app->serialno = app->app_local->serialno; - app->serialnolen = app->app_local->serialnolen; + app->card->serialno = app->app_local->serialno; + app->card->serialnolen = app->app_local->serialnolen; app->app_local->serialno = NULL; app->app_local->serialnolen = 0; - err = app_munge_serialno (app); + err = app_munge_serialno (app->card); if (err) return err; } @@ -2553,7 +2558,8 @@ readcert_by_cdf (app_t app, cdf_object_t cdf, if (err) goto leave; - err = iso7816_read_binary (app->slot, cdf->off, cdf->len, &buffer, &buflen); + err = iso7816_read_binary (app_get_slot (app), cdf->off, cdf->len, + &buffer, &buflen); if (!err && (!buflen || *buffer == 0xff)) err = gpg_error (GPG_ERR_NOT_FOUND); if (err) @@ -2713,7 +2719,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) err = select_ef_by_path (app, path, DIM(path) ); if (!err) - err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen); + err = iso7816_read_binary (app_get_slot (app), 0, 0, + &buffer, &buflen); if (err) { log_error ("error accessing EF(ID): %s\n", gpg_strerror (err)); @@ -2758,7 +2765,7 @@ micardo_mse (app_t app, unsigned short fid) unsigned char msebuf[10]; /* Read the KeyD file containing extra information on keys. */ - err = iso7816_select_file (app->slot, 0x0013, 0); + err = iso7816_select_file (app_get_slot (app), 0x0013, 0); if (err) { log_error ("error reading EF_keyD: %s\n", gpg_strerror (err)); @@ -2772,7 +2779,8 @@ micardo_mse (app_t app, unsigned short fid) size_t n, nn; const unsigned char *p, *pp; - err = iso7816_read_record (app->slot, recno, 1, 0, &buffer, &buflen); + err = iso7816_read_record (app_get_slot (app), recno, 1, 0, + &buffer, &buflen); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) break; /* ready */ if (err) @@ -2811,7 +2819,8 @@ micardo_mse (app_t app, unsigned short fid) /* Restore the security environment to SE_NUM if needed */ if (se_num) { - err = iso7816_manage_security_env (app->slot, 0xf3, se_num, NULL, 0); + err = iso7816_manage_security_env (app_get_slot (app), + 0xf3, se_num, NULL, 0); if (err) { log_error ("restoring SE to %d failed: %s\n", @@ -2826,7 +2835,7 @@ micardo_mse (app_t app, unsigned short fid) msebuf[2] = 0x80; msebuf[3] = (refdata >> 8); msebuf[4] = refdata; - err = iso7816_manage_security_env (app->slot, 0x41, 0xb6, msebuf, 5); + err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xb6, msebuf, 5); if (err) { log_error ("setting SE to reference file %04hX failed: %s\n", @@ -2948,7 +2957,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, mse[3] = 0x84; /* Private key reference tag. */ mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82; - err = iso7816_manage_security_env (app->slot, + err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, mse, sizeof mse); no_data_padding = 1; @@ -3101,7 +3110,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, else pinvaluelen = strlen (pinvalue); - err = iso7816_verify (app->slot, + err = iso7816_verify (app_get_slot (app), aodf->pin_reference_valid? aodf->pin_reference : 0, pinvalue, pinvaluelen); xfree (pinvalue); @@ -3170,7 +3179,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, mse[1] = 1; mse[2] = prkdf->key_reference; - err = iso7816_manage_security_env (app->slot, + err = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6, mse, sizeof mse); } @@ -3181,11 +3190,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, } if (hashalgo == MD_USER_TLS_MD5SHA1) - err = iso7816_compute_ds (app->slot, 0, data, 36, 0, outdata, outdatalen); + err = iso7816_compute_ds (app_get_slot (app), + 0, data, 36, 0, outdata, outdatalen); else if (no_data_padding) - err = iso7816_compute_ds (app->slot, 0, data+15, 20, 0,outdata,outdatalen); + err = iso7816_compute_ds (app_get_slot (app), + 0, data+15, 20, 0,outdata,outdatalen); else - err = iso7816_compute_ds (app->slot, 0, data, 35, 0, outdata, outdatalen); + err = iso7816_compute_ds (app_get_slot (app), + 0, data, 35, 0, outdata, outdatalen); return err; } @@ -3280,7 +3292,7 @@ read_home_df (int slot, int *r_belpic) gpg_error_t app_select_p15 (app_t app) { - int slot = app->slot; + int slot = app_get_slot (app); int rc; unsigned short def_home_df = 0; card_type_t card_type = CARD_TYPE_UNKNOWN; @@ -3298,7 +3310,7 @@ app_select_p15 (app_t app) Using the 2f02 just works. */ unsigned short path[1] = { 0x2f00 }; - rc = iso7816_select_path (app->slot, path, 1); + rc = iso7816_select_path (app_get_slot (app), path, 1); if (!rc) { direct = 1; @@ -3306,7 +3318,7 @@ app_select_p15 (app_t app) if (def_home_df) { path[0] = def_home_df; - rc = iso7816_select_path (app->slot, path, 1); + rc = iso7816_select_path (app_get_slot (app), path, 1); } } } @@ -3330,7 +3342,7 @@ app_select_p15 (app_t app) size_t atrlen; int i; - atr = apdu_get_atr (app->slot, &atrlen); + atr = apdu_get_atr (app_get_slot (app), &atrlen); if (!atr) rc = gpg_error (GPG_ERR_INV_CARD); else @@ -3381,8 +3393,8 @@ app_select_p15 (app_t app) prototype card right here because we need to access to EF(TokenInfo). We mark such a serial number by the using a prefix of FF0100. */ - if (app->serialnolen == 12 - && !memcmp (app->serialno, "\xD2\x76\0\0\0\0\0\0\0\0\0\0", 12)) + if (app->card->serialnolen == 12 + && !memcmp (app->card->serialno, "\xD2\x76\0\0\0\0\0\0\0\0\0\0", 12)) { /* This is a German card with a silly serial number. Try to get the serial number from the EF(TokenInfo). . */ @@ -3390,16 +3402,16 @@ app_select_p15 (app_t app) /* FIXME: actually get it from EF(TokenInfo). */ - p = xtrymalloc (3 + app->serialnolen); + p = xtrymalloc (3 + app->card->serialnolen); if (!p) rc = gpg_error (gpg_err_code_from_errno (errno)); else { memcpy (p, "\xff\x01", 3); - memcpy (p+3, app->serialno, app->serialnolen); - app->serialnolen += 3; - xfree (app->serialno); - app->serialno = p; + memcpy (p+3, app->card->serialno, app->card->serialnolen); + app->card->serialnolen += 3; + xfree (app->card->serialno); + app->card->serialno = p; } } diff --git a/scd/app-piv.c b/scd/app-piv.c index 2ee72e0fc..4b3868729 100644 --- a/scd/app-piv.c +++ b/scd/app-piv.c @@ -283,7 +283,7 @@ get_cached_data (app_t app, int tag, } } - err = iso7816_get_data_odd (app->slot, 0, tag, &p, &len); + err = iso7816_get_data_odd (app_get_slot (app), 0, tag, &p, &len); if (err) return err; @@ -737,18 +737,18 @@ get_dispserialno (app_t app, int failmode) { char *result; - if (app->serialno && app->serialnolen == 3+1+4 - && !memcmp (app->serialno, "\xff\x02\x00", 3)) + if (app->card && app->card->serialno && app->card->serialnolen == 3+1+4 + && !memcmp (app->card->serialno, "\xff\x02\x00", 3)) { /* This is a 4 byte S/N of a Yubikey which seems to be printed * on the token in decimal. Maybe they will print larger S/N * also in decimal but we can't be sure, thus do it only for * these 32 bit numbers. */ unsigned long sn; - sn = app->serialno[4] * 16777216; - sn += app->serialno[5] * 65536; - sn += app->serialno[6] * 256; - sn += app->serialno[7]; + sn = app->card->serialno[4] * 16777216; + sn += app->card->serialno[5] * 65536; + sn += app->card->serialno[6] * 256; + sn += app->card->serialno[7]; result = xtryasprintf ("yk-%lu", sn); } else if (failmode) @@ -786,7 +786,7 @@ get_chv_status (app_t app, const char *keyrefstr) apdu[1] = ISO7816_VERIFY; apdu[2] = 0x00; apdu[3] = keyref; - if (!iso7816_apdu_direct (app->slot, apdu, 4, 0, &sw, NULL, NULL)) + if (!iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, &sw, NULL, NULL)) result = -5; /* No need to verification. */ else if (sw == 0x6a88 || sw == 0x6a80) result = -2; /* No such PIN. */ @@ -938,7 +938,7 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen) tmpl[2] = 0x80; tmpl[3] = 0; /* (Empty witness requests a witness.) */ tmpllen = 4; - err = iso7816_general_authenticate (app->slot, 0, + err = iso7816_general_authenticate (app_get_slot (app), 0, PIV_ALGORITHM_3DES_ECB_0, 0x9B, tmpl, tmpllen, 0, &outdata, &outdatalen); @@ -971,7 +971,7 @@ auth_adm_key (app_t app, const unsigned char *value, size_t valuelen) tmpl[23] = 0; tmpllen = 24; xfree (outdata); - err = iso7816_general_authenticate (app->slot, 0, + err = iso7816_general_authenticate (app_get_slot (app), 0, PIV_ALGORITHM_3DES_ECB_0, 0x9B, tmpl, tmpllen, 0, &outdata, &outdatalen); @@ -1045,7 +1045,8 @@ set_adm_key (app_t app, const unsigned char *value, size_t valuelen) apdu[6] = 0x9b; apdu[7] = 24; memcpy (apdu+8, value, 24); - err = iso7816_apdu_direct (app->slot, apdu, 8+24, 0, &sw, NULL, NULL); + err = iso7816_apdu_direct (app_get_slot (app), apdu, 8+24, 0, + &sw, NULL, NULL); wipememory (apdu+8, 24); if (err) log_error ("piv: setting admin key failed; sw=%04x\n", sw); @@ -1426,7 +1427,7 @@ do_readcert (app_t app, const char *certid, apdu[1] = 0xf9; /* Yubikey: Get attestation cert. */ apdu[2] = xtoi_2 (certid+9); apdu[3] = 0; - err = iso7816_apdu_direct (app->slot, apdu, 4, 1, + err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 1, NULL, &result, &resultlen); if (!err) { @@ -1880,7 +1881,7 @@ verify_chv (app_t app, int keyref, int force, apdu[1] = ISO7816_VERIFY; apdu[2] = 0x00; apdu[3] = keyref; - if (!iso7816_apdu_direct (app->slot, apdu, 4, 0, &sw, NULL, NULL)) + if (!iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, &sw, NULL, NULL)) { if (!force) /* No need to verification. */ return 0; /* All fine. */ @@ -1896,7 +1897,7 @@ verify_chv (app_t app, int keyref, int force, if (err) return err; - err = iso7816_verify (app->slot, keyref, pin, pinlen); + err = iso7816_verify (app_get_slot (app), keyref, pin, pinlen); wipememory (pin, pinlen); xfree (pin); if (err) @@ -1957,7 +1958,8 @@ do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr, apdu[1] = ISO7816_VERIFY; apdu[2] = 0xff; apdu[3] = keyref; - err = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL); + err = iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, + NULL, NULL, NULL); goto leave; } @@ -1979,7 +1981,7 @@ do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr, apdu[1] = ISO7816_VERIFY; apdu[2] = 0x00; apdu[3] = keyref; - if (!iso7816_apdu_direct (app->slot, apdu, 4, 0, &sw, NULL, NULL)) + if (!iso7816_apdu_direct (app_get_slot (app), apdu, 4, 0, &sw, NULL, NULL)) remaining = -1; /* Already verified, thus full number of tries. */ else if ((sw & 0xfff0) == 0x63C0) remaining = (sw & 0x000f); /* PIN has REMAINING tries left. */ @@ -1996,7 +1998,7 @@ do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr, * old is wrong. This is not possible for the PUK, though. */ if (keyref != 0x81) { - err = iso7816_verify (app->slot, keyref, oldpin, oldpinlen); + err = iso7816_verify (app_get_slot (app), keyref, oldpin, oldpinlen); if (err) { log_error ("CHV %02X verification failed: %s\n", @@ -2021,7 +2023,8 @@ do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr, } memcpy (buf, oldpin, oldpinlen); memcpy (buf+oldpinlen, newpin, newpinlen); - err = iso7816_reset_retry_counter_with_rc (app->slot, targetkeyref, + err = iso7816_reset_retry_counter_with_rc (app_get_slot (app), + targetkeyref, buf, oldpinlen+newpinlen); xfree (buf); if (err) @@ -2030,7 +2033,7 @@ do_change_chv (app_t app, ctrl_t ctrl, const char *pwidstr, } else { - err = iso7816_change_reference_data (app->slot, keyref, + err = iso7816_change_reference_data (app_get_slot (app), keyref, oldpin, oldpinlen, newpin, newpinlen); if (err) @@ -2269,7 +2272,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, goto leave; /* Note: the -1 requests command chaining. */ - err = iso7816_general_authenticate (app->slot, -1, + err = iso7816_general_authenticate (app_get_slot (app), -1, mechanism, keyref, apdudata, (int)apdudatalen, 0, &outdata, &outdatalen); @@ -2492,7 +2495,7 @@ do_decipher (app_t app, const char *keyidstr, goto leave; /* Note: the -1 requests command chaining. */ - err = iso7816_general_authenticate (app->slot, -1, + err = iso7816_general_authenticate (app_get_slot (app), -1, mechanism, keyref, apdudata, (int)apdudatalen, 0, &outdata, &outdatalen); @@ -2693,7 +2696,7 @@ writekey_rsa (app_t app, data_object_t dobj, int keyref, if (err) goto leave; - err = iso7816_send_apdu (app->slot, + err = iso7816_send_apdu (app_get_slot (app), -1, /* Use command chaining. */ 0, /* Class */ 0xfe, /* Ins: Yubikey Import Asym. Key. */ @@ -2715,7 +2718,7 @@ writekey_rsa (app_t app, data_object_t dobj, int keyref, if (err) goto leave; tmpl[0] = PIV_ALGORITHM_RSA; - err = put_data (app->slot, dobj->tag, + err = put_data (app_get_slot (app), dobj->tag, (int)0x80, (size_t)1, tmpl, (int)0x7f49, (size_t)apdudatalen, apdudata, (int)0, (size_t)0, NULL); @@ -2845,7 +2848,7 @@ writekey_ecc (app_t app, data_object_t dobj, int keyref, if (err) goto leave; - err = iso7816_send_apdu (app->slot, + err = iso7816_send_apdu (app_get_slot (app), -1, /* Use command chaining. */ 0, /* Class */ 0xfe, /* Ins: Yubikey Import Asym. Key. */ @@ -2866,7 +2869,7 @@ writekey_ecc (app_t app, data_object_t dobj, int keyref, if (err) goto leave; tmpl[0] = mechanism; - err = put_data (app->slot, dobj->tag, + err = put_data (app_get_slot (app), dobj->tag, (int)0x80, (size_t)1, tmpl, (int)0x7f49, (size_t)apdudatalen, apdudata, (int)0, (size_t)0, NULL); @@ -2952,7 +2955,7 @@ do_writekey (app_t app, ctrl_t ctrl, /* First clear an existing key. We do this by writing an empty 7f49 * tag. This will return GPG_ERR_NO_PUBKEY on a later read. */ flush_cached_data (app, dobj->tag); - err = put_data (app->slot, dobj->tag, + err = put_data (app_get_slot (app), dobj->tag, (int)0x7f49, (size_t)0, "", (int)0, (size_t)0, NULL); if (err) @@ -3180,7 +3183,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keyrefstr, const char *keytype, tmpl[3] = 1; tmpl[4] = mechanism; tmpllen = 5; - err = iso7816_generate_keypair (app->slot, 0, 0, keyref, + err = iso7816_generate_keypair (app_get_slot (app), 0, 0, keyref, tmpl, tmpllen, 0, &buffer, &buflen); if (err) { @@ -3210,7 +3213,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keyrefstr, const char *keytype, tmpl[0] = mechanism; flush_cached_data (app, dobj->tag); - err = put_data (app->slot, dobj->tag, + err = put_data (app_get_slot (app), dobj->tag, (int)0x80, (size_t)1, tmpl, (int)0x7f49, (size_t)keydatalen, keydata, (int)0, (size_t)0, NULL); @@ -3281,7 +3284,7 @@ do_writecert (app_t app, ctrl_t ctrl, goto leave; } - err = put_data (app->slot, dobj->tag, + err = put_data (app_get_slot (app), dobj->tag, (int)0x70, (size_t)certlen, cert,/* Certificate */ (int)0x71, (size_t)1, "", /* No compress */ (int)0xfe, (size_t)0, "", /* Empty LRC. */ @@ -3395,7 +3398,7 @@ app_select_piv (app_t app) { static char const aid[] = { 0xA0, 0x00, 0x00, 0x03, 0x08, /* RID=NIST */ 0x00, 0x00, 0x10, 0x00 /* PIX=PIV */ }; - int slot = app->slot; + int slot = app_get_slot (app); gpg_error_t err; unsigned char *apt = NULL; size_t aptlen; @@ -3463,7 +3466,7 @@ app_select_piv (app_t app) goto leave; } - if (app->cardtype && !strcmp (app->cardtype, "yubikey")) + if (app->card->cardtype && !strcmp (app->card->cardtype, "yubikey")) app->app_local->flags.yubikey = 1; diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c index 8094b2463..a8a792369 100644 --- a/scd/app-sc-hsm.c +++ b/scd/app-sc-hsm.c @@ -484,7 +484,8 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult, if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */ - err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen, 255); + err = select_and_read_binary (app_get_slot (app), + fid, "PrKDF", &buffer, &buflen, 255); if (err) return err; @@ -832,7 +833,7 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult, xfree (buffer); buffer = NULL; buflen = 0; - err = select_and_read_binary (app->slot, + err = select_and_read_binary (app_get_slot (app), ((SC_HSM_EE_PREFIX << 8) | (fid & 0xFF)), "CertEF", &buffer, &buflen, 1); if (!err && buffer[0] == 0x30) @@ -953,7 +954,8 @@ read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result) if (!fid) return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */ - err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen, 255); + err = select_and_read_binary (app_get_slot (app), fid, "CDF", + &buffer, &buflen, 255); if (err) return err; @@ -1202,7 +1204,7 @@ read_serialno(app_t app) size_t n, objlen, hdrlen, chrlen; int class, tag, constructed, ndef; - err = select_and_read_binary (app->slot, 0x2F02, "EF.C_DevAut", + err = select_and_read_binary (app_get_slot (app), 0x2F02, "EF.C_DevAut", &buffer, &buflen, 512); if (err) return err; @@ -1229,15 +1231,15 @@ read_serialno(app_t app) } chrlen -= 5; - app->serialno = xtrymalloc (chrlen); - if (!app->serialno) + app->card->serialno = xtrymalloc (chrlen); + if (!app->card->serialno) { err = gpg_error_from_syserror (); goto leave; } - app->serialnolen = chrlen; - memcpy (app->serialno, chr, chrlen); + app->card->serialnolen = chrlen; + memcpy (app->card->serialno, chr, chrlen); leave: xfree (buffer); @@ -1260,7 +1262,7 @@ read_meta (app_t app) if (err) return err; - err = list_ef (app->slot, &eflist, &eflistlen); + err = list_ef (app_get_slot (app), &eflist, &eflistlen); if (err) return err; @@ -1454,7 +1456,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf, return 0; } - err = select_and_read_binary (app->slot, cdf->fid, "CD", + err = select_and_read_binary (app_get_slot (app), cdf->fid, "CD", &buffer, &buflen, 4096); if (err) { @@ -1592,7 +1594,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) } else if (!strcmp (name, "$DISPSERIALNO")) { - send_status_info (ctrl, name, app->serialno, app->serialnolen, NULL, 0); + send_status_info (ctrl, name, + app->card->serialno, app->card->serialnolen, NULL, 0); return 0; } @@ -1693,8 +1696,8 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), char *prompt; int sw; - sw = apdu_send_simple (app->slot, 0, 0x00, ISO7816_VERIFY, 0x00, 0x81, - -1, NULL); + sw = apdu_send_simple (app_get_slot (app), + 0, 0x00, ISO7816_VERIFY, 0x00, 0x81, -1, NULL); if (sw == SW_SUCCESS) return 0; /* PIN already verified */ @@ -1719,7 +1722,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), prompt = "||Please enter the PIN"; if (!opt.disable_pinpad - && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) ) + && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) ) { err = pincb (pincb_arg, prompt, NULL); if (err) @@ -1728,7 +1731,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), return err; } - err = iso7816_verify_kp (app->slot, 0x81, &pininfo); + err = iso7816_verify_kp (app_get_slot (app), 0x81, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } else @@ -1740,7 +1743,8 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), return err; } - err = iso7816_verify (app->slot, 0x81, pinvalue, strlen(pinvalue)); + err = iso7816_verify (app_get_slot (app), + 0x81, pinvalue, strlen(pinvalue)); xfree (pinvalue); } if (err) @@ -1883,7 +1887,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, if (err) return err; - sw = apdu_send_le (app->slot, 1, 0x80, 0x68, prkdf->key_reference, algoid, + sw = apdu_send_le (app_get_slot (app), + 1, 0x80, 0x68, prkdf->key_reference, algoid, cdsblklen, cdsblk, 0, outdata, outdatalen); return iso7816_map_sw (sw); } @@ -2018,7 +2023,8 @@ do_decipher (app_t app, const char *keyidstr, if (err) return err; - sw = apdu_send_le (app->slot, 1, 0x80, 0x62, prkdf->key_reference, 0x21, + sw = apdu_send_le (app_get_slot (app), + 1, 0x80, 0x62, prkdf->key_reference, 0x21, p1blklen, p1blk, 0, &rspdata, &rspdatalen); err = iso7816_map_sw (sw); if (err) @@ -2044,7 +2050,7 @@ do_decipher (app_t app, const char *keyidstr, gpg_error_t app_select_sc_hsm (app_t app) { - int slot = app->slot; + int slot = app_get_slot (app); int rc; rc = iso7816_select_application (slot, sc_hsm_aid, sizeof sc_hsm_aid, 0); @@ -31,8 +31,13 @@ #include "apdu.h" #include "../common/tlv.h" -static npth_mutex_t app_list_lock; -static app_t app_top; +/* Lock to protect the list of cards and its associated + * applications. */ +static npth_mutex_t card_list_lock; + +/* A list of card contexts. A card is a collection of applications + * (described by app_t) on the same physical token. */ +static card_t card_top; /* The list of application names and there select function. Of no @@ -126,59 +131,68 @@ print_progress_line (void *opaque, const char *what, int pc, int cur, int tot) } -/* Lock the reader SLOT. This function shall be used right before - calling any of the actual application functions to serialize access - to the reader. We do this always even if the reader is not - actually used. This allows an actual connection to assume that it - never shares a reader (while performing one command). Returns 0 on - success; only then the unlock_reader function must be called after - returning from the handler. */ +/* Lock the CARD. This function shall be used right before calling + * any of the actual application functions to serialize access to the + * reader. We do this always even if the card is not actually used. + * This allows an actual connection to assume that it never shares a + * card (while performing one command). Returns 0 on success; only + * then the unlock_reader function must be called after returning from + * the handler. Right now we assume a that a reader has just one + * card; this may eventually need refinement. */ static gpg_error_t -lock_app (app_t app, ctrl_t ctrl) +lock_card (card_t card, ctrl_t ctrl) { - if (npth_mutex_lock (&app->lock)) + if (npth_mutex_lock (&card->lock)) { gpg_error_t err = gpg_error_from_syserror (); - log_error ("failed to acquire APP lock for %p: %s\n", - app, gpg_strerror (err)); + log_error ("failed to acquire CARD lock for %p: %s\n", + card, gpg_strerror (err)); return err; } - apdu_set_progress_cb (app->slot, print_progress_line, ctrl); - apdu_set_prompt_cb (app->slot, popup_prompt, ctrl); + apdu_set_progress_cb (card->slot, print_progress_line, ctrl); + apdu_set_prompt_cb (card->slot, popup_prompt, ctrl); return 0; } -/* Release a lock on the reader. See lock_reader(). */ + +/* Release a lock on a card. See lock_reader(). */ static void -unlock_app (app_t app) +unlock_card (card_t card) { - apdu_set_progress_cb (app->slot, NULL, NULL); - apdu_set_prompt_cb (app->slot, NULL, NULL); + apdu_set_progress_cb (card->slot, NULL, NULL); + apdu_set_prompt_cb (card->slot, NULL, NULL); - if (npth_mutex_unlock (&app->lock)) + if (npth_mutex_unlock (&card->lock)) { gpg_error_t err = gpg_error_from_syserror (); - log_error ("failed to release APP lock for %p: %s\n", - app, gpg_strerror (err)); + log_error ("failed to release CARD lock for %p: %s\n", + card, gpg_strerror (err)); } } /* This function may be called to print information pertaining to the - current state of this module to the log. */ + * current state of this module to the log. */ void app_dump_state (void) { + card_t c; app_t a; - npth_mutex_lock (&app_list_lock); - for (a = app_top; a; a = a->next) - log_info ("app_dump_state: app=%p type='%s'\n", a, a->apptype); - npth_mutex_unlock (&app_list_lock); + npth_mutex_lock (&card_list_lock); + for (c = card_top; c; c = c->next) + { + log_info ("app_dump_state: card=%p slot=%d type=%s\n", + c, c->slot, c->cardtype? c->cardtype:"unknown"); + for (a=c->app; a; a = a->next) + log_info ("app_dump_state: app=%p type='%s'\n", a, a->apptype); + } + npth_mutex_unlock (&card_list_lock); } + /* Check whether the application NAME is allowed. This does not mean we have support for it though. */ static int @@ -194,33 +208,40 @@ is_app_allowed (const char *name) static gpg_error_t -check_conflict (app_t app, const char *name) +check_conflict (card_t card, const char *name) { - if (!app || !name || (app->apptype && !ascii_strcasecmp (app->apptype, name))) + if (!card || !name) + return 0; + if (!card->app) + return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); /* Should not happen. */ + + /* FIXME: Needs changes for app switching. */ + if (card->app->apptype && !ascii_strcasecmp (card->app->apptype, name)) return 0; - if (app->apptype && !strcmp (app->apptype, "UNDEFINED")) + if (card->app->apptype && !strcmp (card->app->apptype, "UNDEFINED")) return 0; log_info ("application '%s' in use - can't switch\n", - app->apptype? app->apptype : "<null>"); + card->app->apptype? card->app->apptype : "<null>"); return gpg_error (GPG_ERR_CONFLICT); } + /* This function is used by the serialno command to check for an application conflict which may appear if the serialno command is used to request a specific application and the connection has already done a select_application. */ gpg_error_t -check_application_conflict (const char *name, app_t app) +check_application_conflict (const char *name, card_t card) { - return check_conflict (app, name); + return check_conflict (card, name); } gpg_error_t -app_reset (app_t app, ctrl_t ctrl, int send_reset) +card_reset (card_t card, ctrl_t ctrl, int send_reset) { gpg_error_t err = 0; @@ -228,21 +249,21 @@ app_reset (app_t app, ctrl_t ctrl, int send_reset) { int sw; - lock_app (app, ctrl); - sw = apdu_reset (app->slot); + lock_card (card, ctrl); + sw = apdu_reset (card->slot); if (sw) err = gpg_error (GPG_ERR_CARD_RESET); - app->reset_requested = 1; - unlock_app (app); + card->reset_requested = 1; + unlock_card (card); scd_kick_the_loop (); gnupg_sleep (1); } else { - ctrl->app_ctx = NULL; - app_unref (app); + ctrl->card_ctx = NULL; + card_unref (card); } return err; @@ -253,36 +274,37 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, int periodical_check_needed) { gpg_error_t err = 0; + card_t card = NULL; app_t app = NULL; unsigned char *result = NULL; size_t resultlen; int want_undefined; int i; - /* Need to allocate a new one. */ - app = xtrycalloc (1, sizeof *app); - if (!app) + /* Need to allocate a new card object */ + card = xtrycalloc (1, sizeof *card); + if (!card) { err = gpg_error_from_syserror (); log_info ("error allocating context: %s\n", gpg_strerror (err)); return err; } - app->slot = slot; - app->card_status = (unsigned int)-1; + card->slot = slot; + card->card_status = (unsigned int)-1; - if (npth_mutex_init (&app->lock, NULL)) + if (npth_mutex_init (&card->lock, NULL)) { err = gpg_error_from_syserror (); log_error ("error initializing mutex: %s\n", gpg_strerror (err)); - xfree (app); + xfree (card); return err; } - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) { - xfree (app); + xfree (card); return err; } @@ -313,7 +335,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, && !iso7816_apdu_direct (slot, "\x00\x1d\x00\x00\x00", 5, 0, NULL, &buf, &buflen)) { - app->cardtype = "yubikey"; + card->cardtype = "yubikey"; if (opt.verbose) { log_info ("Yubico: config="); @@ -330,15 +352,15 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, s0 = find_tlv (buf+1, buflen-1, 0x02, &n); /* Serial */ if (s0 && n >= 4) { - app->serialno = xtrymalloc (3 + 1 + n); - if (app->serialno) + card->serialno = xtrymalloc (3 + 1 + n); + if (card->serialno) { - app->serialnolen = 3 + 1 + n; - app->serialno[0] = 0xff; - app->serialno[1] = 0x02; - app->serialno[2] = 0x0; - app->serialno[3] = formfactor; - memcpy (app->serialno + 4, s0, n); + card->serialnolen = 3 + 1 + n; + card->serialno[0] = 0xff; + card->serialno[1] = 0x02; + card->serialno[2] = 0x0; + card->serialno[3] = formfactor; + memcpy (card->serialno + 4, s0, n); /* Note that we do not clear the error * so that no further serial number * testing is done. After all we just @@ -348,7 +370,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, s0 = find_tlv (buf+1, buflen-1, 0x05, &n); /* version */ if (s0 && n == 3) - app->cardversion = ((s0[0]<<16)|(s0[1]<<8)|s0[2]); + card->cardversion = ((s0[0]<<16)|(s0[1]<<8)|s0[2]); else if (!s0) { /* No version - this is not a Yubikey 5. We now @@ -361,7 +383,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, otp_aid, sizeof otp_aid, 1, &buf, &buflen) && buflen > 3) - app->cardversion = ((buf[0]<<16)|(buf[1]<<8)|buf[2]); + card->cardversion = ((buf[0]<<16)|(buf[1]<<8)|buf[2]); } } xfree (buf); @@ -382,7 +404,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, resultlen -= (p-result); if (p && n > resultlen && n == 0x0d && resultlen+1 == n) { - /* The object it does not fit into the buffer. This is an + /* The object does not fit into the buffer. This is an invalid encoding (or the buffer is too short. However, I have some test cards with such an invalid encoding and therefore I use this ugly workaround to return something @@ -396,9 +418,9 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, /* The GDO file is pretty short, thus we simply reuse it for storing the serial number. */ memmove (result, p, n); - app->serialno = result; - app->serialnolen = n; - err = app_munge_serialno (app); + card->serialno = result; + card->serialnolen = n; + err = app_munge_serialno (card); if (err) goto leave; } @@ -408,6 +430,17 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, } } + /* Allocate a new app object. */ + app = xtrycalloc (1, sizeof *app); + if (!app) + { + err = gpg_error_from_syserror (); + log_info ("error allocating app context: %s\n", gpg_strerror (err)); + goto leave; + } + card->app = app; + app->card = card; + /* Figure out the application to use. */ if (want_undefined) { @@ -430,7 +463,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, err = gpg_error (GPG_ERR_NOT_FOUND); } - /* Find the first available app if NAME is NULL or the one matching + /* Find the first available app if NAME is NULL or the matching * NAME but only if that application is also enabled. */ for (i=0; err && app_priority_list[i].name; i++) { @@ -450,44 +483,47 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, else log_info ("no supported card application found: %s\n", gpg_strerror (err)); - unlock_app (app); + unlock_card (card); xfree (app); + xfree (card); return err; } - app->periodical_check_needed = periodical_check_needed; - app->next = app_top; - app_top = app; - unlock_app (app); + card->periodical_check_needed = periodical_check_needed; + + card->next = card_top; + card_top = card; + unlock_card (card); return 0; } + /* If called with NAME as NULL, select the best fitting application - and return a context; otherwise select the application with NAME - and return a context. Returns an error code and stores NULL at - R_APP if no application was found or no card is present. */ + * and return its card context; otherwise select the application with + * NAME and return its card context. Returns an error code and stores + * NULL at R_CARD if no application was found or no card is present. */ gpg_error_t -select_application (ctrl_t ctrl, const char *name, app_t *r_app, +select_application (ctrl_t ctrl, const char *name, card_t *r_card, int scan, const unsigned char *serialno_bin, size_t serialno_bin_len) { gpg_error_t err = 0; - app_t a, a_prev = NULL; + card_t card, card_prev = NULL; - *r_app = NULL; + *r_card = NULL; - npth_mutex_lock (&app_list_lock); + npth_mutex_lock (&card_list_lock); - if (scan || !app_top) + if (scan || !card_top) { struct dev_list *l; - int new_app = 0; + int new_card = 0; /* Scan the devices to find new device(s). */ err = apdu_dev_list_start (opt.reader_port, &l); if (err) { - npth_mutex_unlock (&app_list_lock); + npth_mutex_unlock (&card_list_lock); return err; } @@ -496,7 +532,7 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, int slot; int periodical_check_needed_this; - slot = apdu_open_reader (l, !app_top); + slot = apdu_open_reader (l, !card_top); if (slot < 0) break; @@ -510,7 +546,7 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, { err = app_new_register (slot, ctrl, name, periodical_check_needed_this); - new_app++; + new_card++; } if (err) @@ -520,43 +556,43 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, apdu_dev_list_finish (l); /* If new device(s), kick the scdaemon loop. */ - if (new_app) + if (new_card) scd_kick_the_loop (); } - for (a = app_top; a; a = a->next) + for (card = card_top; card; card = card->next) { - lock_app (a, ctrl); + lock_card (card, ctrl); if (serialno_bin == NULL) break; - if (a->serialnolen == serialno_bin_len - && !memcmp (a->serialno, serialno_bin, a->serialnolen)) + if (card->serialnolen == serialno_bin_len + && !memcmp (card->serialno, serialno_bin, card->serialnolen)) break; - unlock_app (a); - a_prev = a; + unlock_card (card); + card_prev = card; } - if (a) + if (card) { - err = check_conflict (a, name); + err = check_conflict (card, name); if (!err) { - /* Note: We do not use app_ref as we are already locked. */ - a->ref_count++; - *r_app = a; - if (a_prev) + /* Note: We do not use card_ref as we are already locked. */ + card->ref_count++; + *r_card = card; + if (card_prev) { - a_prev->next = a->next; - a->next = app_top; - app_top = a; + card_prev->next = card->next; + card->next = card_top; + card_top = card; } } - unlock_app (a); + unlock_card (card); } else err = gpg_error (GPG_ERR_ENODEV); - npth_mutex_unlock (&app_list_lock); + npth_mutex_unlock (&card_list_lock); return err; } @@ -588,85 +624,88 @@ get_supported_applications (void) /* Deallocate the application. */ static void -deallocate_app (app_t app) +deallocate_card (card_t card) { - app_t a, a_prev = NULL; + card_t c, c_prev = NULL; + app_t a, anext; - for (a = app_top; a; a = a->next) - if (a == app) + for (c = card_top; c; c = c->next) + if (c == card) { - if (a_prev == NULL) - app_top = a->next; + if (c_prev == NULL) + card_top = c->next; else - a_prev->next = a->next; + c_prev->next = c->next; break; } else - a_prev = a; + c_prev = c; - if (app->ref_count) - log_error ("trying to release still used app context (%d)\n", - app->ref_count); + if (card->ref_count) + log_error ("releasing still used card context (%d)\n", card->ref_count); - if (app->fnc.deinit) + for (a = card->app; a; a = anext) { - app->fnc.deinit (app); - app->fnc.deinit = NULL; + if (a->fnc.deinit) + { + a->fnc.deinit (a); + a->fnc.deinit = NULL; + } + anext = a->next; + xfree (a); } - xfree (app->serialno); + xfree (card->serialno); - unlock_app (app); - xfree (app); + unlock_card (card); + xfree (card); } -/* Increment the reference counter for APP. Returns the APP. */ -app_t -app_ref (app_t app) +/* Increment the reference counter of CARD. Returns CARD. */ +card_t +card_ref (card_t card) { - lock_app (app, NULL); - ++app->ref_count; - unlock_app (app); - return app; + lock_card (card, NULL); + ++card->ref_count; + unlock_card (card); + return card; } -/* Decrement the reference counter for APP. Note that we are using - * reference counting to track the users of the application and are - * deferring the actual deallocation to allow for a later reuse by a - * new connection. Using NULL for APP is a no-op. */ +/* Decrement the reference counter for CARD. Note that we are using + * reference counting to track the users of the card's application and + * are deferring the actual deallocation to allow for a later reuse by + * a new connection. Using NULL for CARD is a no-op. */ void -app_unref (app_t app) +card_unref (card_t card) { - if (!app) + if (!card) return; - /* We don't deallocate app here. Instead, we keep it. This is + /* We don't deallocate CARD here. Instead, we keep it. This is useful so that a card does not get reset even if only one session is using the card - this way the PIN cache and other cached data are preserved. */ - lock_app (app, NULL); - if (!app->ref_count) - log_bug ("trying to release an already released context\n"); - --app->ref_count; - unlock_app (app); + lock_card (card, NULL); + card_unref_locked (card); + unlock_card (card); } -/* This is the same as app_unref but assumes that APP is already +/* This is the same as card_unref but assumes that CARD is already * locked. */ void -app_unref_locked (app_t app) +card_unref_locked (card_t card) { - if (!app) + if (!card) return; - if (!app->ref_count) - log_bug ("trying to release an already released context\n"); + if (!card->ref_count) + log_bug ("tried to release an already released card context\n"); - --app->ref_count; + --card->ref_count; } @@ -686,30 +725,30 @@ app_unref_locked (app_t app) All other serial number not starting with FF are used as they are. */ gpg_error_t -app_munge_serialno (app_t app) +app_munge_serialno (card_t card) { - if (app->serialnolen && app->serialno[0] == 0xff) + if (card->serialnolen && card->serialno[0] == 0xff) { /* The serial number starts with our special prefix. This requires that we put our default prefix "FF0000" in front. */ - unsigned char *p = xtrymalloc (app->serialnolen + 3); + unsigned char *p = xtrymalloc (card->serialnolen + 3); if (!p) return gpg_error_from_syserror (); memcpy (p, "\xff\0", 3); - memcpy (p+3, app->serialno, app->serialnolen); - app->serialnolen += 3; - xfree (app->serialno); - app->serialno = p; + memcpy (p+3, card->serialno, card->serialnolen); + card->serialnolen += 3; + xfree (card->serialno); + card->serialno = p; } - else if (!app->serialnolen) + else if (!card->serialnolen) { unsigned char *p = xtrymalloc (3); if (!p) return gpg_error_from_syserror (); memcpy (p, "\xff\x7f", 3); - app->serialnolen = 3; - xfree (app->serialno); - app->serialno = p; + card->serialnolen = 3; + xfree (card->serialno); + card->serialno = p; } return 0; } @@ -720,52 +759,66 @@ app_munge_serialno (app_t app) returned as a malloced string (hex encoded) in SERIAL. Caller must free SERIAL unless the function returns an error. */ char * -app_get_serialno (app_t app) +card_get_serialno (card_t card) { char *serial; - if (!app) + if (!card) return NULL; - if (!app->serialnolen) + if (!card->serialnolen) serial = xtrystrdup ("FF7F00"); else - serial = bin2hex (app->serialno, app->serialnolen, NULL); + serial = bin2hex (card->serialno, card->serialnolen, NULL); return serial; } +/* Same as card_get_serialno but takes an APP object. */ +char * +app_get_serialno (app_t app) +{ + if (!app || !app->card) + return NULL; + return card_get_serialno (app->card); +} + /* Write out the application specific status lines for the LEARN command. */ gpg_error_t -app_write_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) +app_write_learn_status (card_t card, ctrl_t ctrl, unsigned int flags) { gpg_error_t err; + app_t app; - if (!app) + if (!card) return gpg_error (GPG_ERR_INV_VALUE); + if (!card->app) + return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); + app = card->app; if (!app->fnc.learn_status) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* We do not send CARD and APPTYPE if only keypairinfo is requested. */ if (!(flags &1)) { - if (app->cardtype) - send_status_direct (ctrl, "CARDTYPE", app->cardtype); - if (app->cardversion) - send_status_printf (ctrl, "CARDVERSION", "%X", app->cardversion); + if (card->cardtype) + send_status_direct (ctrl, "CARDTYPE", card->cardtype); + if (card->cardversion) + send_status_printf (ctrl, "CARDVERSION", "%X", card->cardversion); if (app->apptype) send_status_direct (ctrl, "APPTYPE", app->apptype); if (app->appversion) send_status_printf (ctrl, "APPVERSION", "%X", app->appversion); + /* FIXME: Send infor for the otehr active apps of the card? */ } - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.learn_status (app, ctrl, flags); - unlock_app (app); + err = app->fnc.learn_status (card->app, ctrl, flags); + unlock_card (card); return err; } @@ -775,22 +828,22 @@ app_write_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) buffer put into CERT and the length of the certificate put into CERTLEN. */ gpg_error_t -app_readcert (app_t app, ctrl_t ctrl, const char *certid, +app_readcert (card_t card, ctrl_t ctrl, const char *certid, unsigned char **cert, size_t *certlen) { gpg_error_t err; - if (!app) + if (!card) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.readcert) + if (!card->app->fnc.readcert) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.readcert (app, certid, cert, certlen); - unlock_app (app); + err = card->app->fnc.readcert (card->app, certid, cert, certlen); + unlock_card (card); return err; } @@ -804,7 +857,7 @@ app_readcert (app_t app, ctrl_t ctrl, const char *certid, * * This function might not be supported by all applications. */ gpg_error_t -app_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, +app_readkey (card_t card, ctrl_t ctrl, const char *keyid, unsigned int flags, unsigned char **pk, size_t *pklen) { gpg_error_t err; @@ -814,47 +867,47 @@ app_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags, if (pklen) *pklen = 0; - if (!app || !keyid) + if (!card || !keyid) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.readkey) + if (!card->app->fnc.readkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err= app->fnc.readkey (app, ctrl, keyid, flags, pk, pklen); - unlock_app (app); + err = card->app->fnc.readkey (card->app, ctrl, keyid, flags, pk, pklen); + unlock_card (card); return err; } /* Perform a GETATTR operation. */ gpg_error_t -app_getattr (app_t app, ctrl_t ctrl, const char *name) +app_getattr (card_t card, ctrl_t ctrl, const char *name) { gpg_error_t err; - if (!app || !name || !*name) + if (!card || !name || !*name) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (app->cardtype && name && !strcmp (name, "CARDTYPE")) + if (card->cardtype && name && !strcmp (name, "CARDTYPE")) { - send_status_direct (ctrl, "CARDTYPE", app->cardtype); + send_status_direct (ctrl, "CARDTYPE", card->cardtype); return 0; } - if (app->apptype && name && !strcmp (name, "APPTYPE")) + if (card->app->apptype && name && !strcmp (name, "APPTYPE")) { - send_status_direct (ctrl, "APPTYPE", app->apptype); + send_status_direct (ctrl, "APPTYPE", card->app->apptype); return 0; } if (name && !strcmp (name, "SERIALNO")) { char *serial; - serial = app_get_serialno (app); + serial = card_get_serialno (card); if (!serial) return gpg_error (GPG_ERR_INV_VALUE); @@ -863,44 +916,47 @@ app_getattr (app_t app, ctrl_t ctrl, const char *name) return 0; } - if (!app->fnc.getattr) + if (!card->app->fnc.getattr) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.getattr (app, ctrl, name); - unlock_app (app); + err = card->app->fnc.getattr (card->app, ctrl, name); + unlock_card (card); return err; } + /* Perform a SETATTR operation. */ gpg_error_t -app_setattr (app_t app, ctrl_t ctrl, const char *name, +app_setattr (card_t card, ctrl_t ctrl, const char *name, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *value, size_t valuelen) { gpg_error_t err; - if (!app || !name || !*name || !value) + if (!card || !name || !*name || !value) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.setattr) + if (!card->app->fnc.setattr) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen); - unlock_app (app); + err = card->app->fnc.setattr (card->app, name, pincb, pincb_arg, + value, valuelen); + unlock_card (card); return err; } + /* Create the signature and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t -app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, +app_sign (card_t card, ctrl_t ctrl, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -908,31 +964,32 @@ app_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo, { gpg_error_t err; - if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) + if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.sign) + if (!card->app->fnc.sign) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.sign (app, keyidstr, hashalgo, - pincb, pincb_arg, - indata, indatalen, - outdata, outdatalen); - unlock_app (app); + err = card->app->fnc.sign (card->app, keyidstr, hashalgo, + pincb, pincb_arg, + indata, indatalen, + outdata, outdatalen); + unlock_card (card); if (opt.verbose) log_info ("operation sign result: %s\n", gpg_strerror (err)); return err; } + /* Create the signature using the INTERNAL AUTHENTICATE command and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t -app_auth (app_t app, ctrl_t ctrl, const char *keyidstr, +app_auth (card_t card, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -940,20 +997,20 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr, { gpg_error_t err; - if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) + if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.auth) + if (!card->app->fnc.auth) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.auth (app, keyidstr, - pincb, pincb_arg, - indata, indatalen, - outdata, outdatalen); - unlock_app (app); + err = card->app->fnc.auth (card->app, keyidstr, + pincb, pincb_arg, + indata, indatalen, + outdata, outdatalen); + unlock_card (card); if (opt.verbose) log_info ("operation auth result: %s\n", gpg_strerror (err)); return err; @@ -964,7 +1021,7 @@ app_auth (app_t app, ctrl_t ctrl, const char *keyidstr, If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t -app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, +app_decipher (card_t card, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, @@ -975,21 +1032,21 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, *r_info = 0; - if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) + if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.decipher) + if (!card->app->fnc.decipher) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.decipher (app, keyidstr, - pincb, pincb_arg, - indata, indatalen, - outdata, outdatalen, - r_info); - unlock_app (app); + err = card->app->fnc.decipher (card->app, keyidstr, + pincb, pincb_arg, + indata, indatalen, + outdata, outdatalen, + r_info); + unlock_card (card); if (opt.verbose) log_info ("operation decipher result: %s\n", gpg_strerror (err)); return err; @@ -998,26 +1055,26 @@ app_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, /* Perform the WRITECERT operation. */ gpg_error_t -app_writecert (app_t app, ctrl_t ctrl, - const char *certidstr, - gpg_error_t (*pincb)(void*, const char *, char **), - void *pincb_arg, - const unsigned char *data, size_t datalen) +app_writecert (card_t card, ctrl_t ctrl, + const char *certidstr, + gpg_error_t (*pincb)(void*, const char *, char **), + void *pincb_arg, + const unsigned char *data, size_t datalen) { gpg_error_t err; - if (!app || !certidstr || !*certidstr || !pincb) + if (!card || !certidstr || !*certidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.writecert) + if (!card->app->fnc.writecert) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.writecert (app, ctrl, certidstr, - pincb, pincb_arg, data, datalen); - unlock_app (app); + err = card->app->fnc.writecert (card->app, ctrl, certidstr, + pincb, pincb_arg, data, datalen); + unlock_card (card); if (opt.verbose) log_info ("operation writecert result: %s\n", gpg_strerror (err)); return err; @@ -1026,7 +1083,7 @@ app_writecert (app_t app, ctrl_t ctrl, /* Perform the WRITEKEY operation. */ gpg_error_t -app_writekey (app_t app, ctrl_t ctrl, +app_writekey (card_t card, ctrl_t ctrl, const char *keyidstr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, @@ -1034,18 +1091,18 @@ app_writekey (app_t app, ctrl_t ctrl, { gpg_error_t err; - if (!app || !keyidstr || !*keyidstr || !pincb) + if (!card || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.writekey) + if (!card->app->fnc.writekey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.writekey (app, ctrl, keyidstr, flags, - pincb, pincb_arg, keydata, keydatalen); - unlock_app (app); + err = card->app->fnc.writekey (card->app, ctrl, keyidstr, flags, + pincb, pincb_arg, keydata, keydatalen); + unlock_card (card); if (opt.verbose) log_info ("operation writekey result: %s\n", gpg_strerror (err)); return err; @@ -1054,25 +1111,25 @@ app_writekey (app_t app, ctrl_t ctrl, /* Perform a SETATTR operation. */ gpg_error_t -app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, +app_genkey (card_t card, ctrl_t ctrl, const char *keynostr, const char *keytype, unsigned int flags, time_t createtime, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; - if (!app || !keynostr || !*keynostr || !pincb) + if (!card || !keynostr || !*keynostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.genkey) + if (!card->app->fnc.genkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.genkey (app, ctrl, keynostr, keytype, flags, - createtime, pincb, pincb_arg); - unlock_app (app); + err = card->app->fnc.genkey (card->app, ctrl, keynostr, keytype, flags, + createtime, pincb, pincb_arg); + unlock_card (card); if (opt.verbose) log_info ("operation genkey result: %s\n", gpg_strerror (err)); return err; @@ -1083,44 +1140,45 @@ app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, directly accesses the card without any application specific wrapper. */ gpg_error_t -app_get_challenge (app_t app, ctrl_t ctrl, size_t nbytes, unsigned char *buffer) +app_get_challenge (card_t card, ctrl_t ctrl, + size_t nbytes, unsigned char *buffer) { gpg_error_t err; - if (!app || !nbytes || !buffer) + if (!card || !nbytes || !buffer) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = iso7816_get_challenge (app->slot, nbytes, buffer); - unlock_app (app); + err = iso7816_get_challenge (card->slot, nbytes, buffer); + unlock_card (card); return err; } - /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */ gpg_error_t -app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, +app_change_pin (card_t card, ctrl_t ctrl, const char *chvnostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; - if (!app || !chvnostr || !*chvnostr || !pincb) + if (!card || !chvnostr || !*chvnostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.change_pin) + if (!card->app->fnc.change_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.change_pin (app, ctrl, chvnostr, flags, pincb, pincb_arg); - unlock_app (app); + err = card->app->fnc.change_pin (card->app, ctrl, + chvnostr, flags, pincb, pincb_arg); + unlock_card (card); if (opt.verbose) log_info ("operation change_pin result: %s\n", gpg_strerror (err)); return err; @@ -1131,28 +1189,29 @@ app_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, be used to initialize a the PIN cache for long lasting other operations. Its use is highly application dependent. */ gpg_error_t -app_check_pin (app_t app, ctrl_t ctrl, const char *keyidstr, +app_check_pin (card_t card, ctrl_t ctrl, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; - if (!app || !keyidstr || !*keyidstr || !pincb) + if (!card || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->ref_count) + if (!card->ref_count || !card->app) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!app->fnc.check_pin) + if (!card->app->fnc.check_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - err = lock_app (app, ctrl); + err = lock_card (card, ctrl); if (err) return err; - err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg); - unlock_app (app); + err = card->app->fnc.check_pin (card->app, keyidstr, pincb, pincb_arg); + unlock_card (card); if (opt.verbose) log_info ("operation check_pin result: %s\n", gpg_strerror (err)); return err; } + static void report_change (int slot, int old_status, int cur_status) { @@ -1212,26 +1271,27 @@ report_change (int slot, int old_status, int cur_status) xfree (homestr); } + int scd_update_reader_status_file (void) { - app_t a, app_next; + card_t card, card_next; int periodical_check_needed = 0; - npth_mutex_lock (&app_list_lock); - for (a = app_top; a; a = app_next) + npth_mutex_lock (&card_list_lock); + for (card = card_top; card; card = card_next) { int sw; unsigned int status; - lock_app (a, NULL); - app_next = a->next; + lock_card (card, NULL); + card_next = card->next; - if (a->reset_requested) + if (card->reset_requested) status = 0; else { - sw = apdu_get_status (a->slot, 0, &status); + sw = apdu_get_status (card->slot, 0, &status); if (sw == SW_HOST_NO_READER) { /* Most likely the _reader_ has been unplugged. */ @@ -1240,40 +1300,41 @@ scd_update_reader_status_file (void) else if (sw) { /* Get status failed. Ignore that. */ - if (a->periodical_check_needed) + if (card->periodical_check_needed) periodical_check_needed = 1; - unlock_app (a); + unlock_card (card); continue; } } - if (a->card_status != status) + if (card->card_status != status) { - report_change (a->slot, a->card_status, status); - send_client_notifications (a, status == 0); + report_change (card->slot, card->card_status, status); + send_client_notifications (card, status == 0); if (status == 0) { - log_debug ("Removal of a card: %d\n", a->slot); - apdu_close_reader (a->slot); - deallocate_app (a); + log_debug ("Removal of a card: %d\n", card->slot); + apdu_close_reader (card->slot); + deallocate_card (card); } else { - a->card_status = status; - if (a->periodical_check_needed) + card->card_status = status; + if (card->periodical_check_needed) periodical_check_needed = 1; - unlock_app (a); + unlock_card (card); } } else { - if (a->periodical_check_needed) + if (card->periodical_check_needed) periodical_check_needed = 1; - unlock_app (a); + unlock_card (card); } } - npth_mutex_unlock (&app_list_lock); + + npth_mutex_unlock (&card_list_lock); return periodical_check_needed; } @@ -1287,7 +1348,7 @@ initialize_module_command (void) { gpg_error_t err; - if (npth_mutex_init (&app_list_lock, NULL)) + if (npth_mutex_init (&card_list_lock, NULL)) { err = gpg_error_from_syserror (); log_error ("app: error initializing mutex: %s\n", gpg_strerror (err)); @@ -1297,24 +1358,26 @@ initialize_module_command (void) return apdu_init (); } + void app_send_card_list (ctrl_t ctrl) { - app_t a; + card_t c; char buf[65]; - npth_mutex_lock (&app_list_lock); - for (a = app_top; a; a = a->next) + npth_mutex_lock (&card_list_lock); + for (c = card_top; c; c = c->next) { - if (DIM (buf) < 2 * a->serialnolen + 1) + if (DIM (buf) < 2 * c->serialnolen + 1) continue; - bin2hex (a->serialno, a->serialnolen, buf); + bin2hex (c->serialno, c->serialnolen, buf); send_status_direct (ctrl, "SERIALNO", buf); } - npth_mutex_unlock (&app_list_lock); + npth_mutex_unlock (&card_list_lock); } + /* Execute an action for each app. ACTION can be one of: * * - KEYGRIP_ACTION_SEND_DATA @@ -1338,18 +1401,24 @@ app_send_card_list (ctrl_t ctrl) * does not emit any status or data lines. If no key with that * keygrip is available or KEYGRIP_STR is NULL, NULL is returned. */ -app_t +card_t app_do_with_keygrip (ctrl_t ctrl, int action, const char *keygrip_str) { + card_t c; app_t a; - npth_mutex_lock (&app_list_lock); + npth_mutex_lock (&card_list_lock); - for (a = app_top; a; a = a->next) - if (a->fnc.with_keygrip - && !a->fnc.with_keygrip (a, ctrl, action, keygrip_str)) - break; + for (c = card_top; c; c = c->next) + for (a = c->app; a; a = a->next) + if (a->fnc.with_keygrip + && !a->fnc.with_keygrip (a, ctrl, action, keygrip_str)) + break; + /* FIXME: Add app switching logic. The above code assumes that the + * actions can be performend without switching. This needs to be + * checked. For a lookup we also need to reorder the apps so that + * the selected one will be used. */ - npth_mutex_unlock (&app_list_lock); - return a; + npth_mutex_unlock (&card_list_lock); + return c; } diff --git a/scd/command.c b/scd/command.c index 1929c33f1..1c8338446 100644 --- a/scd/command.c +++ b/scd/command.c @@ -145,10 +145,10 @@ hex_to_buffer (const char *string, size_t *r_length) static void do_reset (ctrl_t ctrl, int send_reset) { - app_t app = ctrl->app_ctx; + card_t card = ctrl->card_ctx; - if (app) - app_reset (app, ctrl, IS_LOCKED (ctrl)? 0: send_reset); + if (card) + card_reset (card, ctrl, IS_LOCKED (ctrl)? 0: send_reset); /* If we hold a lock, unlock now. */ if (locked_session && ctrl->server_local == locked_session) @@ -157,6 +157,8 @@ do_reset (ctrl_t ctrl, int send_reset) log_info ("implicitly unlocking due to RESET\n"); } } + + static gpg_error_t reset_notify (assuan_context_t ctx, char *line) @@ -211,10 +213,10 @@ open_card (ctrl_t ctrl) if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); - if (ctrl->app_ctx) + if (ctrl->card_ctx) return 0; - return select_application (ctrl, NULL, &ctrl->app_ctx, 0, NULL, 0); + return select_application (ctrl, NULL, &ctrl->card_ctx, 0, NULL, 0); } /* Explicitly open a card for a specific use of APPTYPE or SERIALNO. */ @@ -224,22 +226,24 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno) gpg_error_t err; unsigned char *serialno_bin = NULL; size_t serialno_bin_len = 0; - app_t app = ctrl->app_ctx; + card_t card = ctrl->card_ctx; /* If we are already initialized for one specific application we need to check that the client didn't requested a specific application different from the one in use before we continue. */ - if (apptype && ctrl->app_ctx) - return check_application_conflict (apptype, ctrl->app_ctx); + /* FIXME: Extend to allow switching between apps. */ + if (apptype && ctrl->card_ctx) + return check_application_conflict (apptype, ctrl->card_ctx); - /* Re-scan USB devices. Release APP, before the scan. */ - ctrl->app_ctx = NULL; - app_unref (app); + /* Re-scan USB devices. Release CARD, before the scan. */ + /* FIXME: Is a card_unref sufficient or do we need to deallocate? */ + ctrl->card_ctx = NULL; + card_unref (card); if (serialno) serialno_bin = hex_to_buffer (serialno, &serialno_bin_len); - err = select_application (ctrl, apptype, &ctrl->app_ctx, 1, + err = select_application (ctrl, apptype, &ctrl->card_ctx, 1, serialno_bin, serialno_bin_len); xfree (serialno_bin); @@ -313,7 +317,7 @@ cmd_serialno (assuan_context_t ctx, char *line) c->server_local->card_removed = 0; } - serial = app_get_serialno (ctrl->app_ctx); + serial = card_get_serialno (ctrl->card_ctx); if (!serial) return gpg_error (GPG_ERR_INV_VALUE); @@ -411,18 +415,18 @@ cmd_learn (assuan_context_t ctx, char *line) { const char *reader; char *serial; - app_t app = ctrl->app_ctx; + card_t card = ctrl->card_ctx; - if (!app) + if (!card) return gpg_error (GPG_ERR_CARD_NOT_PRESENT); - reader = apdu_get_reader_name (app->slot); + reader = apdu_get_reader_name (card->slot); if (!reader) return out_of_core (); send_status_direct (ctrl, "READER", reader); /* No need to free the string of READER. */ - serial = app_get_serialno (ctrl->app_ctx); + serial = card_get_serialno (ctrl->card_ctx); if (!serial) return gpg_error (GPG_ERR_INV_VALUE); @@ -461,7 +465,7 @@ cmd_learn (assuan_context_t ctx, char *line) /* Let the application print out its collection of useful status information. */ if (!rc) - rc = app_write_learn_status (ctrl->app_ctx, ctrl, only_keypairinfo); + rc = app_write_learn_status (ctrl->card_ctx, ctrl, only_keypairinfo); return rc; } @@ -484,7 +488,7 @@ cmd_readcert (assuan_context_t ctx, char *line) return rc; line = xstrdup (line); /* Need a copy of the line. */ - rc = app_readcert (ctrl->app_ctx, ctrl, line, &cert, &ncert); + rc = app_readcert (ctrl->card_ctx, ctrl, line, &cert, &ncert); if (rc) log_error ("app_readcert failed: %s\n", gpg_strerror (rc)); xfree (line); @@ -536,7 +540,7 @@ cmd_readkey (assuan_context_t ctx, char *line) /* If the application supports the READKEY function we use that. Otherwise we use the old way by extracting it from the certificate. */ - rc = app_readkey (ctrl->app_ctx, ctrl, line, + rc = app_readkey (ctrl->card_ctx, ctrl, line, opt_info? APP_READKEY_FLAG_INFO : 0, opt_nokey? NULL : &pk, &pklen); if (!rc) @@ -545,7 +549,7 @@ cmd_readkey (assuan_context_t ctx, char *line) || gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { /* Fall back to certificate reading. */ - rc = app_readcert (ctrl->app_ctx, ctrl, line, &cert, &ncert); + rc = app_readcert (ctrl->card_ctx, ctrl, line, &cert, &ncert); if (rc) { log_error ("app_readcert failed: %s\n", gpg_strerror (rc)); @@ -757,7 +761,7 @@ cmd_pksign (assuan_context_t ctx, char *line) size_t outdatalen; char *keyidstr; int hash_algo; - app_t app; + card_t card; int direct = 0; if (has_option (line, "--hash=rmd160")) @@ -791,27 +795,27 @@ cmd_pksign (assuan_context_t ctx, char *line) if (!keyidstr) return out_of_core (); - /* When it's a keygrip, we directly use APP, with no change of - ctrl->app_ctx. */ + /* When it's a keygrip, we directly use the card, with no change of + ctrl->card_ctx. */ if (strlen (keyidstr) == 40) { - app = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); + card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); direct = 1; } else - app = ctrl->app_ctx; + card = ctrl->card_ctx; - if (app) + if (card) { if (direct) - app_ref (app); - rc = app_sign (app, ctrl, + card_ref (card); + rc = app_sign (card, ctrl, keyidstr, hash_algo, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); if (direct) - app_unref (app); + card_unref (card); } else rc = gpg_error (GPG_ERR_NO_SECKEY); @@ -843,13 +847,13 @@ cmd_pkauth (assuan_context_t ctx, char *line) unsigned char *outdata; size_t outdatalen; char *keyidstr; - app_t app; + card_t card; int direct = 0; if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* We have to use a copy of the key ID because the function may use @@ -859,25 +863,25 @@ cmd_pkauth (assuan_context_t ctx, char *line) if (!keyidstr) return out_of_core (); - /* When it's a keygrip, we directly use APP, with no change of - ctrl->app_ctx. */ + /* When it's a keygrip, we directly use CARD, with no change of + ctrl->card_ctx. */ if (strlen (keyidstr) == 40) { - app = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); + card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); direct = 1; } else - app = ctrl->app_ctx; + card = ctrl->card_ctx; - if (app) + if (card) { if (direct) - app_ref (app); - rc = app_auth (app, ctrl, keyidstr, pin_cb, ctx, + card_ref (card); + rc = app_auth (card, ctrl, keyidstr, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); if (direct) - app_unref (app); + card_unref (card); } else rc = gpg_error (GPG_ERR_NO_SECKEY); @@ -910,7 +914,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) size_t outdatalen; char *keyidstr; unsigned int infoflags; - app_t app; + card_t card; int direct = 0; if ((rc = open_card (ctrl))) @@ -920,25 +924,25 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) if (!keyidstr) return out_of_core (); - /* When it's a keygrip, we directly use APP, with no change of - ctrl->app_ctx. */ + /* When it's a keygrip, we directly use CARD, with no change of + ctrl->card_ctx. */ if (strlen (keyidstr) == 40) { - app = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); + card = app_do_with_keygrip (ctrl, KEYGRIP_ACTION_LOOKUP, keyidstr); direct = 1; } else - app = ctrl->app_ctx; + card = ctrl->card_ctx; - if (app) + if (card) { if (direct) - app_ref (app); - rc = app_decipher (ctrl->app_ctx, ctrl, keyidstr, pin_cb, ctx, + card_ref (card); + rc = app_decipher (card, ctrl, keyidstr, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen, &infoflags); if (direct) - app_unref (app); + card_unref (card); } else rc = gpg_error (GPG_ERR_NO_SECKEY); @@ -999,7 +1003,7 @@ cmd_getattr (assuan_context_t ctx, char *line) /* FIXME: Applications should not return sensitive data if the card is locked. */ - rc = app_getattr (ctrl->app_ctx, ctrl, keyword); + rc = app_getattr (ctrl->card_ctx, ctrl, keyword); return rc; } @@ -1061,7 +1065,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line) assuan_end_confidential (ctx); if (!err) { - err = app_setattr (ctrl->app_ctx, ctrl, keyword, pin_cb, ctx, + err = app_setattr (ctrl->card_ctx, ctrl, keyword, pin_cb, ctx, value, nbytes); wipememory (value, nbytes); xfree (value); @@ -1071,7 +1075,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line) else { nbytes = percent_plus_unescape_inplace (line, 0); - err = app_setattr (ctrl->app_ctx, ctrl, keyword, pin_cb, ctx, + err = app_setattr (ctrl->card_ctx, ctrl, keyword, pin_cb, ctx, (const unsigned char*)line, nbytes); } @@ -1112,7 +1116,7 @@ cmd_writecert (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); certid = xtrystrdup (certid); @@ -1129,7 +1133,7 @@ cmd_writecert (assuan_context_t ctx, char *line) } /* Write the certificate to the card. */ - rc = app_writecert (ctrl->app_ctx, ctrl, certid, + rc = app_writecert (ctrl->card_ctx, ctrl, certid, pin_cb, ctx, certdata, certdatalen); xfree (certid); xfree (certdata); @@ -1174,7 +1178,7 @@ cmd_writekey (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); keyid = xtrystrdup (keyid); @@ -1192,7 +1196,7 @@ cmd_writekey (assuan_context_t ctx, char *line) } /* Write the key to the card. */ - rc = app_writekey (ctrl->app_ctx, ctrl, keyid, force? 1:0, + rc = app_writekey (ctrl->card_ctx, ctrl, keyid, force? 1:0, pin_cb, ctx, keydata, keydatalen); xfree (keyid); xfree (keydata); @@ -1266,7 +1270,7 @@ cmd_genkey (assuan_context_t ctx, char *line) if ((err = open_card (ctrl))) goto leave; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); keyref = keyref_buffer = xtrystrdup (keyref); @@ -1275,7 +1279,7 @@ cmd_genkey (assuan_context_t ctx, char *line) err = gpg_error_from_syserror (); goto leave; } - err = app_genkey (ctrl->app_ctx, ctrl, keyref, opt_algo, + err = app_genkey (ctrl->card_ctx, ctrl, keyref, opt_algo, force? APP_GENKEY_FLAG_FORCE : 0, timestamp, pin_cb, ctx); @@ -1310,14 +1314,14 @@ cmd_random (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); buffer = xtrymalloc (nbytes); if (!buffer) return out_of_core (); - rc = app_get_challenge (ctrl->app_ctx, ctrl, nbytes, buffer); + rc = app_get_challenge (ctrl->card_ctx, ctrl, nbytes, buffer); if (!rc) { rc = assuan_send_data (ctx, buffer, nbytes); @@ -1371,13 +1375,13 @@ cmd_passwd (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); chvnostr = xtrystrdup (chvnostr); if (!chvnostr) return out_of_core (); - rc = app_change_pin (ctrl->app_ctx, ctrl, chvnostr, flags, pin_cb, ctx); + rc = app_change_pin (ctrl->card_ctx, ctrl, chvnostr, flags, pin_cb, ctx); if (rc) log_error ("command passwd failed: %s\n", gpg_strerror (rc)); xfree (chvnostr); @@ -1428,7 +1432,7 @@ cmd_checkpin (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* We have to use a copy of the key ID because the function may use @@ -1438,7 +1442,7 @@ cmd_checkpin (assuan_context_t ctx, char *line) if (!idstr) return out_of_core (); - rc = app_check_pin (ctrl->app_ctx, ctrl, idstr, pin_cb, ctx); + rc = app_check_pin (ctrl->card_ctx, ctrl, idstr, pin_cb, ctx); xfree (idstr); if (rc) log_error ("app_check_pin failed: %s\n", gpg_strerror (rc)); @@ -1641,14 +1645,14 @@ static gpg_error_t cmd_restart (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); - app_t app = ctrl->app_ctx; + card_t card = ctrl->card_ctx; (void)line; - if (app) + if (card) { - ctrl->app_ctx = NULL; - app_unref (app); + ctrl->card_ctx = NULL; + card_unref (card); } if (locked_session && ctrl->server_local == locked_session) { @@ -1670,10 +1674,10 @@ cmd_disconnect (assuan_context_t ctx, char *line) (void)line; - if (!ctrl->app_ctx) + if (!ctrl->card_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - apdu_disconnect (ctrl->app_ctx->slot); + apdu_disconnect (ctrl->card_ctx->slot); return 0; } @@ -1702,7 +1706,7 @@ static gpg_error_t cmd_apdu (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); - app_t app; + card_t card; int rc; unsigned char *apdu; size_t apdulen; @@ -1732,8 +1736,8 @@ cmd_apdu (assuan_context_t ctx, char *line) if ((rc = open_card (ctrl))) return rc; - app = ctrl->app_ctx; - if (!app) + card = ctrl->card_ctx; + if (!card) return gpg_error (GPG_ERR_CARD_NOT_PRESENT); if (with_atr) @@ -1742,7 +1746,7 @@ cmd_apdu (assuan_context_t ctx, char *line) size_t atrlen; char hexbuf[400]; - atr = apdu_get_atr (app->slot, &atrlen); + atr = apdu_get_atr (card->slot, &atrlen); if (!atr || atrlen > sizeof hexbuf - 2 ) { rc = gpg_error (GPG_ERR_INV_CARD); @@ -1787,7 +1791,7 @@ cmd_apdu (assuan_context_t ctx, char *line) unsigned char *result = NULL; size_t resultlen; - rc = apdu_send_direct (app->slot, exlen, + rc = apdu_send_direct (card->slot, exlen, apdu, apdulen, handle_more, NULL, &result, &resultlen); if (rc) @@ -1851,7 +1855,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line) int action; char *keygrip_str; ctrl_t ctrl = assuan_get_pointer (ctx); - app_t a; + card_t card; list_mode = has_option (line, "--list"); opt_data = has_option (line, "--data"); @@ -1867,9 +1871,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line) else action = KEYGRIP_ACTION_WRITE_STATUS; - a = app_do_with_keygrip (ctrl, action, keygrip_str); + card = app_do_with_keygrip (ctrl, action, keygrip_str); - if (!list_mode && !a) + if (!list_mode && !card) return gpg_error (GPG_ERR_NOT_FOUND); return 0; } @@ -2180,7 +2184,7 @@ popup_prompt (void *opaque, int on) /* Helper to send the clients a status change notification. Note that * this fucntion assumes that APP is already locked. */ void -send_client_notifications (app_t app, int removal) +send_client_notifications (card_t card, int removal) { struct { pid_t pid; @@ -2195,7 +2199,7 @@ send_client_notifications (app_t app, int removal) struct server_local_s *sl; for (sl=session_list; sl; sl = sl->next_session) - if (sl->ctrl_backlink && sl->ctrl_backlink->app_ctx == app) + if (sl->ctrl_backlink && sl->ctrl_backlink->card_ctx == card) { pid_t pid; #ifdef HAVE_W32_SYSTEM @@ -2206,9 +2210,9 @@ send_client_notifications (app_t app, int removal) if (removal) { - sl->ctrl_backlink->app_ctx = NULL; + sl->ctrl_backlink->card_ctx = NULL; sl->card_removed = 1; - app_unref_locked (app); + card_unref_locked (card); } if (!sl->event_signal || !sl->assuan_ctx) diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 7eb08a904..f4a243703 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -84,6 +84,7 @@ struct #define DBG_READER (opt.debug & DBG_READER_VALUE) struct server_local_s; +struct card_ctx_s; struct app_ctx_s; struct server_control_s @@ -101,7 +102,7 @@ struct server_control_s associated. Note that this is shared with the other connections: All connections accessing the same reader are using the same application context. */ - struct app_ctx_s *app_ctx; + struct card_ctx_s *card_ctx; /* Helper to store the value we are going to sign */ struct @@ -111,6 +112,7 @@ struct server_control_s } in_data; }; +typedef struct card_ctx_s *card_t; typedef struct app_ctx_s *app_t; /*-- scdaemon.c --*/ @@ -130,8 +132,8 @@ void send_keyinfo (ctrl_t ctrl, int data, const char *keygrip_str, void popup_prompt (void *opaque, int on); -/* Take care: this function assumes that APP is locked. */ -void send_client_notifications (app_t app, int removal); +/* Take care: this function assumes that CARD is locked. */ +void send_client_notifications (card_t card, int removal); void scd_kick_the_loop (void); int get_active_connection_count (void); |