Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sc-hsm-tool: Add options to initialize with public key authentication #2301

Merged
merged 31 commits into from
Mar 1, 2022
Merged

sc-hsm-tool: Add options to initialize with public key authentication #2301

Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
b425ceb
pkcs11-tool: Add prime521v1 curve
Mar 29, 2019
b33429f
pkcs11-tool: Add secp521k1 curve
Mar 29, 2019
d8ddc20
sc-hsm-tool: Add options for public key auth
May 15, 2018
68f97e9
sc-hsm: Initialize card with public key auth
May 15, 2018
9b19244
sc-hsm-tool: Add option --export-for-pub-key-auth
Aug 8, 2018
bf04fd6
sc-hsm-tool: Add option --register-public-key
Aug 8, 2018
a4993f0
sc-hsm-tool: Add option --public-key-auth-status
Jun 11, 2019
d968fdd
coding style
Jun 18, 2019
7c3277d
convert spaces to tabs (consistent coding style)
Jun 20, 2019
95264fe
sc-hsm: use memcpy() instead of strncpy()
Jun 20, 2019
7ddfc88
sc-hsm: use smaller recvbuf
Jun 20, 2019
7aedafc
sc-hsm: use sc_format_apdu_ex()
Jun 20, 2019
1d30d09
sc-hsm-tool: use fread_to_eof()
Jun 20, 2019
3c9b889
sc-hsm: fix messed up formatting
Jun 20, 2019
8887d7a
sc-hsm: fix error message
Jun 20, 2019
a46d770
sc-hsm-tool: improve argument checks
Jun 20, 2019
678fb8d
Revert "sc-hsm-tool: use fread_to_eof()"
Jun 20, 2019
d6470c8
sc-hsm-tool: simplify argument checks
Jun 20, 2019
e90fefe
sc-hsm-tool: use goto for error handling
Jun 20, 2019
03131f3
sc-hsm: strlen() -> strnlen()
Jun 20, 2019
2b3f834
sc-hsm-tool: check for expected tags (.pka files)
Jun 20, 2019
7bf4b1f
adjust sc_format_apdu_ex() calls
Oct 17, 2019
3786797
check for possible out of bounds write
Oct 29, 2019
33757da
card-sc-hsm: add lengths for CHR, CAR, outer CAR
charredlot Apr 5, 2021
fbcebc3
pkcs15-sc-hsm: free outerSignature on cvc free
charredlot Apr 6, 2021
1d3b6ea
pkcs15-sc-hsm: extract CVC ASN.1 parsing setup
charredlot Apr 5, 2021
8195467
pkcs15-sc-hsm: parse public key format
charredlot Apr 6, 2021
66dcf41
card-sc-hsm: rework register public key for PKA
charredlot Apr 7, 2021
6713739
card-sc-hsm: move printing of PKA status to caller
charredlot Apr 21, 2021
0c9ec17
sc-hsm-tool: add PKA options to manpage
charredlot Apr 21, 2021
ac7e12b
sc-hsm-tool: use fread_to_eof to read CVC for PKA
charredlot Apr 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
sc-hsm: use sc_format_apdu_ex()
  • Loading branch information
@charredlot
Frank Braun authored and charredlot committed Apr 21, 2021
commit 7aedafc0da7431314a6042d8569de9bf5d53d555
37 changes: 6 additions & 31 deletions src/libopensc/card-sc-hsm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1482,11 +1482,7 @@ static int verify_certificate(sc_card_t *card, const u8 *cert, size_t cert_len,
}
pukref_len = ptr - pukref;

sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0x22, 0x81, 0xB6);
apdu.cla = 0x00;
apdu.lc = pukref_len;
apdu.data = pukref;
apdu.datalen = pukref_len;
sc_format_apdu_ex(card, &apdu, 0x22, 0x81, 0xB6, pukref, pukref_len, NULL, 0);

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
Expand All @@ -1511,23 +1507,15 @@ static int verify_certificate(sc_card_t *card, const u8 *cert, size_t cert_len,
}
pukref_len = ptr - pukref;

sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0x22, 0x81, 0xB6);
apdu.cla = 0x00;
apdu.lc = pukref_len;
apdu.data = pukref;
apdu.datalen = pukref_len;
sc_format_apdu_ex(card, &apdu, 0x22, 0x81, 0xB6, pukref, pukref_len, NULL, 0);

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
LOG_TEST_RET(card->ctx, r, "Check SW error");

/* verify certificate */
sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0x2A, 0x00, 0xBE);
apdu.cla = 0x00;
apdu.lc = cert_len;
apdu.data = cert;
apdu.datalen = cert_len;
sc_format_apdu_ex(card, &apdu, 0x2A, 0x00, 0xBE, cert, cert_len, NULL, 0);

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
Expand Down Expand Up @@ -1582,26 +1570,16 @@ static int sc_hsm_register_public_key(sc_card_t *card, sc_cardctl_sc_hsm_public_
}
pukref_len = ptr - pukref;

sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0x22, 0x81, 0xB6);
apdu.cla = 0x00;
apdu.lc = pukref_len;
apdu.data = pukref;
apdu.datalen = pukref_len;
sc_format_apdu_ex(card, &apdu, 0x22, 0x81, 0xB6, pukref, pukref_len, NULL, 0);

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
LOG_TEST_RET(card->ctx, r, "Check SW error");

/* manage public key authentication */
sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x54, 0x00, 0x00);
sc_format_apdu_ex(card, &apdu, 0x54, 0x00, 0x00, params->pk, params->pk_length, recvbuf, sizeof recvbuf);
apdu.cla = 0x80;
apdu.lc = params->pk_length;
apdu.data = params->pk;
apdu.datalen = params->pk_length;
apdu.resp = recvbuf;
apdu.resplen = sizeof(recvbuf);
apdu.le = 4;

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(ctx, r, "APDU transmit failed");
Expand All @@ -1625,11 +1603,8 @@ static int sc_hsm_public_key_auth_status(sc_card_t *card)
LOG_FUNC_CALLED(card->ctx);

/* get status */
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_EXT, 0x54, 0x00, 0x00);
sc_format_apdu_ex(card, &apdu, 0x54, 0x00, 0x00, NULL, 0, recvbuf, sizeof recvbuf);
apdu.cla = 0x80;
apdu.resp = recvbuf;
apdu.resplen = sizeof(recvbuf);
apdu.le = 4;

r = sc_transmit_apdu(card, &apdu);
LOG_TEST_RET(ctx, r, "APDU transmit failed");
Expand Down