aboutsummaryrefslogtreecommitdiffstats
path: root/scd/app-nks.c
diff options
context:
space:
mode:
Diffstat (limited to 'scd/app-nks.c')
-rw-r--r--scd/app-nks.c78
1 files changed, 48 insertions, 30 deletions
diff --git a/scd/app-nks.c b/scd/app-nks.c
index 40c941616..d12720cf6 100644
--- a/scd/app-nks.c
+++ b/scd/app-nks.c
@@ -53,7 +53,6 @@
#include "scdaemon.h"
#include "../common/i18n.h"
#include "iso7816.h"
-#include "app-common.h"
#include "../common/tlv.h"
#include "apdu.h"
#include "../common/host2net.h"
@@ -151,13 +150,15 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
int i;
int offset[2] = { 0, 0 };
- err = iso7816_select_file (app->slot, fid, 0);
+ err = iso7816_select_file (app_get_slot (app), fid, 0);
if (err)
return err;
- err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]);
+ err = iso7816_read_record (app_get_slot (app), 1, 1, 0,
+ &buffer[0], &buflen[0]);
if (err)
return err;
- err = iso7816_read_record (app->slot, 2, 1, 0, &buffer[1], &buflen[1]);
+ err = iso7816_read_record (app_get_slot (app), 2, 1, 0,
+ &buffer[1], &buflen[1]);
if (err)
{
xfree (buffer[0]);
@@ -272,7 +273,7 @@ get_chv_status (app_t app, int sigg, int pwid)
command[2] = 0x00;
command[3] = pwid;
- if (apdu_send_direct (app->slot, 0, (unsigned char *)command,
+ if (apdu_send_direct (app_get_slot (app), 0, (unsigned char *)command,
4, 0, NULL, &result, &resultlen))
rc = -1; /* Error. */
else if (resultlen < 2)
@@ -406,7 +407,7 @@ do_learn_status_core (app_t app, ctrl_t ctrl, unsigned int flags, int is_sigg)
{
size_t len;
- len = app_help_read_length_of_cert (app->slot,
+ len = app_help_read_length_of_cert (app_get_slot (app),
filelist[i].fid, NULL);
if (len)
{
@@ -528,14 +529,14 @@ do_readcert (app_t app, const char *certid,
/* Read the entire file. fixme: This could be optimized by first
reading the header to figure out how long the certificate
actually is. */
- err = iso7816_select_file (app->slot, fid, 0);
+ err = iso7816_select_file (app_get_slot (app), fid, 0);
if (err)
{
log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
return err;
}
- err = iso7816_read_binary (app->slot, 0, 0, &buffer, &buflen);
+ err = iso7816_read_binary (app_get_slot (app), 0, 0, &buffer, &buflen);
if (err)
{
log_error ("error reading certificate from FID 0x%04X: %s\n",
@@ -618,7 +619,8 @@ do_readcert (app_t app, const char *certid,
certificate parsing code in commands.c:cmd_readkey. For internal
use PK and PKLEN may be NULL to just check for an existing key. */
static gpg_error_t
-do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
+do_readkey (app_t app, ctrl_t ctrl, const char *keyid, unsigned int flags,
+ unsigned char **pk, size_t *pklen)
{
gpg_error_t err;
unsigned char *buffer[2];
@@ -632,13 +634,14 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
/* Access the KEYD file which is always in the master directory. */
- err = iso7816_select_path (app->slot, path, DIM (path));
+ err = iso7816_select_path (app_get_slot (app), path, DIM (path));
if (err)
return err;
/* Due to the above select we need to re-select our application. */
app->app_local->need_app_select = 1;
/* Get the two records. */
- err = iso7816_read_record (app->slot, 5, 1, 0, &buffer[0], &buflen[0]);
+ err = iso7816_read_record (app_get_slot (app), 5, 1, 0,
+ &buffer[0], &buflen[0]);
if (err)
return err;
if (all_zero_p (buffer[0], buflen[0]))
@@ -646,13 +649,22 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
xfree (buffer[0]);
return gpg_error (GPG_ERR_NOT_FOUND);
}
- err = iso7816_read_record (app->slot, 6, 1, 0, &buffer[1], &buflen[1]);
+ err = iso7816_read_record (app_get_slot (app), 6, 1, 0,
+ &buffer[1], &buflen[1]);
if (err)
{
xfree (buffer[0]);
return err;
}
+ if ((flags & APP_READKEY_FLAG_INFO))
+ {
+ /* Not yet implemented but we won't get here for any regular
+ * keyrefs anyway, thus the top layer will provide the
+ * keypairinfo from the certificate. */
+ (void)ctrl;
+ }
+
if (pk && pklen)
{
*pk = make_canon_sexp_from_rsa_pk (buffer[0], buflen[0],
@@ -698,7 +710,7 @@ do_writekey (app_t app, ctrl_t ctrl,
else
return gpg_error (GPG_ERR_INV_ID);
- if (!force && !do_readkey (app, keyid, NULL, NULL))
+ if (!force && !do_readkey (app, ctrl, keyid, 0, NULL, NULL))
return gpg_error (GPG_ERR_EEXIST);
/* Parse the S-expression. */
@@ -751,7 +763,7 @@ do_writekey (app_t app, ctrl_t ctrl,
/* mse[10] = 0x82; /\* RSA public exponent of up to 4 bytes. *\/ */
/* mse[12] = rsa_e_len; */
/* memcpy (mse+12, rsa_e, rsa_e_len); */
-/* err = iso7816_manage_security_env (app->slot, 0x81, 0xB6, */
+/* err = iso7816_manage_security_env (app_get_slot (app), 0x81, 0xB6, */
/* mse, sizeof mse); */
leave:
@@ -794,7 +806,7 @@ verify_pin (app_t app, int pwid, const char *desc,
pininfo.maxlen = 16;
if (!opt.disable_pinpad
- && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
+ && !iso7816_check_pinpad (app_get_slot (app), ISO7816_VERIFY, &pininfo) )
{
rc = pincb (pincb_arg, desc, NULL);
if (rc)
@@ -804,7 +816,7 @@ verify_pin (app_t app, int pwid, const char *desc,
return rc;
}
- rc = iso7816_verify_kp (app->slot, pwid, &pininfo);
+ rc = iso7816_verify_kp (app_get_slot (app), pwid, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
@@ -825,7 +837,8 @@ verify_pin (app_t app, int pwid, const char *desc,
return rc;
}
- rc = iso7816_verify (app->slot, pwid, pinvalue, strlen (pinvalue));
+ rc = iso7816_verify (app_get_slot (app), pwid,
+ pinvalue, strlen (pinvalue));
xfree (pinvalue);
}
@@ -963,7 +976,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
mse[3] = 0x84; /* Private key reference. */
mse[4] = 1;
mse[5] = kid;
- rc = iso7816_manage_security_env (app->slot, 0x41, 0xB6,
+ rc = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB6,
mse, sizeof mse);
}
/* Verify using PW1.CH. */
@@ -971,7 +984,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
rc = verify_pin (app, 0, NULL, pincb, pincb_arg);
/* Compute the signature. */
if (!rc)
- rc = iso7816_compute_ds (app->slot, 0, data, datalen, 0,
+ rc = iso7816_compute_ds (app_get_slot (app), 0, data, datalen, 0,
outdata, outdatalen);
return rc;
}
@@ -1038,7 +1051,7 @@ do_decipher (app_t app, const char *keyidstr,
mse[3] = 0x84; /* Private key reference. */
mse[4] = 1;
mse[5] = kid;
- rc = iso7816_manage_security_env (app->slot, 0x41, 0xB8,
+ rc = iso7816_manage_security_env (app_get_slot (app), 0x41, 0xB8,
mse, sizeof mse);
}
else
@@ -1048,7 +1061,7 @@ do_decipher (app_t app, const char *keyidstr,
0x80, 1, 0x10, /* Select algorithm RSA. */
0x84, 1, 0x81 /* Select local secret key 1 for decryption. */
};
- rc = iso7816_manage_security_env (app->slot, 0xC1, 0xB8,
+ rc = iso7816_manage_security_env (app_get_slot (app), 0xC1, 0xB8,
mse, sizeof mse);
}
@@ -1059,7 +1072,8 @@ do_decipher (app_t app, const char *keyidstr,
/* Note that we need to use extended length APDUs for TCOS 3 cards.
Command chaining does not work. */
if (!rc)
- rc = iso7816_decipher (app->slot, app->app_local->nks_version > 2? 1:0,
+ rc = iso7816_decipher (app_get_slot (app),
+ app->app_local->nks_version > 2? 1:0,
indata, indatalen, 0, 0x81,
outdata, outdatalen);
return rc;
@@ -1251,13 +1265,13 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *pwidstr,
}
memcpy (data, oldpin, oldpinlen);
memcpy (data+oldpinlen, newpin, newpinlen);
- err = iso7816_reset_retry_counter_with_rc (app->slot, pwid,
+ err = iso7816_reset_retry_counter_with_rc (app_get_slot (app), pwid,
data, datalen);
wipememory (data, datalen);
xfree (data);
}
else
- err = iso7816_change_reference_data (app->slot, pwid,
+ err = iso7816_change_reference_data (app_get_slot (app), pwid,
oldpin, oldpinlen,
newpin, newpinlen);
leave:
@@ -1338,9 +1352,11 @@ switch_application (app_t app, int enable_sigg)
log_info ("app-nks: switching to %s\n", enable_sigg? "SigG":"NKS");
if (enable_sigg)
- err = iso7816_select_application (app->slot, aid_sigg, sizeof aid_sigg, 0);
+ err = iso7816_select_application (app_get_slot (app),
+ aid_sigg, sizeof aid_sigg, 0);
else
- err = iso7816_select_application (app->slot, aid_nks, sizeof aid_nks, 0);
+ err = iso7816_select_application (app_get_slot (app),
+ aid_nks, sizeof aid_nks, 0);
if (!err && enable_sigg && app->app_local->nks_version >= 3
&& !app->app_local->sigg_msig_checked)
@@ -1353,9 +1369,10 @@ switch_application (app_t app, int enable_sigg)
app->app_local->sigg_msig_checked = 1;
app->app_local->sigg_is_msig = 1;
- err = iso7816_select_file (app->slot, 0x5349, 0);
+ err = iso7816_select_file (app_get_slot (app), 0x5349, 0);
if (!err)
- err = iso7816_read_record (app->slot, 1, 1, 0, &buffer, &buflen);
+ err = iso7816_read_record (app_get_slot (app), 1, 1, 0,
+ &buffer, &buflen);
if (!err)
{
tmpl = find_tlv (buffer, buflen, 0x7a, &tmpllen);
@@ -1387,13 +1404,13 @@ switch_application (app_t app, int enable_sigg)
gpg_error_t
app_select_nks (app_t app)
{
- int slot = app->slot;
+ int slot = app_get_slot (app);
int rc;
rc = iso7816_select_application (slot, aid_nks, sizeof aid_nks, 0);
if (!rc)
{
- app->apptype = "NKS";
+ app->apptype = APPTYPE_NKS;
app->app_local = xtrycalloc (1, sizeof *app->app_local);
if (!app->app_local)
@@ -1407,6 +1424,7 @@ app_select_nks (app_t app)
log_info ("Detected NKS version: %d\n", app->app_local->nks_version);
app->fnc.deinit = do_deinit;
+ app->fnc.reselect = NULL;
app->fnc.learn_status = do_learn_status;
app->fnc.readcert = do_readcert;
app->fnc.readkey = do_readkey;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-07 19:15:02 +0000