79
79
{ 0x00C4, 0, 0x6E, 1, 0, 1, 1, "CHV Status Bytes" },
80
80
{ 0x00C5, 0, 0x6E, 1, 0, 0, 0, "Fingerprints" },
81
81
{ 0x00C6, 0, 0x6E, 1, 0, 0, 0, "CA Fingerprints" },
82
{ 0x00CD, 0, 0x6E, 1, 0, 0, 0, "Generation time" },
82
83
{ 0x007A, 1, 0, 1, 0, 0, 0, "Security Support Template" },
83
84
{ 0x0093, 0, 0x7A, 1, 1, 0, 0, "Digital Signature Counter" },
85
{ 0x0101, 0, 0, 0, 0, 0, 0, "Private DO 1"},
86
{ 0x0102, 0, 0, 0, 0, 0, 0, "Private DO 2"},
87
{ 0x0103, 0, 0, 0, 0, 0, 0, "Private DO 3"},
88
{ 0x0104, 0, 0, 0, 0, 0, 0, "Private DO 4"},
93
/* One cache item for DOs. */
89
95
struct cache_s *next;
686
794
for (i=0; i < 3; i++)
687
795
send_fpr_if_not_null (ctrl, table[idx].name, i+1, value+i*20);
797
else if (table[idx].special == 4)
800
for (i=0; i < 3; i++)
801
send_fprtime_if_not_null (ctrl, table[idx].name, i+1, value+i*4);
690
804
send_status_info (ctrl, table[idx].name, value, valuelen, NULL, 0);
811
/* Retrieve the fingerprint from the card inserted in SLOT and write
812
the according hex representation to FPR. Caller must have provide
813
a buffer at FPR of least 41 bytes. Returns 0 on success or an
815
#if GNUPG_MAJOR_VERSION > 1
817
retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
821
unsigned char *value;
825
assert (keyno >=0 && keyno <= 2);
827
relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL);
828
if (relptr && valuelen >= 60)
830
for (i = 0; i < 20; i++)
831
sprintf (fpr + (i * 2), "%02X", value[(keyno*20)+i]);
834
err = gpg_error (GPG_ERR_NOT_FOUND);
838
#endif /*GNUPG_MAJOR_VERSION > 1*/
841
/* Retrieve the public key material for the RSA key, whose fingerprint
842
is FPR, from gpg output, which can be read through the stream FP.
843
The RSA modulus will be stored at the address of M and MLEN, the
844
public exponent at E and ELEN. Returns zero on success, an error
845
code on failure. Caller must release the allocated buffers at M
846
and E if the function returns success. */
847
#if GNUPG_MAJOR_VERSION > 1
849
retrieve_key_material (FILE *fp, const char *hexkeyid,
850
const unsigned char **m, size_t *mlen,
851
const unsigned char **e, size_t *elen)
853
gcry_error_t err = 0;
854
char *line = NULL; /* read_line() buffer. */
855
size_t line_size = 0; /* Helper for for read_line. */
856
int found_key = 0; /* Helper to find a matching key. */
857
unsigned char *m_new = NULL;
858
unsigned char *e_new = NULL;
862
/* Loop over all records until we have found the subkey
863
corresponsing to the fingerprint. Inm general the first record
864
should be the pub record, but we don't rely on that. Given that
865
we only need to look at one key, it is sufficient to compare the
866
keyid so that we don't need to look at "fpr" records. */
877
i = read_line (fp, &line, &line_size, &max_length);
882
err = gpg_error_from_errno (errno);
883
goto leave; /* Error. */
887
err = gpg_error (GPG_ERR_TRUNCATED);
888
goto leave; /* Line truncated - we better stop processing. */
891
/* Parse the line into fields. */
892
for (nfields=0, p=line; p && nfields < DIM (fields); nfields++)
900
continue; /* No fields at all - skip line. */
904
if ( (!strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
905
&& nfields > 4 && !strcmp (fields[4], hexkeyid))
910
if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
911
break; /* Next key - stop. */
913
if ( strcmp (fields[0], "pkd") )
914
continue; /* Not a key data record. */
915
i = 0; /* Avoid erroneous compiler warning. */
916
if ( nfields < 4 || (i = atoi (fields[1])) < 0 || i > 1
917
|| (!i && m_new) || (i && e_new))
919
err = gpg_error (GPG_ERR_GENERAL);
920
goto leave; /* Error: Invalid key data record or not an RSA key. */
923
err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_HEX, fields[3], 0, NULL);
927
err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &m_new, &m_new_n, mpi);
929
err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &e_new, &e_new_n, mpi);
930
gcry_mpi_release (mpi);
945
err = gpg_error (GPG_ERR_GENERAL);
953
#endif /*GNUPG_MAJOR_VERSION > 1*/
956
/* Get the public key for KEYNO and store it as an S-expresion with
957
the APP handle. On error that field gets cleared. If we already
958
know about the public key we will just return. Note that this does
959
not mean a key is available; this is soley indicated by the
960
presence of the app->app_local->pk[KEYNO-1].key field.
962
Note that GnuPG 1.x does not need this and it would be too time
963
consuming to send it just for the fun of it. However, given that we
964
use the same code in gpg 1.4, we can't use the gcry S-expresion
965
here but need to open encode it. */
966
#if GNUPG_MAJOR_VERSION > 1
968
get_public_key (app_t app, int keyno)
971
unsigned char *buffer;
972
const unsigned char *keydata, *m, *e;
973
size_t buflen, keydatalen, mlen, elen;
974
unsigned char *mbuf = NULL;
975
unsigned char *ebuf = NULL;
979
if (keyno < 1 || keyno > 3)
980
return gpg_error (GPG_ERR_INV_ID);
983
/* Already cached? */
984
if (app->app_local->pk[keyno].read_done)
987
xfree (app->app_local->pk[keyno].key);
988
app->app_local->pk[keyno].key = NULL;
989
app->app_local->pk[keyno].keylen = 0;
991
m = e = NULL; /* (avoid cc warning) */
993
if (app->card_version > 0x0100)
995
/* We may simply read the public key out of these cards. */
996
err = iso7816_read_public_key
997
(app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
998
keyno == 1? "\xB8" : "\xA4"),
1003
log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
1007
keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
1010
err = gpg_error (GPG_ERR_CARD);
1011
log_error (_("response does not contain the public key data\n"));
1015
m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
1018
err = gpg_error (GPG_ERR_CARD);
1019
log_error (_("response does not contain the RSA modulus\n"));
1024
e = find_tlv (keydata, keydatalen, 0x0082, &elen);
1027
err = gpg_error (GPG_ERR_CARD);
1028
log_error (_("response does not contain the RSA public exponent\n"));
1032
/* Prepend numbers with a 0 if needed. */
1033
if (mlen && (*m & 0x80))
1035
mbuf = xtrymalloc ( mlen + 1);
1038
err = gpg_error_from_errno (errno);
1042
memcpy (mbuf+1, m, mlen);
1046
if (elen && (*e & 0x80))
1048
ebuf = xtrymalloc ( elen + 1);
1051
err = gpg_error_from_errno (errno);
1055
memcpy (ebuf+1, e, elen);
1063
/* Due to a design problem in v1.0 cards we can't get the public
1064
key out of these cards without doing a verify on CHV3.
1065
Clearly that is not an option and thus we try to locate the
1066
key using an external helper.
1068
The helper we use here is gpg itself, which should know about
1069
the key in any case. */
1073
char *command = NULL;
1077
buffer = NULL; /* We don't need buffer. */
1079
err = retrieve_fpr_from_card (app, keyno, fpr);
1082
log_error ("error while retrieving fpr from card: %s\n",
1083
gpg_strerror (err));
1086
hexkeyid = fpr + 24;
1088
ret = asprintf (&command,
1089
"gpg --list-keys --with-colons --with-key-data '%s'",
1093
err = gpg_error_from_errno (errno);
1097
fp = popen (command, "r");
1101
err = gpg_error_from_errno (errno);
1102
log_error ("running gpg failed: %s\n", gpg_strerror (err));
1106
err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
1110
log_error ("error while retrieving key material through pipe: %s\n",
1111
gpg_strerror (err));
1116
/* Allocate a buffer to construct the S-expression. */
1117
/* FIXME: We should provide a generalized S-expression creation
1119
keybuf = xtrymalloc (50 + 2*35 + mlen + elen + 1);
1122
err = gpg_error_from_errno (errno);
1126
sprintf (keybuf, "(10:public-key(3:rsa(1:n%u:", (unsigned int) mlen);
1127
keybuf_p = keybuf + strlen (keybuf);
1128
memcpy (keybuf_p, m, mlen);
1130
sprintf (keybuf_p, ")(1:e%u:", (unsigned int)elen);
1131
keybuf_p += strlen (keybuf_p);
1132
memcpy (keybuf_p, e, elen);
1134
strcpy (keybuf_p, ")))");
1135
keybuf_p += strlen (keybuf_p);
1137
app->app_local->pk[keyno].key = (unsigned char*)keybuf;
1138
app->app_local->pk[keyno].keylen = (keybuf_p - keybuf);
1141
/* Set a flag to indicate that we tried to read the key. */
1142
app->app_local->pk[keyno].read_done = 1;
1149
#endif /* GNUPG_MAJOR_VERSION > 1 */
1153
/* Send the KEYPAIRINFO back. KEYNO needs to be in the range [1,3].
1154
This is used by the LEARN command. */
1156
send_keypair_info (app_t app, ctrl_t ctrl, int keyno)
1158
gpg_error_t err = 0;
1159
/* Note that GnuPG 1.x does not need this and it would be too time
1160
consuming to send it just for the fun of it. */
1161
#if GNUPG_MAJOR_VERSION > 1
1162
unsigned char grip[20];
1167
err = get_public_key (app, keyno);
1171
assert (keyno >= 1 && keyno <= 3);
1172
if (!app->app_local->pk[keyno-1].key)
1173
goto leave; /* No such key - ignore. */
1175
err = keygrip_from_canon_sexp (app->app_local->pk[keyno-1].key,
1176
app->app_local->pk[keyno-1].keylen,
1181
for (i=0; i < 20; i++)
1182
sprintf (gripstr+i*2, "%02X", grip[i]);
1184
sprintf (idbuf, "OPENPGP.%d", keyno);
1185
send_status_info (ctrl, "KEYPAIRINFO",
1187
idbuf, strlen (idbuf),
1191
#endif /* GNUPG_MAJOR_VERSION > 1 */
1197
/* Handle the LEARN command for OpenPGP. */
699
1199
do_learn_status (app_t app, ctrl_t ctrl)
701
1201
do_getattr (app, ctrl, "EXTCAP");
705
1205
do_getattr (app, ctrl, "PUBKEY-URL");
706
1206
do_getattr (app, ctrl, "LOGIN-DATA");
707
1207
do_getattr (app, ctrl, "KEY-FPR");
1208
if (app->card_version > 0x0100)
1209
do_getattr (app, ctrl, "KEY-TIME");
708
1210
do_getattr (app, ctrl, "CA-FPR");
709
1211
do_getattr (app, ctrl, "CHV-STATUS");
710
1212
do_getattr (app, ctrl, "SIG-COUNTER");
1213
if (app->app_local->extcap.private_dos)
1215
do_getattr (app, ctrl, "PRIVATE-DO-1");
1216
do_getattr (app, ctrl, "PRIVATE-DO-2");
1218
do_getattr (app, ctrl, "PRIVATE-DO-3");
1220
do_getattr (app, ctrl, "PRIVATE-DO-4");
1222
send_keypair_info (app, ctrl, 1);
1223
send_keypair_info (app, ctrl, 2);
1224
send_keypair_info (app, ctrl, 3);
1229
/* Handle the READKEY command for OpenPGP. On success a canonical
1230
encoded S-expression with the public key will get stored at PK and
1231
its length (for assertions) at PKLEN; the caller must release that
1232
buffer. On error PK and PKLEN are not changed and an error code is
1235
do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
1237
#if GNUPG_MAJOR_VERSION > 1
1242
if (!strcmp (keyid, "OPENPGP.1"))
1244
else if (!strcmp (keyid, "OPENPGP.2"))
1246
else if (!strcmp (keyid, "OPENPGP.3"))
1249
return gpg_error (GPG_ERR_INV_ID);
1251
err = get_public_key (app, keyno);
1255
buf = app->app_local->pk[keyno-1].key;
1257
return gpg_error (GPG_ERR_NO_PUBKEY);
1258
*pklen = app->app_local->pk[keyno-1].keylen;;
1259
*pk = xtrymalloc (*pklen);
1262
err = gpg_error_from_errno (errno);
1266
memcpy (*pk, buf, *pklen);
1269
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
716
1275
/* Verify CHV2 if required. Depending on the configuration of the
717
1276
card CHV1 will also be verified. */
719
1278
verify_chv2 (app_t app,
720
int (*pincb)(void*, const char *, char **),
1279
gpg_error_t (*pincb)(void*, const char *, char **),
721
1280
void *pincb_arg)
1564
/* Check whether a key already exists. KEYIDX is the index of the key
1565
(0..2). If FORCE is TRUE a diagnositic will be printed but no
1566
error returned if the key already exists. */
1568
does_key_exist (app_t app, int keyidx, int force)
1570
const unsigned char *fpr;
1571
unsigned char *buffer;
1575
assert (keyidx >=0 && keyidx <= 2);
1577
if (iso7816_get_data (app->slot, 0x006E, &buffer, &buflen))
1579
log_error (_("error reading application data\n"));
1580
return gpg_error (GPG_ERR_GENERAL);
1582
fpr = find_tlv (buffer, buflen, 0x00C5, &n);
1585
log_error (_("error reading fingerprint DO\n"));
1587
return gpg_error (GPG_ERR_GENERAL);
1590
for (i=0; i < 20 && !fpr[i]; i++)
1593
if (i!=20 && !force)
1595
log_error (_("key already exists\n"));
1596
return gpg_error (GPG_ERR_EEXIST);
1599
log_info (_("existing key will be replaced\n"));
1601
log_info (_("generating new key\n"));
1607
/* Handle the WRITEKEY command for OpenPGP. This function expects a
1608
canonical encoded S-expression with the secret key in KEYDATA and
1609
its length (for assertions) in KEYDATALEN. KEYID needs to be the
1610
usual keyid which for OpenPGP is the string "OPENPGP.n" with
1611
n=1,2,3. Bit 0 of FLAGS indicates whether an existing key shall
1612
get overwritten. PINCB and PINCB_ARG are the usual arguments for
1613
the pinentry callback. */
1615
do_writekey (app_t app, ctrl_t ctrl,
1616
const char *keyid, unsigned int flags,
1617
gpg_error_t (*pincb)(void*, const char *, char **),
1619
const unsigned char *keydata, size_t keydatalen)
1622
int force = (flags & 1);
1624
const unsigned char *buf, *tok;
1625
size_t buflen, toklen;
1626
int depth, last_depth1, last_depth2;
1627
const unsigned char *rsa_n = NULL;
1628
const unsigned char *rsa_e = NULL;
1629
const unsigned char *rsa_p = NULL;
1630
const unsigned char *rsa_q = NULL;
1631
size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
1633
unsigned char *template = NULL;
1635
size_t template_len;
1636
unsigned char fprbuf[20];
1639
if (!strcmp (keyid, "OPENPGP.1"))
1641
else if (!strcmp (keyid, "OPENPGP.2"))
1643
else if (!strcmp (keyid, "OPENPGP.3"))
1646
return gpg_error (GPG_ERR_INV_ID);
1648
err = does_key_exist (app, keyno, force);
1654
Parse the S-expression
1657
buflen = keydatalen;
1659
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1661
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1663
if (!tok || toklen != 11 || memcmp ("private-key", tok, toklen))
1667
else if (toklen == 21 && !memcmp ("protected-private-key", tok, toklen))
1668
log_info ("protected-private-key passed to writekey\n");
1669
else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
1670
log_info ("shadowed-private-key passed to writekey\n");
1671
err = gpg_error (GPG_ERR_BAD_SECKEY);
1674
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1676
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1678
if (!tok || toklen != 3 || memcmp ("rsa", tok, toklen))
1680
err = gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
1683
last_depth1 = depth;
1684
while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
1685
&& depth && depth >= last_depth1)
1689
err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
1692
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1694
if (tok && toklen == 1)
1696
const unsigned char **mpi;
1701
case 'n': mpi = &rsa_n; mpi_len = &rsa_n_len; break;
1702
case 'e': mpi = &rsa_e; mpi_len = &rsa_e_len; break;
1703
case 'p': mpi = &rsa_p; mpi_len = &rsa_p_len; break;
1704
case 'q': mpi = &rsa_q; mpi_len = &rsa_q_len;break;
1705
default: mpi = NULL; mpi_len = NULL; break;
1709
err = gpg_error (GPG_ERR_DUP_VALUE);
1712
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1716
/* Strip off leading zero bytes and save. */
1717
for (;toklen && !*tok; toklen--, tok++)
1723
/* Skip until end of list. */
1724
last_depth2 = depth;
1725
while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
1726
&& depth && depth >= last_depth2)
1731
/* Parse other attributes. */
1732
last_depth1 = depth;
1733
while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
1734
&& depth && depth >= last_depth1)
1738
err = gpg_error (GPG_ERR_UNKNOWN_SEXP);
1741
if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
1743
if (tok && toklen == 10 && !memcmp ("created-at", tok, toklen))
1745
if ((err = parse_sexp (&buf,&buflen,&depth,&tok,&toklen)))
1749
for (created_at=0; toklen && *tok && *tok >= '0' && *tok <= '9';
1751
created_at = created_at*10 + (*tok - '0');
1754
/* Skip until end of list. */
1755
last_depth2 = depth;
1756
while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
1757
&& depth && depth >= last_depth2)
1764
/* Check that we have all parameters and that they match the card
1768
log_error (_("creation timestamp missing\n"));
1769
err = gpg_error (GPG_ERR_INV_VALUE);
1772
nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0;
1775
log_error (_("RSA modulus missing or not of size %d bits\n"), 1024);
1776
err = gpg_error (GPG_ERR_BAD_SECKEY);
1779
nbits = rsa_e? count_bits (rsa_e, rsa_e_len) : 0;
1780
if (nbits < 2 || nbits > 32)
1782
log_error (_("RSA public exponent missing or larger than %d bits\n"),
1784
err = gpg_error (GPG_ERR_BAD_SECKEY);
1787
nbits = rsa_p? count_bits (rsa_p, rsa_p_len) : 0;
1790
log_error (_("RSA prime %s missing or not of size %d bits\n"), "P", 512);
1791
err = gpg_error (GPG_ERR_BAD_SECKEY);
1794
nbits = rsa_q? count_bits (rsa_q, rsa_q_len) : 0;
1797
log_error (_("RSA prime %s missing or not of size %d bits\n"), "Q", 512);
1798
err = gpg_error (GPG_ERR_BAD_SECKEY);
1803
/* Build the private key template as described in section 4.3.3.6 of
1804
the OpenPGP card specs:
1805
0xC0 <length> public exponent
1806
0xC1 <length> prime p
1807
0xC2 <length> prime q
1809
assert (rsa_e_len <= 4);
1810
template_len = (1 + 1 + 4
1812
+ 1 + 1 + rsa_q_len);
1813
template = tp = xtrymalloc_secure (template_len);
1816
err = gpg_error_from_errno (errno);
1821
memcpy (tp, rsa_e, rsa_e_len);
1824
/* Right justify E. */
1825
memmove (tp+4-rsa_e_len, tp, 4-rsa_e_len);
1826
memset (tp, 0, 4-rsa_e_len);
1832
memcpy (tp, rsa_p, rsa_p_len);
1837
memcpy (tp, rsa_q, rsa_q_len);
1840
assert (tp - template == template_len);
1843
/* Obviously we need to remove the cached public key. */
1844
xfree (app->app_local->pk[keyno].key);
1845
app->app_local->pk[keyno].key = NULL;
1846
app->app_local->pk[keyno].keylen = 0;
1847
app->app_local->pk[keyno].read_done = 0;
1849
/* Prepare for storing the key. */
1850
err = verify_chv3 (app, pincb, pincb_arg);
1854
/* Store the key. */
1855
err = iso7816_put_data (app->slot,
1856
(app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,
1857
template, template_len);
1860
log_error (_("failed to store the key: %s\n"), gpg_strerror (err));
1864
err = store_fpr (app->slot, keyno, created_at,
1865
rsa_n, rsa_n_len, rsa_e, rsa_e_len,
1866
fprbuf, app->card_version);
995
1877
/* Handle the GENKEY command. */
997
1879
do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
998
int (*pincb)(void*, const char *, char **),
1880
gpg_error_t (*pincb)(void*, const char *, char **),
999
1881
void *pincb_arg)
1003
1884
char numbuf[30];
1004
1885
unsigned char fprbuf[20];
1005
const unsigned char *fpr;
1006
1886
const unsigned char *keydata, *m, *e;
1007
unsigned char *buffer;
1008
size_t buflen, keydatalen, n, mlen, elen;
1887
unsigned char *buffer = NULL;
1888
size_t buflen, keydatalen, mlen, elen;
1009
1889
time_t created_at;
1010
1890
int keyno = atoi (keynostr);
1011
1891
int force = (flags & 1);
1019
1899
generation. This _might_ help a card to gather more entropy. */
1020
1900
flush_cache (app);
1022
rc = iso7816_get_data (app->slot, 0x006E, &buffer, &buflen);
1902
/* Obviously we need to remove the cached public key. */
1903
xfree (app->app_local->pk[keyno].key);
1904
app->app_local->pk[keyno].key = NULL;
1905
app->app_local->pk[keyno].keylen = 0;
1906
app->app_local->pk[keyno].read_done = 0;
1908
/* Check whether a key already exists. */
1909
rc = does_key_exist (app, keyno, force);
1025
log_error ("error reading application data\n");
1026
return gpg_error (GPG_ERR_GENERAL);
1028
fpr = find_tlv (buffer, buflen, 0x00C5, &n);
1029
if (!fpr || n != 60)
1031
rc = gpg_error (GPG_ERR_GENERAL);
1032
log_error ("error reading fingerprint DO\n");
1036
for (i=0; i < 20 && !fpr[i]; i++)
1038
if (i!=20 && !force)
1040
rc = gpg_error (GPG_ERR_EEXIST);
1041
log_error ("key already exists\n");
1045
log_info ("existing key will be replaced\n");
1047
log_info ("generating new key\n");
1913
/* Prepare for key generation by verifying the ADmin PIN. */
1050
1914
rc = verify_chv3 (app, pincb, pincb_arg);
1054
xfree (buffer); buffer = NULL;
1057
log_info ("please wait while key is being generated ...\n");
1919
log_info (_("please wait while key is being generated ...\n"));
1058
1920
start_at = time (NULL);
1059
1921
rc = iso7816_generate_keypair
1061
1923
#warning key generation temporary replaced by reading an existing key.
1062
1924
rc = iso7816_read_public_key
1065
keyno == 0? "\xB6" :
1066
keyno == 1? "\xB8" : "\xA4",
1926
(app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
1927
keyno == 1? "\xB8" : "\xA4"),
1071
1932
rc = gpg_error (GPG_ERR_CARD);
1072
log_error ("generating key failed\n");
1933
log_error (_("generating key failed\n"));
1075
log_info ("key generation completed (%d seconds)\n",
1936
log_info (_("key generation completed (%d seconds)\n"),
1076
1937
(int)(time (NULL) - start_at));
1077
1938
keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
1080
1941
rc = gpg_error (GPG_ERR_CARD);
1081
log_error ("response does not contain the public key data\n");
1942
log_error (_("response does not contain the public key data\n"));
1641
/* This function is a hack to retrieve essential information about the
1642
card to be displayed by simple tools. It mostly resembles what the
1643
LEARN command returns. All parameters return allocated strings or
1644
buffers or NULL if the data object is not available. All returned
1645
values are sanitized. */
1647
app_openpgp_cardinfo (app_t app,
1651
unsigned char **fpr1,
1652
unsigned char **fpr2,
1653
unsigned char **fpr3)
1657
unsigned char *value;
1665
rc = app_get_serial_and_stamp (app, serialno, &dummy);
1668
log_error (_("error getting serial number: %s\n"),
1677
relptr = get_one_do (app, 0x005B, &value, &valuelen);
1680
*disp_name = make_printable_string (value, valuelen, 0);
1688
relptr = get_one_do (app, 0x5F50, &value, &valuelen);
1691
*pubkey_url = make_printable_string (value, valuelen, 0);
1702
relptr = get_one_do (app, 0x00C5, &value, &valuelen);
1703
if (relptr && valuelen >= 60)
1707
*fpr1 = xmalloc (20);
1708
memcpy (*fpr1, value + 0, 20);
1712
*fpr2 = xmalloc (20);
1713
memcpy (*fpr2, value + 20, 20);
1717
*fpr3 = xmalloc (20);
1718
memcpy (*fpr3, value + 40, 20);
1728
/* This function is currently only used by the sc-copykeys program to
1729
store a key on the smartcard. app_t ist the application handle,
1730
KEYNO is the number of the key and PINCB, PINCB_ARG are used to ask
1731
for the SO PIN. TEMPLATE and TEMPLATE_LEN describe a buffer with
1732
the key template to store. CREATED_AT is the timestamp used to
1733
create the fingerprint. M, MLEN is the RSA modulus and E, ELEN the
1734
RSA public exponent. This function silently overwrites an existing
1737
app_openpgp_storekey (app_t app, int keyno,
1738
unsigned char *template, size_t template_len,
1740
const unsigned char *m, size_t mlen,
1741
const unsigned char *e, size_t elen,
1742
int (*pincb)(void*, const char *, char **),
1746
unsigned char fprbuf[20];
1748
if (keyno < 1 || keyno > 3)
1749
return gpg_error (GPG_ERR_INV_ID);
1752
rc = verify_chv3 (app, pincb, pincb_arg);
1758
rc = iso7816_put_data (app->slot,
1759
(app->card_version > 0x0007? 0xE0 : 0xE9) + keyno,
1760
template, template_len);
1763
log_error (_("failed to store the key: %s\n"), gpg_strerror (rc));
1764
rc = gpg_error (GPG_ERR_CARD);
1768
/* log_printhex ("RSA n:", m, mlen); */
1769
/* log_printhex ("RSA e:", e, elen); */
1771
rc = store_fpr (app->slot, keyno, (u32)created_at,
1772
m, mlen, e, elen, fprbuf, app->card_version);
1779
/* Utility function for external tools: Read the public RSA key at
1780
KEYNO and return modulus and exponent in (M,MLEN) and (E,ELEN). */
1782
app_openpgp_readkey (app_t app, int keyno, unsigned char **m, size_t *mlen,
1783
unsigned char **e, size_t *elen)
1786
const unsigned char *keydata, *a;
1787
unsigned char *buffer;
1788
size_t buflen, keydatalen, alen;
1793
if (keyno < 1 || keyno > 3)
1794
return gpg_error (GPG_ERR_INV_ID);
1797
rc = iso7816_read_public_key(app->slot,
1798
keyno == 0? "\xB6" :
1799
keyno == 1? "\xB8" : "\xA4",
1804
rc = gpg_error (GPG_ERR_CARD);
1805
log_error (_("reading the key failed\n"));
1809
keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
1812
log_error (_("response does not contain the public key data\n"));
1813
rc = gpg_error (GPG_ERR_CARD);
1817
a = find_tlv (keydata, keydatalen, 0x0081, &alen);
1820
log_error (_("response does not contain the RSA modulus\n"));
1821
rc = gpg_error (GPG_ERR_CARD);
1825
*m = xmalloc (alen);
1826
memcpy (*m, a, alen);
1828
a = find_tlv (keydata, keydatalen, 0x0082, &alen);
1831
log_error (_("response does not contain the RSA public exponent\n"));
1832
rc = gpg_error (GPG_ERR_CARD);
1836
*e = xmalloc (alen);
1837
memcpy (*e, a, alen);
1843
xfree (*m); *m = NULL;
1844
xfree (*e); *e = NULL;