31
31
#include "iso7816.h"
34
/* This table is used to keep track of locks on a per reader base.
35
The index into the table is the slot number of the reader. The
36
mutex will be initialized on demand (one of the advantages of a
37
userland threading system). */
42
app_t app; /* Application context in use or NULL. */
46
/* Lock the reader SLOT. This function shall be used right before
47
calling any of the actual application functions to serialize access
48
to the reader. We do this always even if the reader is not
49
actually used. This allows an actual connection to assume that it
50
never shares a reader (while performing one command). Returns 0 on
51
success; only then the unlock_reader function must be called after
52
returning from the handler. */
54
lock_reader (int slot)
58
if (slot < 0 || slot >= DIM (lock_table))
59
return gpg_error (slot<0? GPG_ERR_INV_VALUE : GPG_ERR_RESOURCE_LIMIT);
61
if (!lock_table[slot].initialized)
63
if (!pth_mutex_init (&lock_table[slot].lock))
65
err = gpg_error_from_errno (errno);
66
log_error ("error initializing mutex: %s\n", strerror (errno));
69
lock_table[slot].initialized = 1;
70
lock_table[slot].app = NULL;
73
if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL))
75
err = gpg_error_from_errno (errno);
76
log_error ("failed to acquire APP lock for slot %d: %s\n",
77
slot, strerror (errno));
84
/* Release a lock on the reader. See lock_reader(). */
86
unlock_reader (int slot)
88
if (slot < 0 || slot >= DIM (lock_table)
89
|| !lock_table[slot].initialized)
90
log_bug ("unlock_reader called for invalid slot %d\n", slot);
92
if (!pth_mutex_release (&lock_table[slot].lock))
93
log_error ("failed to release APP lock for slot %d: %s\n",
94
slot, strerror (errno));
100
dump_mutex_state (pth_mutex_t *m)
102
if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
103
log_printf ("not_initialized");
104
else if (!(m->mx_state & PTH_MUTEX_LOCKED))
105
log_printf ("not_locked");
107
log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
111
/* This function may be called to print information pertaining to the
112
current state of this module to the log. */
114
app_dump_state (void)
118
for (slot=0; slot < DIM (lock_table); slot++)
119
if (lock_table[slot].initialized)
121
log_info ("app_dump_state: slot=%d lock=", slot);
122
dump_mutex_state (&lock_table[slot].lock);
123
if (lock_table[slot].app)
124
log_printf (" app=%p type=`%s'",
125
lock_table[slot].app, lock_table[slot].app->apptype);
35
131
/* Check wether the application NAME is allowed. This does not mean
36
132
we have support for it though. */
49
145
/* If called with NAME as NULL, select the best fitting application
50
146
and return a context; otherwise select the application with NAME
51
147
and return a context. SLOT identifies the reader device. Returns
52
NULL if no application was found or no card is present. */
54
select_application (ctrl_t ctrl, int slot, const char *name)
148
an error code and stores NULL at R_APP if no application was found
149
or no card is present. */
151
select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
58
155
unsigned char *result = NULL;
160
err = lock_reader (slot);
164
/* First check whether we already have an application to share. */
165
app = lock_table[slot].initialized ? lock_table[slot].app : NULL;
167
if (!app->apptype || ascii_strcasecmp (app->apptype, name))
169
unlock_reader (slot);
171
log_info ("application `%s' in use by reader %d - can't switch\n",
173
return gpg_error (GPG_ERR_CONFLICT);
178
if (app->slot != slot)
179
log_bug ("slot mismatch %d/%d\n", app->slot, slot);
182
unlock_reader (slot);
183
return 0; /* Okay: We share that one. */
61
186
app = xtrycalloc (1, sizeof *app);
64
rc = gpg_error (gpg_err_code_from_errno (errno));
65
log_info ("error allocating context: %s\n", gpg_strerror (rc));
189
err = gpg_error_from_errno (errno);
190
log_info ("error allocating context: %s\n", gpg_strerror (err));
191
unlock_reader (slot);
70
197
/* Fixme: We should now first check whether a card is at all
73
200
/* Try to read the GDO file first to get a default serial number. */
74
rc = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
76
rc = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
78
rc = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
201
err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL);
203
err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL);
205
err = iso7816_read_binary (slot, 0, 0, &result, &resultlen);
82
209
const unsigned char *p;
84
p = find_tlv (result, resultlen, 0x5A, &n);
211
p = find_tlv_unchecked (result, resultlen, 0x5A, &n);
86
213
resultlen -= (p-result);
87
214
if (p && n > resultlen && n == 0x0d && resultlen+1 == n)
241
/* For certain error codes, there is no need to try more. */
242
if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
115
rc = gpg_error (GPG_ERR_NOT_FOUND);
117
if (rc && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp")))
118
rc = app_select_openpgp (app);
119
if (rc && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
120
rc = app_select_nks (app);
121
/* if (rc && is_app_allowed ("p12") && (!name || !strcmp (name, "p12"))) */
122
/* rc = app_select_p12 (app); */
123
if (rc && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
124
rc = app_select_dinsig (app);
126
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
246
/* Figure out the application to use. */
247
err = gpg_error (GPG_ERR_NOT_FOUND);
249
if (err && is_app_allowed ("openpgp")
250
&& (!name || !strcmp (name, "openpgp")))
251
err = app_select_openpgp (app);
252
if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks")))
253
err = app_select_nks (app);
254
if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15")))
255
err = app_select_p15 (app);
256
if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
257
err = app_select_dinsig (app);
259
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
132
265
log_info ("can't select application `%s': %s\n",
133
name, gpg_strerror (rc));
266
name, gpg_strerror (err));
135
268
log_info ("no supported card application found: %s\n",
271
unlock_reader (slot);
141
275
app->initialized = 1;
277
lock_table[slot].app = app;
279
unlock_reader (slot);
284
/* Free the resources associated with the application APP. APP is
285
allowed to be NULL in which case this is a no-op. Note that we are
286
using reference counting to track the users of the application. */
147
288
release_application (app_t app)
295
if (app->ref_count < 1)
296
log_bug ("trying to release an already released context\n");
297
if (--app->ref_count)
300
/* Clear the reference to the application from the lock table. */
301
for (slot = 0; slot < DIM (lock_table); slot++)
302
if (lock_table[slot].initialized && lock_table[slot].app == app)
303
lock_table[slot].app = NULL;
152
306
if (app->fnc.deinit)
154
308
app->fnc.deinit (app);
248
408
the CERTINFO status lines) and return it in the freshly allocated
249
409
buffer put into CERT and the length of the certificate put into
252
412
app_readcert (app_t app, const char *certid,
253
413
unsigned char **cert, size_t *certlen)
256
418
return gpg_error (GPG_ERR_INV_VALUE);
257
419
if (!app->initialized)
258
420
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
259
421
if (!app->fnc.readcert)
260
422
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
262
return app->fnc.readcert (app, certid, cert, certlen);
423
err = lock_reader (app->slot);
426
err = app->fnc.readcert (app, certid, cert, certlen);
427
unlock_reader (app->slot);
432
/* Read the key with ID KEYID. On success a canonical encoded
433
S-expression with the public key will get stored at PK and its
434
length (for assertions) at PKLEN; the caller must release that
435
buffer. On error NULL will be stored at PK and PKLEN and an error
438
This function might not be supported by all applications. */
440
app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
449
if (!app || !keyid || !pk || !pklen)
450
return gpg_error (GPG_ERR_INV_VALUE);
451
if (!app->initialized)
452
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
453
if (!app->fnc.readkey)
454
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
455
err = lock_reader (app->slot);
458
err= app->fnc.readkey (app, keyid, pk, pklen);
459
unlock_reader (app->slot);
266
464
/* Perform a GETATTR operation. */
268
app_getattr (APP app, CTRL ctrl, const char *name)
466
app_getattr (app_t app, CTRL ctrl, const char *name)
270
470
if (!app || !name || !*name)
271
471
return gpg_error (GPG_ERR_INV_VALUE);
272
472
if (!app->initialized)
273
473
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
475
if (app->apptype && name && !strcmp (name, "APPTYPE"))
477
send_status_info (ctrl, "APPTYPE",
478
app->apptype, strlen (app->apptype), NULL, 0);
481
if (name && !strcmp (name, "SERIALNO"))
487
rc = app_get_serial_and_stamp (app, &serial, &stamp);
490
send_status_info (ctrl, "SERIALNO", serial, strlen (serial), NULL, 0);
274
495
if (!app->fnc.getattr)
275
496
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
276
return app->fnc.getattr (app, ctrl, name);
497
err = lock_reader (app->slot);
500
err = app->fnc.getattr (app, ctrl, name);
501
unlock_reader (app->slot);
279
505
/* Perform a SETATTR operation. */
281
app_setattr (APP app, const char *name,
282
int (*pincb)(void*, const char *, char **),
507
app_setattr (app_t app, const char *name,
508
gpg_error_t (*pincb)(void*, const char *, char **),
284
510
const unsigned char *value, size_t valuelen)
286
514
if (!app || !name || !*name || !value)
287
515
return gpg_error (GPG_ERR_INV_VALUE);
288
516
if (!app->initialized)
289
517
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
290
518
if (!app->fnc.setattr)
291
519
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
292
return app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
520
err = lock_reader (app->slot);
523
err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen);
524
unlock_reader (app->slot);
295
528
/* Create the signature and return the allocated result in OUTDATA.
296
529
If a PIN is required the PINCB will be used to ask for the PIN; it
297
530
should return the PIN in an allocated buffer and put it into PIN. */
299
app_sign (APP app, const char *keyidstr, int hashalgo,
300
int (pincb)(void*, const char *, char **),
532
app_sign (app_t app, const char *keyidstr, int hashalgo,
533
gpg_error_t (*pincb)(void*, const char *, char **),
302
535
const void *indata, size_t indatalen,
303
536
unsigned char **outdata, size_t *outdatalen )
307
540
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
308
541
return gpg_error (GPG_ERR_INV_VALUE);
310
543
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
311
544
if (!app->fnc.sign)
312
545
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
313
rc = app->fnc.sign (app, keyidstr, hashalgo,
316
outdata, outdatalen);
546
err = lock_reader (app->slot);
549
err = app->fnc.sign (app, keyidstr, hashalgo,
552
outdata, outdatalen);
553
unlock_reader (app->slot);
318
log_info ("operation sign result: %s\n", gpg_strerror (rc));
555
log_info ("operation sign result: %s\n", gpg_strerror (err));
322
559
/* Create the signature using the INTERNAL AUTHENTICATE command and
323
560
return the allocated result in OUTDATA. If a PIN is required the
324
561
PINCB will be used to ask for the PIN; it should return the PIN in
325
562
an allocated buffer and put it into PIN. */
327
app_auth (APP app, const char *keyidstr,
328
int (pincb)(void*, const char *, char **),
564
app_auth (app_t app, const char *keyidstr,
565
gpg_error_t (*pincb)(void*, const char *, char **),
330
567
const void *indata, size_t indatalen,
331
568
unsigned char **outdata, size_t *outdatalen )
335
572
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
336
573
return gpg_error (GPG_ERR_INV_VALUE);
338
575
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
339
576
if (!app->fnc.auth)
340
577
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
341
rc = app->fnc.auth (app, keyidstr,
344
outdata, outdatalen);
578
err = lock_reader (app->slot);
581
err = app->fnc.auth (app, keyidstr,
584
outdata, outdatalen);
585
unlock_reader (app->slot);
346
log_info ("operation auth result: %s\n", gpg_strerror (rc));
587
log_info ("operation auth result: %s\n", gpg_strerror (err));
351
592
/* Decrypt the data in INDATA and return the allocated result in OUTDATA.
352
593
If a PIN is required the PINCB will be used to ask for the PIN; it
353
594
should return the PIN in an allocated buffer and put it into PIN. */
355
app_decipher (APP app, const char *keyidstr,
356
int (pincb)(void*, const char *, char **),
596
app_decipher (app_t app, const char *keyidstr,
597
gpg_error_t (*pincb)(void*, const char *, char **),
358
599
const void *indata, size_t indatalen,
359
600
unsigned char **outdata, size_t *outdatalen )
363
604
if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb)
364
605
return gpg_error (GPG_ERR_INV_VALUE);
366
607
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
367
608
if (!app->fnc.decipher)
368
609
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
369
rc = app->fnc.decipher (app, keyidstr,
372
outdata, outdatalen);
374
log_info ("operation decipher result: %s\n", gpg_strerror (rc));
610
err = lock_reader (app->slot);
613
err = app->fnc.decipher (app, keyidstr,
616
outdata, outdatalen);
617
unlock_reader (app->slot);
619
log_info ("operation decipher result: %s\n", gpg_strerror (err));
624
/* Perform the WRITEKEY operation. */
626
app_writekey (app_t app, ctrl_t ctrl,
627
const char *keyidstr, unsigned int flags,
628
gpg_error_t (*pincb)(void*, const char *, char **),
630
const unsigned char *keydata, size_t keydatalen)
634
if (!app || !keyidstr || !*keyidstr || !pincb)
635
return gpg_error (GPG_ERR_INV_VALUE);
636
if (!app->initialized)
637
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
638
if (!app->fnc.writekey)
639
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
640
err = lock_reader (app->slot);
643
err = app->fnc.writekey (app, ctrl, keyidstr, flags,
644
pincb, pincb_arg, keydata, keydatalen);
645
unlock_reader (app->slot);
647
log_info ("operation writekey result: %s\n", gpg_strerror (err));
379
653
/* Perform a SETATTR operation. */
381
app_genkey (APP app, CTRL ctrl, const char *keynostr, unsigned int flags,
382
int (*pincb)(void*, const char *, char **),
655
app_genkey (app_t app, CTRL ctrl, const char *keynostr, unsigned int flags,
656
gpg_error_t (*pincb)(void*, const char *, char **),
387
661
if (!app || !keynostr || !*keynostr || !pincb)
388
662
return gpg_error (GPG_ERR_INV_VALUE);
390
664
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
391
665
if (!app->fnc.genkey)
392
666
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
393
rc = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
667
err = lock_reader (app->slot);
670
err = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg);
671
unlock_reader (app->slot);
395
log_info ("operation genkey result: %s\n", gpg_strerror (rc));
673
log_info ("operation genkey result: %s\n", gpg_strerror (err));
400
678
/* Perform a GET CHALLENGE operation. This fucntion is special as it
401
679
directly accesses the card without any application specific
404
app_get_challenge (APP app, size_t nbytes, unsigned char *buffer)
682
app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer)
406
686
if (!app || !nbytes || !buffer)
407
687
return gpg_error (GPG_ERR_INV_VALUE);
408
688
if (!app->initialized)
409
689
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
410
return iso7816_get_challenge (app->slot, nbytes, buffer);
690
err = lock_reader (app->slot);
693
err = iso7816_get_challenge (app->slot, nbytes, buffer);
694
unlock_reader (app->slot);
415
700
/* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */
417
app_change_pin (APP app, CTRL ctrl, const char *chvnostr, int reset_mode,
418
int (*pincb)(void*, const char *, char **),
702
app_change_pin (app_t app, CTRL ctrl, const char *chvnostr, int reset_mode,
703
gpg_error_t (*pincb)(void*, const char *, char **),
423
708
if (!app || !chvnostr || !*chvnostr || !pincb)
424
709
return gpg_error (GPG_ERR_INV_VALUE);
426
711
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
427
712
if (!app->fnc.change_pin)
428
713
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
429
rc = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode, pincb, pincb_arg);
714
err = lock_reader (app->slot);
717
err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode,
719
unlock_reader (app->slot);
431
log_info ("operation change_pin result: %s\n", gpg_strerror (rc));
721
log_info ("operation change_pin result: %s\n", gpg_strerror (err));
436
726
/* Perform a VERIFY operation without doing anything lese. This may
437
be used to initialze a the PION cache for long lasting other
727
be used to initialze a the PIN cache for long lasting other
438
728
operations. Its use is highly application dependent. */
440
app_check_pin (APP app, const char *keyidstr,
441
int (*pincb)(void*, const char *, char **),
730
app_check_pin (app_t app, const char *keyidstr,
731
gpg_error_t (*pincb)(void*, const char *, char **),
446
736
if (!app || !keyidstr || !*keyidstr || !pincb)
447
737
return gpg_error (GPG_ERR_INV_VALUE);