aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-nks.c
diff options
context:
space:
mode:
Diffstat (limited to 'scd/app-nks.c')
-rw-r--r--scd/app-nks.c128
1 files changed, 63 insertions, 65 deletions
diff --git a/scd/app-nks.c b/scd/app-nks.c
index 076b9139f..c1b2aa376 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -188,8 +188,8 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
libgcrypt but we can't yet rely on it yet. */
for (i=0; i < 2; i++)
{
- while (buflen[i]-offset[i] > 1
- && !buffer[i][offset[i]]
+ while (buflen[i]-offset[i] > 1
+ && !buffer[i][offset[i]]
&& !(buffer[i][offset[i]+1] & 0x80))
offset[i]++;
}
@@ -201,9 +201,9 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
{
if ((buflen[i]-offset[i]) && (buffer[i][offset[i]] & 0x80))
{
- unsigned char *newbuf;
+ unsigned char *newbuf;
size_t newlen;
-
+
newlen = 1 + buflen[i] - offset[i];
newbuf = xtrymalloc (newlen);
if (!newlen)
@@ -271,7 +271,7 @@ get_chv_status (app_t app, int sigg, int pwid)
command[2] = 0x00;
command[3] = pwid;
- if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
+ if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
4, 0, &result, &resultlen))
rc = -1; /* Error. */
else if (resultlen < 2)
@@ -299,7 +299,7 @@ get_chv_status (app_t app, int sigg, int pwid)
/* Implement the GETATTR command. This is similar to the LEARN
command but returns just one value via the status interface. */
-static gpg_error_t
+static gpg_error_t
do_getattr (app_t app, ctrl_t ctrl, const char *name)
{
static struct {
@@ -322,7 +322,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
for (idx=0; table[idx].name && strcmp (table[idx].name, name); idx++)
;
if (!table[idx].name)
- return gpg_error (GPG_ERR_INV_NAME);
+ return gpg_error (GPG_ERR_INV_NAME);
switch (table[idx].special)
{
@@ -350,7 +350,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
two global passwords followed by the two SigG passwords.
For the values, see the function get_chv_status. */
int tmp[4];
-
+
/* We use a helper array so that we can control that there is
no superfluous application switch. Note that PW2.CH.SIG
really has the identifier 0x83 and not 0x82 as one would
@@ -358,8 +358,8 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
tmp[0] = get_chv_status (app, 0, 0x00);
tmp[1] = get_chv_status (app, 0, 0x01);
tmp[2] = get_chv_status (app, 1, 0x81);
- tmp[3] = get_chv_status (app, 1, 0x83);
- snprintf (buffer, sizeof buffer,
+ tmp[3] = get_chv_status (app, 1, 0x83);
+ snprintf (buffer, sizeof buffer,
"%d %d %d %d", tmp[0], tmp[1], tmp[2], tmp[3]);
send_status_info (ctrl, table[idx].name,
buffer, strlen (buffer), NULL, 0);
@@ -413,11 +413,11 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
context so that a following readcert does only need to
read that many bytes. */
snprintf (ct_buf, sizeof ct_buf, "%d", filelist[i].certtype);
- snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
+ snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
tag, filelist[i].fid);
send_status_info (ctrl, "CERTINFO",
- ct_buf, strlen (ct_buf),
- id_buf, strlen (id_buf),
+ ct_buf, strlen (ct_buf),
+ id_buf, strlen (id_buf),
NULL, (size_t)0);
}
}
@@ -434,8 +434,8 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
snprintf (id_buf, sizeof id_buf, "NKS-%s.%04X",
tag, filelist[i].fid);
send_status_info (ctrl, "KEYPAIRINFO",
- gripstr, 40,
- id_buf, strlen (id_buf),
+ gripstr, 40,
+ id_buf, strlen (id_buf),
NULL, (size_t)0);
}
}
@@ -453,7 +453,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
err = switch_application (app, 0);
if (err)
return err;
-
+
do_learn_status_core (app, ctrl, flags, 0);
err = switch_application (app, 1);
@@ -489,11 +489,11 @@ do_readcert (app_t app, const char *certid,
*cert = NULL;
*certlen = 0;
- if (!strncmp (certid, "NKS-NKS3.", 9))
+ if (!strncmp (certid, "NKS-NKS3.", 9))
;
- else if (!strncmp (certid, "NKS-DF01.", 9))
+ else if (!strncmp (certid, "NKS-DF01.", 9))
;
- else if (!strncmp (certid, "NKS-SIGG.", 9))
+ else if (!strncmp (certid, "NKS-SIGG.", 9))
is_sigg = 1;
else
return gpg_error (GPG_ERR_INV_ID);
@@ -504,7 +504,7 @@ do_readcert (app_t app, const char *certid,
certid += 9;
if (!hexdigitp (certid) || !hexdigitp (certid+1)
- || !hexdigitp (certid+2) || !hexdigitp (certid+3)
+ || !hexdigitp (certid+2) || !hexdigitp (certid+3)
|| certid[4])
return gpg_error (GPG_ERR_INV_ID);
fid = xtoi_4 (certid);
@@ -541,7 +541,7 @@ do_readcert (app_t app, const char *certid,
fid, gpg_strerror (err));
return err;
}
-
+
if (!buflen || *buffer == 0xff)
{
log_info ("no certificate contained in FID 0x%04X\n", fid);
@@ -569,13 +569,13 @@ do_readcert (app_t app, const char *certid,
&ndef, &objlen, &hdrlen);
if (err)
goto leave;
-
+
if (rootca)
;
else if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
{
const unsigned char *save_p;
-
+
/* The certificate seems to be contained in a userCertificate
container. Skip this and assume the following sequence is
the certificate. */
@@ -589,7 +589,7 @@ do_readcert (app_t app, const char *certid,
save_p = p;
err = parse_ber_header (&p, &n, &class, &tag, &constructed,
&ndef, &objlen, &hdrlen);
- if (err)
+ if (err)
goto leave;
if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
return gpg_error (GPG_ERR_INV_OBJ);
@@ -597,7 +597,7 @@ do_readcert (app_t app, const char *certid,
assert (save_p + totobjlen <= buffer + buflen);
memmove (buffer, save_p, totobjlen);
}
-
+
*cert = buffer;
buffer = NULL;
*certlen = totobjlen;
@@ -628,7 +628,7 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
;
else /* Return the error code expected by cmd_readkey. */
- return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+ return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
/* Access the KEYD file which is always in the master directory. */
err = iso7816_select_path (app->slot, path, DIM (path), NULL, NULL);
@@ -696,14 +696,14 @@ do_writekey (app_t app, ctrl_t ctrl,
;
else
return gpg_error (GPG_ERR_INV_ID);
-
+
if (!force && !do_readkey (app, keyid, NULL, NULL))
return gpg_error (GPG_ERR_EEXIST);
/* Parse the S-expression. */
err = get_rsa_pk_from_canon_sexp (keydata, keydatalen,
&rsa_n, &rsa_n_len, &rsa_e, &rsa_e_len);
- if (err)
+ if (err)
goto leave;
/* Check that the parameters match the requirements. */
@@ -732,7 +732,7 @@ do_writekey (app_t app, ctrl_t ctrl,
/* Send the MSE:Store_Public_Key. */
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
/* mse = xtrymalloc (1000); */
-
+
/* mse[0] = 0x80; /\* Algorithm reference. *\/ */
/* mse[1] = 1; */
/* mse[2] = 0x17; */
@@ -802,15 +802,15 @@ verify_pin (app_t app, int pwid, const char *desc,
gpg_strerror (rc));
return rc;
}
-
- rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo);
+
+ rc = iso7816_verify_kp (app->slot, pwid, "", 0, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
{
char *pinvalue;
- rc = pincb (pincb_arg, desc, &pinvalue);
+ rc = pincb (pincb_arg, desc, &pinvalue);
if (rc)
{
log_info ("PIN callback returned error: %s\n", gpg_strerror (rc));
@@ -845,7 +845,7 @@ verify_pin (app_t app, int pwid, const char *desc,
If a PIN is required the PINCB will be used to ask for the PIN;
that callback should return the PIN in an allocated buffer and
store that in the 3rd argument. */
-static gpg_error_t
+static gpg_error_t
do_sign (app_t app, const char *keyidstr, int hashalgo,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
@@ -876,11 +876,11 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Check that the provided ID is valid. This is not really needed
but we do it to enforce correct usage by the caller. */
- if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
+ if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
;
- else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
+ else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
;
- else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
+ else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
is_sigg = 1;
else
return gpg_error (GPG_ERR_INV_ID);
@@ -897,7 +897,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
}
if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
- || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
+ || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
|| keyidstr[4])
return gpg_error (GPG_ERR_INV_ID);
fid = xtoi_4 (keyidstr);
@@ -914,7 +914,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
if (app->app_local->nks_version > 2 && (indatalen == 35
|| indatalen == 47
|| indatalen == 51
- || indatalen == 67
+ || indatalen == 67
|| indatalen == 83))
{
/* The caller send data matching the length of the ASN.1 encoded
@@ -931,7 +931,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
;
else if (hashalgo == GCRY_MD_RMD160 && !memcmp (indata,rmd160_prefix,15))
;
- else
+ else
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
memcpy (data, indata, indatalen);
datalen = 35;
@@ -942,7 +942,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
memcpy (data, sha1_prefix, 15);
else if (hashalgo == GCRY_MD_RMD160)
memcpy (data, rmd160_prefix, 15);
- else
+ else
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
memcpy (data+15, indata, indatalen);
datalen = 35;
@@ -955,7 +955,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
if (app->app_local->nks_version > 2)
{
unsigned char mse[6];
-
+
mse[0] = 0x80; /* Algorithm reference. */
mse[1] = 1;
mse[2] = 2; /* RSA, card does pkcs#1 v1.5 padding, no ASN.1 check. */
@@ -980,7 +980,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
If a PIN is required the PINCB will be used to ask for the PIN; it
should return the PIN in an allocated buffer and put it into PIN. */
-static gpg_error_t
+static gpg_error_t
do_decipher (app_t app, const char *keyidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
@@ -997,11 +997,11 @@ do_decipher (app_t app, const char *keyidstr,
/* Check that the provided ID is valid. This is not really needed
but we do it to to enforce correct usage by the caller. */
- if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
+ if (!strncmp (keyidstr, "NKS-NKS3.", 9) )
;
- else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
+ else if (!strncmp (keyidstr, "NKS-DF01.", 9) )
;
- else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
+ else if (!strncmp (keyidstr, "NKS-SIGG.", 9) )
is_sigg = 1;
else
return gpg_error (GPG_ERR_INV_ID);
@@ -1012,7 +1012,7 @@ do_decipher (app_t app, const char *keyidstr,
return rc;
if (!hexdigitp (keyidstr) || !hexdigitp (keyidstr+1)
- || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
+ || !hexdigitp (keyidstr+2) || !hexdigitp (keyidstr+3)
|| keyidstr[4])
return gpg_error (GPG_ERR_INV_ID);
fid = xtoi_4 (keyidstr);
@@ -1039,7 +1039,7 @@ do_decipher (app_t app, const char *keyidstr,
}
else
{
- static const unsigned char mse[] =
+ static const unsigned char mse[] =
{
0x80, 1, 0x10, /* Select algorithm RSA. */
0x84, 1, 0x81 /* Select local secret key 1 for decryption. */
@@ -1130,8 +1130,8 @@ parse_pwidstr (const char *pwidstr, int new_mode, int *r_sigg, int *r_pwid)
/* Handle the PASSWD command. See parse_pwidstr() for allowed values
for CHVNOSTR. */
-static gpg_error_t
-do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
+static gpg_error_t
+do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
unsigned int flags,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
@@ -1153,7 +1153,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
memset (&pininfo, 0, sizeof pininfo);
pininfo.minlen = 6;
pininfo.maxlen = 16;
-
+
newdesc = parse_pwidstr (pwidstr, 1, &is_sigg, &pwid);
if (!newdesc)
return gpg_error (GPG_ERR_INV_ID);
@@ -1204,7 +1204,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
/* Regular change mode: Ask for the old PIN. */
desc = parse_pwidstr (pwidstr, 0, &dummy1, &dummy2);
}
- err = pincb (pincb_arg, desc, &oldpin);
+ err = pincb (pincb_arg, desc, &oldpin);
if (err)
{
log_error ("error getting old PIN: %s\n", gpg_strerror (err));
@@ -1216,14 +1216,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
goto leave;
}
- err = pincb (pincb_arg, newdesc, &newpin);
+ err = pincb (pincb_arg, newdesc, &newpin);
if (err)
{
log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
goto leave;
}
newpinlen = strlen (newpin);
-
+
err = basic_pin_checks (newpin, pininfo.minlen, pininfo.maxlen);
if (err)
goto leave;
@@ -1246,8 +1246,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
wipememory (data, datalen);
xfree (data);
}
- else
- err = iso7816_change_reference_data (app->slot, pwid,
+ else
+ err = iso7816_change_reference_data (app->slot, pwid,
oldpin, oldpinlen,
newpin, newpinlen);
leave:
@@ -1258,7 +1258,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
/* Perform a simple verify operation. KEYIDSTR should be NULL or empty. */
-static gpg_error_t
+static gpg_error_t
do_check_pin (app_t app, const char *pwidstr,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg)
@@ -1288,10 +1288,10 @@ get_nks_version (int slot)
size_t resultlen;
int type;
- if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
+ if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
&result, &resultlen))
return 2; /* NKS 2 does not support this command. */
-
+
/* Example value: 04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
vv tt ccccccccccccccccc aa bb cc vvvvvvvvvvv xx
vendor (Philips) -+ | | | | | | |
@@ -1332,7 +1332,7 @@ switch_application (app_t app, int enable_sigg)
else
err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0);
- if (!err && enable_sigg && app->app_local->nks_version >= 3
+ if (!err && enable_sigg && app->app_local->nks_version >= 3
&& !app->app_local->sigg_msig_checked)
{
/* Check whether this card is a mass signature card. */
@@ -1340,7 +1340,7 @@ switch_application (app_t app, int enable_sigg)
size_t buflen;
const unsigned char *tmpl;
size_t tmpllen;
-
+
app->app_local->sigg_msig_checked = 1;
app->app_local->sigg_is_msig = 1;
err = iso7816_select_file (app->slot, 0x5349, 0, NULL, NULL);
@@ -1349,7 +1349,7 @@ switch_application (app_t app, int enable_sigg)
if (!err)
{
tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen);
- if (tmpl && tmpllen == 12
+ if (tmpl && tmpllen == 12
&& !memcmp (tmpl,
"\x93\x02\x00\x01\xA4\x06\x83\x01\x81\x83\x01\x83",
12))
@@ -1359,7 +1359,7 @@ switch_application (app_t app, int enable_sigg)
if (app->app_local->sigg_is_msig)
log_info ("This is a mass signature card\n");
}
-
+
if (!err)
{
app->app_local->need_app_select = 0;
@@ -1379,7 +1379,7 @@ app_select_nks (app_t app)
{
int slot = app->slot;
int rc;
-
+
rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0);
if (!rc)
{
@@ -1416,5 +1416,3 @@ app_select_nks (app_t app)
do_deinit (app);
return rc;
}
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 23:39:04 +0000