1
/* app-nks.c - The Telesec NKS 2.0 card application.
2
* Copyright (C) 2004, 2007 Free Software Foundation, Inc.
1
/* app-nks.c - The Telesec NKS card application.
2
* Copyright (C) 2004, 2007, 2008, 2009 Free Software Foundation, Inc.
4
4
* This file is part of GnuPG.
36
36
int fid; /* File ID. */
37
int nks_ver; /* 0 for NKS version 2, 3 for version 3. */
37
38
int certtype; /* Type of certificate or 0 if it is not a certificate. */
38
39
int iskeypair; /* If true has the FID of the correspoding certificate. */
39
40
int issignkey; /* True if file is a key usable for signing. */
40
41
int isenckey; /* True if file is a key usable for decryption. */
42
{ 0x4531, 0, 0xC000, 1, 0 },
47
{ 0x45B1, 0, 0xC200, 0, 1 },
43
{ 0x4531, 0, 0, 0xC000, 1, 0 }, /* EF_PK.NKS.SIG */
44
{ 0xC000, 0, 101 }, /* EF_C.NKS.SIG */
47
{ 0xB000, 0, 110 }, /* EF_PK.RCA.NKS */
48
{ 0x45B1, 0, 0, 0xC200, 0, 1 }, /* EF_PK.NKS.ENC */
49
{ 0xC200, 0, 101 }, /* EF_C.NKS.ENC */
52
{ 0x4571, 3, 0, 0xc500, 0, 0 }, /* EF_PK.NKS.AUT */
53
{ 0xC500, 3, 101 }, /* EF_C.NKS.AUT */
54
{ 0x45B2, 3, 0, 0xC201, 0, 1 }, /* EF_PK.NKS.ENC1024 */
55
{ 0xC201, 3, 101 }, /* EF_C.NKS.ENC1024 */
61
/* Object with application (i.e. NKS) specific data. */
63
int nks_version; /* NKS version. */
70
/* Release local data. */
74
if (app && app->app_local)
76
xfree (app->app_local);
77
app->app_local = NULL;
56
82
/* Read the file with FID, assume it contains a public key and return
57
83
its keygrip in the caller provided 41 byte buffer R_GRIPSTR. */
59
keygripstr_from_pk_file (int slot, int fid, char *r_gripstr)
85
keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr)
62
88
unsigned char grip[20];
68
err = iso7816_select_file (slot, fid, 0, NULL, NULL);
71
err = iso7816_read_record (slot, 1, 1, 0, &buffer[0], &buflen[0]);
74
err = iso7816_read_record (slot, 2, 1, 0, &buffer[1], &buflen[1]);
94
err = iso7816_select_file (app->slot, fid, 0, NULL, NULL);
97
err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]);
100
err = iso7816_read_record (app->slot, 2, 1, 0, &buffer[1], &buflen[1]);
77
103
xfree (buffer[0]);
107
if (app->app_local->nks_version < 3)
83
/* Check that the value appears like an integer encoded as
84
Simple-TLV. We don't check the tag because the tests cards I
85
have use 1 for both, the modulus and the exponent - the
86
example in the documentation gives 2 for the exponent. */
88
err = gpg_error (GPG_ERR_TOO_SHORT);
89
else if (buffer[i][1] != buflen[i]-2 )
90
err = gpg_error (GPG_ERR_INV_OBJ);
109
/* Old versions of NKS store the values in a TLV encoded format.
110
We need to do some checks. */
111
for (i=0; i < 2; i++)
113
/* Check that the value appears like an integer encoded as
114
Simple-TLV. We don't check the tag because the tests cards I
115
have use 1 for both, the modulus and the exponent - the
116
example in the documentation gives 2 for the exponent. */
118
err = gpg_error (GPG_ERR_TOO_SHORT);
119
else if (buffer[i][1] != buflen[i]-2 )
120
err = gpg_error (GPG_ERR_INV_OBJ);
414
447
if (indatalen != 20 && indatalen != 16 && indatalen != 35)
415
448
return gpg_error (GPG_ERR_INV_VALUE);
417
/* Check that the provided ID is vaid. This is not really needed
450
/* Check that the provided ID is valid. This is not really needed
418
451
but we do it to enforce correct usage by the caller. */
419
452
if (strncmp (keyidstr, "NKS-DF01.", 9) )
420
453
return gpg_error (GPG_ERR_INV_ID);
521
/* Select the NKS 2.0 application. */
553
/* Handle the PASSWD command. CHVNOSTR is currently ignored; we
554
always use VHV0. RESET_MODE is not yet implemented. */
556
do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
558
gpg_error_t (*pincb)(void*, const char *, char **),
569
if ((flags & APP_CHANGE_FLAG_RESET))
570
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
572
if ((flags & APP_CHANGE_FLAG_NULLPIN))
574
/* With the nullpin flag, we do not verify the PIN - it would fail
575
if the Nullpin is still set. */
576
oldpin = "\0\0\0\0\0";
581
err = verify_pin (app, pincb, pincb_arg);
588
/* TRANSLATORS: Do not translate the "|*|" prefixes but
589
keep it at the start of the string. We need this elsewhere
590
to get some infos on the string. */
591
err = pincb (pincb_arg, _("|N|New PIN"), &pinvalue);
594
log_error (_("error getting new PIN: %s\n"), gpg_strerror (err));
598
err = iso7816_change_reference_data (app->slot, 0x00,
600
pinvalue, strlen (pinvalue));
606
/* Perform a simple verify operation. KEYIDSTR should be NULL or empty. */
608
do_check_pin (app_t app, const char *keyidstr,
609
gpg_error_t (*pincb)(void*, const char *, char **),
613
return verify_pin (app, pincb, pincb_arg);
617
/* Return the version of the NKS application. */
619
get_nks_version (int slot)
621
unsigned char *result = NULL;
625
if (iso7816_apdu_direct (slot, "\x80\xaa\x06\x00\x00", 5, 0,
626
&result, &resultlen))
627
return 2; /* NKS 2 does not support this command. */
629
/* Example value: 04 11 19 22 21 6A 20 80 03 03 01 01 01 00 00 00
630
vv tt ccccccccccccccccc aa bb cc vvvvvvvvvvv xx
631
vendor (Philips) -+ | | | | | | |
632
chip type -----------+ | | | | | |
633
chip id ----------------+ | | | | |
634
card type (3 - tcos 3) -------------------+ | | | |
635
OS version of card type ---------------------+ | | |
636
OS release of card type ------------------------+ | |
637
OS vendor internal version ------------------------+ |
638
RFU -----------------------------------------------------------+
641
type = 0; /* Invalid data returned. */
650
/* Select the NKS application. */
523
652
app_select_nks (app_t app)
532
661
app->apptype = "NKS";
663
app->app_local = xtrycalloc (1, sizeof *app->app_local);
666
rc = gpg_error (gpg_err_code_from_errno (errno));
670
app->app_local->nks_version = get_nks_version (slot);
672
log_info ("Detected NKS version: %d\n", app->app_local->nks_version);
674
app->fnc.deinit = do_deinit;
534
675
app->fnc.learn_status = do_learn_status;
535
676
app->fnc.readcert = do_readcert;
536
677
app->fnc.getattr = NULL;