diff options
33 files changed, 21 insertions, 5849 deletions
@@ -19,7 +19,6 @@ /trace/generated-ust.c /ui/shader/texture-blit-frag.h /ui/shader/texture-blit-vert.h -/libcacard/trace/generated-tracers.c *-timestamp /*-softmmu /*-darwin-user @@ -163,9 +163,6 @@ dummy := $(call unnest-vars,, \ ifneq ($(wildcard config-host.mak),) include $(SRC_PATH)/tests/Makefile endif -ifeq ($(CONFIG_SMARTCARD_NSS),y) -include $(SRC_PATH)/libcacard/Makefile -endif all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all modules diff --git a/Makefile.objs b/Makefile.objs index ce87778..bc43e5c 100644 --- a/Makefile.objs +++ b/Makefile.objs @@ -33,18 +33,6 @@ crypto-aes-obj-y = crypto/ qom-obj-y = qom/ ###################################################################### -# smartcard - -libcacard-y += libcacard/cac.o libcacard/event.o -libcacard-y += libcacard/vcard.o libcacard/vreader.o -libcacard-y += libcacard/vcard_emul_nss.o -libcacard-y += libcacard/vcard_emul_type.o -libcacard-y += libcacard/card_7816.o -libcacard-y += libcacard/vcardt.o -libcacard/vcard_emul_nss.o-cflags := $(NSS_CFLAGS) -libcacard/vcard_emul_nss.o-libs := $(NSS_LIBS) - -###################################################################### # Target independent part of system emulation. The long term path is to # suppress *all* target specific code in case of system emulation, i.e. a # single QEMU executable should support all CPUs and machines. @@ -85,8 +73,6 @@ common-obj-y += backends/ common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o -common-obj-$(CONFIG_SMARTCARD_NSS) += $(libcacard-y) - common-obj-$(CONFIG_FDT) += device_tree.o ###################################################################### @@ -302,7 +302,7 @@ trace_backends="nop" trace_file="trace" spice="" rbd="" -smartcard_nss="" +smartcard="" libusb="" usb_redir="" opengl="" @@ -1039,9 +1039,9 @@ for opt do ;; --enable-xfsctl) xfs="yes" ;; - --disable-smartcard-nss) smartcard_nss="no" + --disable-smartcard) smartcard="no" ;; - --enable-smartcard-nss) smartcard_nss="yes" + --enable-smartcard) smartcard="yes" ;; --disable-libusb) libusb="no" ;; @@ -1354,7 +1354,7 @@ disabled with --disable-FEATURE, default is enabled if available: rbd rados block device (rbd) libiscsi iscsi support libnfs nfs support - smartcard-nss smartcard nss support + smartcard smartcard support (libcacard) libusb libusb (for usb passthrough) usb-redir usb network redirection support lzo support of lzo compression library @@ -3810,34 +3810,20 @@ EOF fi fi -# check for libcacard for smartcard support +# check for smartcard support smartcard_cflags="" -# TODO - what's the minimal nss version we support? -if test "$smartcard_nss" != "no"; then - cat > $TMPC << EOF -#include <pk11pub.h> -int main(void) { PK11_FreeSlot(0); return 0; } -EOF - # FIXME: do not include $glib_* in here - nss_libs="$($pkg_config --libs nss 2>/dev/null) $glib_libs" - nss_cflags="$($pkg_config --cflags nss 2>/dev/null) $glib_cflags" - test_cflags="$nss_cflags" - # The header files in nss < 3.13.3 have a bug which causes them to - # emit a warning. If we're going to compile QEMU with -Werror, then - # test that the headers don't have this bug. Otherwise we would pass - # the configure test but fail to compile QEMU later. - if test "$werror" = "yes"; then - test_cflags="-Werror $test_cflags" - fi - if test -n "$libtool" && - $pkg_config --atleast-version=3.12.8 nss && \ - compile_prog "$test_cflags" "$nss_libs"; then - smartcard_nss="yes" +if test "$smartcard" != "no"; then + if $pkg_config libcacard; then + libcacard_cflags=$($pkg_config --cflags libcacard) + libcacard_libs=$($pkg_config --libs libcacard) + QEMU_CFLAGS="$QEMU_CFLAGS $libcacard_cflags" + libs_softmmu="$libs_softmmu $libcacard_libs" + smartcard="yes" else - if test "$smartcard_nss" = "yes"; then - feature_not_found "nss" "Install nss devel >= 3.12.8" + if test "$smartcard" = "yes"; then + feature_not_found "smartcard" "Install libcacard devel" fi - smartcard_nss="no" + smartcard="no" fi fi @@ -4618,7 +4604,7 @@ echo "spice support $spice" fi echo "rbd support $rbd" echo "xfsctl support $xfs" -echo "nss used $smartcard_nss" +echo "smartcard support $smartcard" echo "libusb $libusb" echo "usb net redir $usb_redir" echo "OpenGL support $opengl" @@ -4995,10 +4981,8 @@ if test "$spice" = "yes" ; then echo "CONFIG_SPICE=y" >> $config_host_mak fi -if test "$smartcard_nss" = "yes" ; then - echo "CONFIG_SMARTCARD_NSS=y" >> $config_host_mak - echo "NSS_LIBS=$nss_libs" >> $config_host_mak - echo "NSS_CFLAGS=$nss_cflags" >> $config_host_mak +if test "$smartcard" = "yes" ; then + echo "CONFIG_SMARTCARD=y" >> $config_host_mak fi if test "$libusb" = "yes" ; then diff --git a/docs/libcacard.txt b/docs/libcacard.txt deleted file mode 100644 index 499cf7d..0000000 --- a/docs/libcacard.txt +++ /dev/null @@ -1,483 +0,0 @@ -This file documents the CAC (Common Access Card) library in the libcacard -subdirectory. - -Virtual Smart Card Emulator - -This emulator is designed to provide emulation of actual smart cards to a -virtual card reader running in a guest virtual machine. The emulated smart -cards can be representations of real smart cards, where the necessary functions -such as signing, card removal/insertion, etc. are mapped to real, physical -cards which are shared with the client machine the emulator is running on, or -the cards could be pure software constructs. - -The emulator is structured to allow multiple replaceable or additional pieces, -so it can be easily modified for future requirements. The primary envisioned -modifications are: - -1) The socket connection to the virtual card reader (presumably a CCID reader, -but other ISO-7816 compatible readers could be used). The code that handles -this is in vscclient.c. - -2) The virtual card low level emulation. This is currently supplied by using -NSS. This emulation could be replaced by implementations based on other -security libraries, including but not limitted to openssl+pkcs#11 library, -raw pkcs#11, Microsoft CAPI, direct opensc calls, etc. The code that handles -this is in vcard_emul_nss.c. - -3) Emulation for new types of cards. The current implementation emulates the -original DoD CAC standard with separate pki containers. This emulator lives in -cac.c. More than one card type emulator could be included. Other cards could -be emulated as well, including PIV, newer versions of CAC, PKCS #15, etc. - --------------------- -Replacing the Socket Based Virtual Reader Interface. - -The current implementation contains a replaceable module vscclient.c. The -current vscclient.c implements a sockets interface to the virtual ccid reader -on the guest. CCID commands that are pertinent to emulation are passed -across the socket, and their responses are passed back along that same socket. -The protocol that vscclient uses is defined in vscard_common.h and connects -to a qemu ccid usb device. Since this socket runs as a client, vscclient.c -implements a program with a main entry. It also handles argument parsing for -the emulator. - -An application that wants to use the virtual reader can replace vscclient.c -with its own implementation that connects to its own CCID reader. The calls -that the CCID reader can call are: - - VReaderList * vreader_get_reader_list(); - - This function returns a list of virtual readers. These readers may map to - physical devices, or simulated devices depending on vcard the back end. Each - reader in the list should represent a reader to the virtual machine. Virtual - USB address mapping is left to the CCID reader front end. This call can be - made any time to get an updated list. The returned list is a copy of the - internal list that can be referenced by the caller without locking. This copy - must be freed by the caller with vreader_list_delete when it is no longer - needed. - - VReaderListEntry *vreader_list_get_first(VReaderList *); - - This function gets the first entry on the reader list. Along with - vreader_list_get_next(), vreader_list_get_first() can be used to walk the - reader list returned from vreader_get_reader_list(). VReaderListEntries are - part of the list themselves and do not need to be freed separately from the - list. If there are no entries on the list, it will return NULL. - - VReaderListEntry *vreader_list_get_next(VReaderListEntry *); - - This function gets the next entry in the list. If there are no more entries - it will return NULL. - - VReader * vreader_list_get_reader(VReaderListEntry *) - - This function returns the reader stored in the reader List entry. Caller gets - a new reference to a reader. The caller must free its reference when it is - finished with vreader_free(). - - void vreader_free(VReader *reader); - - This function frees a reference to a reader. Readers are reference counted - and are automatically deleted when the last reference is freed. - - void vreader_list_delete(VReaderList *list); - - This function frees the list, all the elements on the list, and all the - reader references held by the list. - - VReaderStatus vreader_power_on(VReader *reader, char *atr, int *len); - - This function simulates a card power on. A virtual card does not care about - the actual voltage and other physical parameters, but it does care that the - card is actually on or off. Cycling the card causes the card to reset. If - the caller provides enough space, vreader_power_on will return the ATR of - the virtual card. The amount of space provided in atr should be indicated - in *len. The function modifies *len to be the actual length of of the - returned ATR. - - VReaderStatus vreader_power_off(VReader *reader); - - This function simulates a power off of a virtual card. - - VReaderStatus vreader_xfer_bytes(VReader *reader, unsigne char *send_buf, - int send_buf_len, - unsigned char *receive_buf, - int receive_buf_len); - - This function sends a raw apdu to a card and returns the card's response. - The CCID front end should return the response back. Most of the emulation - is driven from these APDUs. - - VReaderStatus vreader_card_is_present(VReader *reader); - - This function returns whether or not the reader has a card inserted. The - vreader_power_on, vreader_power_off, and vreader_xfer_bytes will return - VREADER_NO_CARD. - - const char *vreader_get_name(VReader *reader); - - This function returns the name of the reader. The name comes from the card - emulator level and is usually related to the name of the physical reader. - - VReaderID vreader_get_id(VReader *reader); - - This function returns the id of a reader. All readers start out with an id - of -1. The application can set the id with vreader_set_id. - - VReaderStatus vreader_get_id(VReader *reader, VReaderID id); - - This function sets the reader id. The application is responsible for making - sure that the id is unique for all readers it is actively using. - - VReader *vreader_find_reader_by_id(VReaderID id); - - This function returns the reader which matches the id. If two readers match, - only one is returned. The function returns NULL if the id is -1. - - Event *vevent_wait_next_vevent(); - - This function blocks waiting for reader and card insertion events. There - will be one event for each card insertion, each card removal, each reader - insertion and each reader removal. At start up, events are created for all - the initial readers found, as well as all the cards that are inserted. - - Event *vevent_get_next_vevent(); - - This function returns a pending event if it exists, otherwise it returns - NULL. It does not block. - ----------------- -Card Type Emulator: Adding a New Virtual Card Type - -The ISO 7816 card spec describes 2 types of cards: - 1) File system cards, where the smartcard is managed by reading and writing -data to files in a file system. There is currently only boiler plate -implemented for file system cards. - 2) VM cards, where the card has loadable applets which perform the card -functions. The current implementation supports VM cards. - -In the case of VM cards, the difference between various types of cards is -really what applets have been installed in that card. This structure is -mirrored in card type emulators. The 7816 emulator already handles the basic -ISO 7186 commands. Card type emulators simply need to add the virtual applets -which emulate the real card applets. Card type emulators have exactly one -public entry point: - - VCARDStatus xxx_card_init(VCard *card, const char *flags, - const unsigned char *cert[], - int cert_len[], - VCardKey *key[], - int cert_count); - - The parameters for this are: - card - the virtual card structure which will represent this card. - flags - option flags that may be specific to this card type. - cert - array of binary certificates. - cert_len - array of lengths of each of the certificates specified in cert. - key - array of opaque key structures representing the private keys on - the card. - cert_count - number of entries in cert, cert_len, and key arrays. - - Any cert, cert_len, or key with the same index are matching sets. That is - cert[0] is cert_len[0] long and has the corresponding private key of key[0]. - -The card type emulator is expected to own the VCardKeys, but it should copy -any raw cert data it wants to save. It can create new applets and add them to -the card using the following functions: - - VCardApplet *vcard_new_applet(VCardProcessAPDU apdu_func, - VCardResetApplet reset_func, - const unsigned char *aid, - int aid_len); - - This function creates a new applet. Applet structures store the following - information: - 1) the AID of the applet (set by aid and aid_len). - 2) a function to handle APDUs for this applet. (set by apdu_func, more on - this below). - 3) a function to reset the applet state when the applet is selected. - (set by reset_func, more on this below). - 3) applet private data, a data pointer used by the card type emulator to - store any data or state it needs to complete requests. (set by a - separate call). - 4) applet private data free, a function used to free the applet private - data when the applet itself is destroyed. - The created applet can be added to the card with vcard_add_applet below. - - void vcard_set_applet_private(VCardApplet *applet, - VCardAppletPrivate *private, - VCardAppletPrivateFree private_free); - This function sets the private data and the corresponding free function. - VCardAppletPrivate is an opaque data structure to the rest of the emulator. - The card type emulator can define it any way it wants by defining - struct VCardAppletPrivateStruct {};. If there is already a private data - structure on the applet, the old one is freed before the new one is set up. - passing two NULL clear any existing private data. - - VCardStatus vcard_add_applet(VCard *card, VCardApplet *applet); - - Add an applet onto the list of applets attached to the card. Once an applet - has been added, it can be selected by its AID, and then commands will be - routed to it VCardProcessAPDU function. This function adopts the applet that - is passed into it. Note: 2 applets with the same AID should not be added to - the same card. It is permissible to add more than one applet. Multiple applets - may have the same VCardPRocessAPDU entry point. - -The certs and keys should be attached to private data associated with one or -more appropriate applets for that card. Control will come to the card type -emulators once one of its applets are selected through the VCardProcessAPDU -function it specified when it created the applet. - -The signature of VCardResetApplet is: - VCardStatus (*VCardResetApplet) (VCard *card, int channel); - This function will reset the any internal applet state that needs to be - cleared after a select applet call. It should return VCARD_DONE; - -The signature of VCardProcessAPDU is: - VCardStatus (*VCardProcessAPDU)(VCard *card, VCardAPDU *apdu, - VCardResponse **response); - This function examines the APDU and determines whether it should process - the apdu directly, reject the apdu as invalid, or pass the apdu on to - the basic 7816 emulator for processing. - If the 7816 emulator should process the apdu, then the VCardProcessAPDU - should return VCARD_NEXT. - If there is an error, then VCardProcessAPDU should return an error - response using vcard_make_response and the appropriate 7816 error code - (see card_7816t.h) or vcard_make_response with a card type specific error - code. It should then return VCARD_DONE. - If the apdu can be processed correctly, VCardProcessAPDU should do so, - set the response value appropriately for that APDU, and return VCARD_DONE. - VCardProcessAPDU should always set the response if it returns VCARD_DONE. - It should always either return VCARD_DONE or VCARD_NEXT. - -Parsing the APDU -- - -Prior to processing calling the card type emulator's VCardProcessAPDU function, the emulator has already decoded the APDU header and set several fields: - - apdu->a_data - The raw apdu data bytes. - apdu->a_len - The len of the raw apdu data. - apdu->a_body - The start of any post header parameter data. - apdu->a_Lc - The parameter length value. - apdu->a_Le - The expected length of any returned data. - apdu->a_cla - The raw apdu class. - apdu->a_channel - The channel (decoded from the class). - apdu->a_secure_messaging_type - The decoded secure messaging type - (from class). - apdu->a_type - The decode class type. - apdu->a_gen_type - the generic class type (7816, PROPRIETARY, RFU, PTS). - apdu->a_ins - The instruction byte. - apdu->a_p1 - Parameter 1. - apdu->a_p2 - Parameter 2. - -Creating a Response -- - -The expected result of any APDU call is a response. The card type emulator must -set *response with an appropriate VCardResponse value if it returns VCARD_DONE. -Responses could be as simple as returning a 2 byte status word response, to as -complex as returning a block of data along with a 2 byte response. Which is -returned will depend on the semantics of the APDU. The following functions will -create card responses. - - VCardResponse *vcard_make_response(VCard7816Status status); - - This is the most basic function to get a response. This function will - return a response the consists solely one 2 byte status code. If that status - code is defined in card_7816t.h, then this function is guaranteed to - return a response with that status. If a cart type specific status code - is passed and vcard_make_response fails to allocate the appropriate memory - for that response, then vcard_make_response will return a VCardResponse - of VCARD7816_STATUS_EXC_ERROR_MEMORY. In any case, this function is - guaranteed to return a valid VCardResponse. - - VCardResponse *vcard_response_new(unsigned char *buf, int len, - VCard7816Status status); - - This function is similar to vcard_make_response except it includes some - returned data with the response. It could also fail to allocate enough - memory, in which case it will return NULL. - - VCardResponse *vcard_response_new_status_bytes(unsigned char sw1, - unsigned char sw2); - - Sometimes in 7816 the response bytes are treated as two separate bytes with - split meanings. This function allows you to create a response based on - two separate bytes. This function could fail, in which case it will return - NULL. - - VCardResponse *vcard_response_new_bytes(unsigned char *buf, int len, - unsigned char sw1, - unsigned char sw2); - - This function is the same as vcard_response_new except you may specify - the status as two separate bytes like vcard_response_new_status_bytes. - - -Implementing functionality --- - -The following helper functions access information about the current card -and applet. - - VCARDAppletPrivate *vcard_get_current_applet_private(VCard *card, - int channel); - - This function returns any private data set by the card type emulator on - the currently selected applet. The card type emulator keeps track of the - current applet state in this data structure. Any certs and keys associated - with a particular applet is also stored here. - - int vcard_emul_get_login_count(VCard *card); - - This function returns the number of remaining login attempts for this - card. If the card emulator does not know, or the card does not have a - way of giving this information, this function returns -1. - - - VCard7816Status vcard_emul_login(VCard *card, unsigned char *pin, - int pin_len); - - This function logs into the card and returns the standard 7816 status - word depending on the success or failure of the call. - - void vcard_emul_delete_key(VCardKey *key); - - This function frees the VCardKey passed in to xxxx_card_init. The card - type emulator is responsible for freeing this key when it no longer needs - it. - - VCard7816Status vcard_emul_rsa_op(VCard *card, VCardKey *key, - unsigned char *buffer, - int buffer_size); - - This function does a raw rsa op on the buffer with the given key. - -The sample card type emulator is found in cac.c. It implements the cac specific -applets. Only those applets needed by the coolkey pkcs#11 driver on the guest -have been implemented. To support the full range CAC middleware, a complete CAC -card according to the CAC specs should be implemented here. - ------------------------------- -Virtual Card Emulator - -This code accesses both real smart cards and simulated smart cards through -services provided on the client. The current implementation uses NSS, which -already knows how to talk to various PKCS #11 modules on the client, and is -portable to most operating systems. A particular emulator can have only one -virtual card implementation at a time. - -The virtual card emulator consists of a series of virtual card services. In -addition to the services describe above (services starting with -vcard_emul_xxxx), the virtual card emulator also provides the following -functions: - - VCardEmulError vcard_emul_init(cont VCardEmulOptions *options); - - The options structure is built by another function in the virtual card - interface where a string of virtual card emulator specific strings are - mapped to the options. The actual structure is defined by the virtual card - emulator and is used to determine the configuration of soft cards, or to - determine which physical cards to present to the guest. - - The vcard_emul_init function will build up sets of readers, create any - threads that are needed to watch for changes in the reader state. If readers - have cards present in them, they are also initialized. - - Readers are created with the function. - - VReader *vreader_new(VReaderEmul *reader_emul, - VReaderEmulFree reader_emul_free); - - The freeFunc is used to free the VReaderEmul * when the reader is - destroyed. The VReaderEmul structure is an opaque structure to the - rest of the code, but defined by the virtual card emulator, which can - use it to store any reader specific state. - - Once the reader has been created, it can be added to the front end with the - call: - - VReaderStatus vreader_add_reader(VReader *reader); - - This function will automatically generate the appropriate new reader - events and add the reader to the list. - - To create a new card, the virtual card emulator will call a similar - function. - - VCard *vcard_new(VCardEmul *card_emul, - VCardEmulFree card_emul_free); - - Like vreader_new, this function takes a virtual card emulator specific - structure which it uses to keep track of the card state. - - Once the card is created, it is attached to a card type emulator with the - following function: - - VCardStatus vcard_init(VCard *vcard, VCardEmulType type, - const char *flags, - unsigned char *const *certs, - int *cert_len, - VCardKey *key[], - int cert_count); - - The vcard is the value returned from vcard_new. The type is the - card type emulator that this card should presented to the guest as. - The flags are card type emulator specific options. The certs, - cert_len, and keys are all arrays of length cert_count. These are - the same of the parameters xxxx_card_init() accepts. - - Finally the card is associated with its reader by the call: - - VReaderStatus vreader_insert_card(VReader *vreader, VCard *vcard); - - This function, like vreader_add_reader, will take care of any event - notification for the card insert. - - - VCardEmulError vcard_emul_force_card_remove(VReader *vreader); - - Force a card that is present to appear to be removed to the guest, even if - that card is a physical card and is present. - - - VCardEmulError vcard_emul_force_card_insert(VReader *reader); - - Force a card that has been removed by vcard_emul_force_card_remove to be - reinserted from the point of view of the guest. This will only work if the - card is physically present (which is always true fro a soft card). - - void vcard_emul_get_atr(Vcard *card, unsigned char *atr, int *atr_len); - - Return the virtual ATR for the card. By convention this should be the value - VCARD_ATR_PREFIX(size) followed by several ascii bytes related to this - particular emulator. For instance the NSS emulator returns - {VCARD_ATR_PREFIX(3), 'N', 'S', 'S' }. Do ot return more data then *atr_len; - - void vcard_emul_reset(VCard *card, VCardPower power) - - Set the state of 'card' to the current power level and reset its internal - state (logout, etc). - -------------------------------------------------------- -List of files and their function: -README - This file -card_7816.c - emulate basic 7816 functionality. Parse APDUs. -card_7816.h - apdu and response services definitions. -card_7816t.h - 7816 specific structures, types and definitions. -event.c - event handling code. -event.h - event handling services definitions. -eventt.h - event handling structures and types -vcard.c - handle common virtual card services like creation, destruction, and - applet management. -vcard.h - common virtual card services function definitions. -vcardt.h - comon virtual card types -vreader.c - common virtual reader services. -vreader.h - common virtual reader services definitions. -vreadert.h - comon virtual reader types. -vcard_emul_type.c - manage the card type emulators. -vcard_emul_type.h - definitions for card type emulators. -cac.c - card type emulator for CAC cards -vcard_emul.h - virtual card emulator service definitions. -vcard_emul_nss.c - virtual card emulator implementation for nss. -vscclient.c - socket connection to guest qemu usb driver. -vscard_common.h - common header with the guest qemu usb driver. -mutex.h - header file for machine independent mutexes. -link_test.c - static test to make sure all the symbols are properly defined. diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index 7443e38..8f00fbd 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -23,9 +23,8 @@ common-obj-$(CONFIG_USB_BLUETOOTH) += dev-bluetooth.o ifeq ($(CONFIG_USB_SMARTCARD),y) common-obj-y += dev-smartcard-reader.o -common-obj-y += ccid-card-passthru.o -common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o -ccid-card-emulated.o-cflags := -I$(SRC_PATH)/libcacard +common-obj-$(CONFIG_SMARTCARD) += ccid-card-passthru.o +common-obj-$(CONFIG_SMARTCARD) += ccid-card-emulated.o endif ifeq ($(CONFIG_POSIX),y) diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c index 85a4fc3..9f49c05 100644 --- a/hw/usb/ccid-card-passthru.c +++ b/hw/usb/ccid-card-passthru.c @@ -12,7 +12,7 @@ #include "qemu/error-report.h" #include "qemu/sockets.h" #include "ccid.h" -#include "libcacard/vscard_common.h" +#include "cacard/vscard_common.h" #define DPRINTF(card, lvl, fmt, ...) \ do { \ diff --git a/libcacard/Makefile b/libcacard/Makefile deleted file mode 100644 index b5eddff..0000000 --- a/libcacard/Makefile +++ /dev/null @@ -1,45 +0,0 @@ -libcacard_includedir=$(includedir)/cacard - -TOOLS += vscclient$(EXESUF) - -# objects linked into a shared library, built with libtool with -fPIC if required -libcacard-obj-y = $(libcacard-y) -libcacard-lobj-y=$(patsubst %.o,%.lo,$(libcacard-obj-y)) - -# libtool will build the .o files, too -$(libcacard-obj-y): | $(libcacard-lobj-y) - -all: libcacard.la libcacard.pc - -vscclient$(EXESUF): libcacard/vscclient.o libcacard.la - $(call LINK,$^) - -######################################################################### -# Rules for building libcacard standalone library - -libcacard.la: LDFLAGS += -rpath $(libdir) -no-undefined \ - -export-symbols $(SRC_PATH)/libcacard/libcacard.syms -# Prevent libcacard.so linking against the entire world of 3rd party libs -libcacard.la: LIBS = -libcacard.la: $(libcacard-lobj-y) - $(call LINK,$^) - -libcacard.pc: $(SRC_PATH)/libcacard/libcacard.pc.in - $(call quiet-command,sed -e 's|@LIBDIR@|$(libdir)|' \ - -e 's|@INCLUDEDIR@|$(libcacard_includedir)|' \ - -e 's|@VERSION@|$(shell cat $(SRC_PATH)/VERSION)|' \ - -e 's|@PREFIX@|$(prefix)|' $< > libcacard.pc,\ - " GEN $@") - -.PHONY: install-libcacard - -install: install-libcacard -install-libcacard: libcacard.pc libcacard.la - $(INSTALL_DIR) "$(DESTDIR)$(libdir)" - $(INSTALL_DIR) "$(DESTDIR)$(libdir)/pkgconfig" - $(INSTALL_DIR) "$(DESTDIR)$(libcacard_includedir)" - $(INSTALL_LIB) libcacard.la "$(DESTDIR)$(libdir)" - $(INSTALL_DATA) libcacard.pc "$(DESTDIR)$(libdir)/pkgconfig" - for inc in $(SRC_PATH)/libcacard/*.h; do \ - $(INSTALL_DATA) $$inc "$(DESTDIR)$(libcacard_includedir)"; \ - done diff --git a/libcacard/cac.c b/libcacard/cac.c deleted file mode 100644 index bc84534..0000000 --- a/libcacard/cac.c +++ /dev/null @@ -1,414 +0,0 @@ -/* - * implement the applets for the CAC card. - * - * This code is licensed under the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include "glib-compat.h" - -#include <string.h> -#include <stdbool.h> - -#include "cac.h" -#include "vcard.h" -#include "vcard_emul.h" -#include "card_7816.h" - -/* private data for PKI applets */ -typedef struct CACPKIAppletDataStruct { - unsigned char *cert; - int cert_len; - unsigned char *cert_buffer; - int cert_buffer_len; - unsigned char *sign_buffer; - int sign_buffer_len; - VCardKey *key; -} CACPKIAppletData; - -/* - * CAC applet private data - */ -struct VCardAppletPrivateStruct { - union { - CACPKIAppletData pki_data; - void *reserved; - } u; -}; - -/* - * handle all the APDU's that are common to all CAC applets - */ -static VCardStatus -cac_common_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response) -{ - int ef; - VCardStatus ret = VCARD_FAIL; - - switch (apdu->a_ins) { - case VCARD7816_INS_SELECT_FILE: - if (apdu->a_p1 != 0x02) { - /* let the 7816 code handle applet switches */ - ret = VCARD_NEXT; - break; - } - /* handle file id setting */ - if (apdu->a_Lc != 2) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_DATA_INVALID); - ret = VCARD_DONE; - break; - } - /* CAC 1.0 only supports ef = 0 */ - ef = apdu->a_body[0] | (apdu->a_body[1] << 8); - if (ef != 0) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_FILE_NOT_FOUND); - ret = VCARD_DONE; - break; - } - *response = vcard_make_response(VCARD7816_STATUS_SUCCESS); - ret = VCARD_DONE; - break; - case VCARD7816_INS_GET_RESPONSE: - case VCARD7816_INS_VERIFY: - /* let the 7816 code handle these */ - ret = VCARD_NEXT; - break; - case CAC_GET_PROPERTIES: - case CAC_GET_ACR: - /* skip these for now, this will probably be needed */ - *response = vcard_make_response(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); - ret = VCARD_DONE; - break; - default: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - ret = VCARD_DONE; - break; - } - return ret; -} - -/* - * reset the inter call state between applet selects - */ -static VCardStatus -cac_applet_pki_reset(VCard *card, int channel) -{ - VCardAppletPrivate *applet_private; - CACPKIAppletData *pki_applet; - applet_private = vcard_get_current_applet_private(card, channel); - assert(applet_private); - pki_applet = &(applet_private->u.pki_data); - - pki_applet->cert_buffer = NULL; - g_free(pki_applet->sign_buffer); - pki_applet->sign_buffer = NULL; - pki_applet->cert_buffer_len = 0; - pki_applet->sign_buffer_len = 0; - return VCARD_DONE; -} - -static VCardStatus -cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - CACPKIAppletData *pki_applet; - VCardAppletPrivate *applet_private; - int size, next; - unsigned char *sign_buffer; - bool retain_sign_buffer = FALSE; - vcard_7816_status_t status; - VCardStatus ret = VCARD_FAIL; - - applet_private = vcard_get_current_applet_private(card, apdu->a_channel); - assert(applet_private); - pki_applet = &(applet_private->u.pki_data); - - switch (apdu->a_ins) { - case CAC_UPDATE_BUFFER: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED); - ret = VCARD_DONE; - break; - case CAC_GET_CERTIFICATE: - if ((apdu->a_p2 != 0) || (apdu->a_p1 != 0)) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); - break; - } - assert(pki_applet->cert != NULL); - size = apdu->a_Le; - if (pki_applet->cert_buffer == NULL) { - pki_applet->cert_buffer = pki_applet->cert; - pki_applet->cert_buffer_len = pki_applet->cert_len; - } - size = MIN(size, pki_applet->cert_buffer_len); - next = MIN(255, pki_applet->cert_buffer_len - size); - *response = vcard_response_new_bytes( - card, pki_applet->cert_buffer, size, - apdu->a_Le, next ? - VCARD7816_SW1_WARNING_CHANGE : - VCARD7816_SW1_SUCCESS, - next); - pki_applet->cert_buffer += size; - pki_applet->cert_buffer_len -= size; - if ((*response == NULL) || (next == 0)) { - pki_applet->cert_buffer = NULL; - } - if (*response == NULL) { - *response = vcard_make_response( - VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - } - ret = VCARD_DONE; - break; - case CAC_SIGN_DECRYPT: - if (apdu->a_p2 != 0) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); - break; - } - size = apdu->a_Lc; - - sign_buffer = g_realloc(pki_applet->sign_buffer, - pki_applet->sign_buffer_len + size); - memcpy(sign_buffer+pki_applet->sign_buffer_len, apdu->a_body, size); - size += pki_applet->sign_buffer_len; - switch (apdu->a_p1) { - case 0x80: - /* p1 == 0x80 means we haven't yet sent the whole buffer, wait for - * the rest */ - pki_applet->sign_buffer = sign_buffer; - pki_applet->sign_buffer_len = size; - *response = vcard_make_response(VCARD7816_STATUS_SUCCESS); - retain_sign_buffer = TRUE; - break; - case 0x00: - /* we now have the whole buffer, do the operation, result will be - * in the sign_buffer */ - status = vcard_emul_rsa_op(card, pki_applet->key, - sign_buffer, size); - if (status != VCARD7816_STATUS_SUCCESS) { - *response = vcard_make_response(status); - break; - } - *response = vcard_response_new(card, sign_buffer, size, apdu->a_Le, - VCARD7816_STATUS_SUCCESS); - if (*response == NULL) { - *response = vcard_make_response( - VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - } - break; - default: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); - break; - } - if (!retain_sign_buffer) { - g_free(sign_buffer); - pki_applet->sign_buffer = NULL; - pki_applet->sign_buffer_len = 0; - } - ret = VCARD_DONE; - break; - case CAC_READ_BUFFER: - /* new CAC call, go ahead and use the old version for now */ - /* TODO: implement */ - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - ret = VCARD_DONE; - break; - default: - ret = cac_common_process_apdu(card, apdu, response); - break; - } - return ret; -} - - -static VCardStatus -cac_applet_id_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - VCardStatus ret = VCARD_FAIL; - - switch (apdu->a_ins) { - case CAC_UPDATE_BUFFER: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED); - ret = VCARD_DONE; - break; - case CAC_READ_BUFFER: - /* new CAC call, go ahead and use the old version for now */ - /* TODO: implement */ - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - ret = VCARD_DONE; - break; - default: - ret = cac_common_process_apdu(card, apdu, response); - break; - } - return ret; -} - - -/* - * TODO: if we ever want to support general CAC middleware, we will need to - * implement the various containers. - */ -static VCardStatus -cac_applet_container_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - VCardStatus ret = VCARD_FAIL; - - switch (apdu->a_ins) { - case CAC_READ_BUFFER: - case CAC_UPDATE_BUFFER: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - ret = VCARD_DONE; - break; - default: - ret = cac_common_process_apdu(card, apdu, response); - break; - } - return ret; -} - -/* - * utilities for creating and destroying the private applet data - */ -static void -cac_delete_pki_applet_private(VCardAppletPrivate *applet_private) -{ - CACPKIAppletData *pki_applet_data; - - if (applet_private == NULL) { - return; - } - pki_applet_data = &(applet_private->u.pki_data); - g_free(pki_applet_data->cert); - g_free(pki_applet_data->sign_buffer); - if (pki_applet_data->key != NULL) { - vcard_emul_delete_key(pki_applet_data->key); - } - g_free(applet_private); -} - -static VCardAppletPrivate * -cac_new_pki_applet_private(const unsigned char *cert, - int cert_len, VCardKey *key) -{ - CACPKIAppletData *pki_applet_data; - VCardAppletPrivate *applet_private; - - applet_private = g_new0(VCardAppletPrivate, 1); - pki_applet_data = &(applet_private->u.pki_data); - pki_applet_data->cert = (unsigned char *)g_malloc(cert_len+1); - /* - * if we want to support compression, then we simply change the 0 to a 1 - * and compress the cert data with libz - */ - pki_applet_data->cert[0] = 0; /* not compressed */ - memcpy(&pki_applet_data->cert[1], cert, cert_len); - pki_applet_data->cert_len = cert_len+1; - - pki_applet_data->key = key; - return applet_private; -} - - -/* - * create a new cac applet which links to a given cert - */ -static VCardApplet * -cac_new_pki_applet(int i, const unsigned char *cert, - int cert_len, VCardKey *key) -{ - VCardAppletPrivate *applet_private; - VCardApplet *applet; - unsigned char pki_aid[] = { 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 }; - int pki_aid_len = sizeof(pki_aid); - - pki_aid[pki_aid_len-1] = i; - - applet_private = cac_new_pki_applet_private(cert, cert_len, key); - if (applet_private == NULL) { - goto failure; - } - applet = vcard_new_applet(cac_applet_pki_process_apdu, cac_applet_pki_reset, - pki_aid, pki_aid_len); - if (applet == NULL) { - goto failure; - } - vcard_set_applet_private(applet, applet_private, - cac_delete_pki_applet_private); - applet_private = NULL; - - return applet; - -failure: - if (applet_private != NULL) { - cac_delete_pki_applet_private(applet_private); - } - return NULL; -} - - -static unsigned char cac_default_container_aid[] = { - 0xa0, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00 }; -static unsigned char cac_id_aid[] = { - 0xa0, 0x00, 0x00, 0x00, 0x79, 0x03, 0x00 }; -/* - * Initialize the cac card. This is the only public function in this file. All - * the rest are connected through function pointers. - */ -VCardStatus -cac_card_init(VReader *reader, VCard *card, - const char *params, - unsigned char * const *cert, - int cert_len[], - VCardKey *key[] /* adopt the keys*/, - int cert_count) -{ - int i; - VCardApplet *applet; - - /* CAC Cards are VM Cards */ - vcard_set_type(card, VCARD_VM); - - /* create one PKI applet for each cert */ - for (i = 0; i < cert_count; i++) { - applet = cac_new_pki_applet(i, cert[i], cert_len[i], key[i]); - if (applet == NULL) { - goto failure; - } - vcard_add_applet(card, applet); - } - - /* create a default blank container applet */ - applet = vcard_new_applet(cac_applet_container_process_apdu, - NULL, cac_default_container_aid, - sizeof(cac_default_container_aid)); - if (applet == NULL) { - goto failure; - } - vcard_add_applet(card, applet); - - /* create a default blank container applet */ - applet = vcard_new_applet(cac_applet_id_process_apdu, - NULL, cac_id_aid, - sizeof(cac_id_aid)); - if (applet == NULL) { - goto failure; - } - vcard_add_applet(card, applet); - return VCARD_DONE; - -failure: - return VCARD_FAIL; -} - diff --git a/libcacard/cac.h b/libcacard/cac.h deleted file mode 100644 index d24a2a8..0000000 --- a/libcacard/cac.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * defines the entry point for the cac card. Only used by cac.c anc - * vcard_emul_type.c - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef CAC_H -#define CAC_H 1 -#include "vcard.h" -#include "vreader.h" - -#define CAC_GET_PROPERTIES 0x56 -#define CAC_GET_ACR 0x4c -#define CAC_READ_BUFFER 0x52 -#define CAC_UPDATE_BUFFER 0x58 -#define CAC_SIGN_DECRYPT 0x42 -#define CAC_GET_CERTIFICATE 0x36 - -/* - * Initialize the cac card. This is the only public function in this file. All - * the rest are connected through function pointers. - */ -VCardStatus cac_card_init(VReader *reader, VCard *card, const char *params, - unsigned char * const *cert, int cert_len[], - VCardKey *key[] /* adopt the keys*/, - int cert_count); - -/* not yet implemented */ -VCardStatus cac_is_cac_card(VReader *reader); -#endif diff --git a/libcacard/card_7816.c b/libcacard/card_7816.c deleted file mode 100644 index 22fd334..0000000 --- a/libcacard/card_7816.c +++ /dev/null @@ -1,757 +0,0 @@ -/* - * Implement the 7816 portion of the card spec - * - * This code is licensed under the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include "glib-compat.h" - -#include <string.h> - -#include "vcard.h" -#include "vcard_emul.h" -#include "card_7816.h" - -/* - * set the status bytes based on the status word - */ -static void -vcard_response_set_status(VCardResponse *response, vcard_7816_status_t status) -{ - unsigned char sw1, sw2; - response->b_status = status; /* make sure the status and swX representations - * are consistent */ - sw1 = (status >> 8) & 0xff; - sw2 = status & 0xff; - response->b_sw1 = sw1; - response->b_sw2 = sw2; - response->b_data[response->b_len] = sw1; - response->b_data[response->b_len+1] = sw2; -} - -/* - * set the status bytes in a response buffer - */ -static void -vcard_response_set_status_bytes(VCardResponse *response, - unsigned char sw1, unsigned char sw2) -{ - response->b_status = sw1 << 8 | sw2; - response->b_sw1 = sw1; - response->b_sw2 = sw2; - response->b_data[response->b_len] = sw1; - response->b_data[response->b_len+1] = sw2; -} - -/* - * allocate a VCardResponse structure, plus space for the data buffer, and - * set up everything but the resonse bytes. - */ -VCardResponse * -vcard_response_new_data(unsigned char *buf, int len) -{ - VCardResponse *new_response; - - new_response = g_new(VCardResponse, 1); - new_response->b_data = g_malloc(len + 2); - memcpy(new_response->b_data, buf, len); - new_response->b_total_len = len+2; - new_response->b_len = len; - new_response->b_type = VCARD_MALLOC; - return new_response; -} - -static VCardResponse * -vcard_init_buffer_response(VCard *card, unsigned char *buf, int len) -{ - VCardResponse *response; - VCardBufferResponse *buffer_response; - - buffer_response = vcard_get_buffer_response(card); - if (buffer_response) { - vcard_set_buffer_response(card, NULL); - vcard_buffer_response_delete(buffer_response); - } - buffer_response = vcard_buffer_response_new(buf, len); - if (buffer_response == NULL) { - return NULL; - } - response = vcard_response_new_status_bytes(VCARD7816_SW1_RESPONSE_BYTES, - len > 255 ? 0 : len); - if (response == NULL) { - return NULL; - } - vcard_set_buffer_response(card, buffer_response); - return response; -} - -/* - * general buffer to hold results from APDU calls - */ -VCardResponse * -vcard_response_new(VCard *card, unsigned char *buf, - int len, int Le, vcard_7816_status_t status) -{ - VCardResponse *new_response; - - if (len > Le) { - return vcard_init_buffer_response(card, buf, len); - } - new_response = vcard_response_new_data(buf, len); - if (new_response == NULL) { - return NULL; - } - vcard_response_set_status(new_response, status); - return new_response; -} - -/* - * general buffer to hold results from APDU calls - */ -VCardResponse * -vcard_response_new_bytes(VCard *card, unsigned char *buf, int len, int Le, - unsigned char sw1, unsigned char sw2) -{ - VCardResponse *new_response; - - if (len > Le) { - return vcard_init_buffer_response(card, buf, len); - } - new_response = vcard_response_new_data(buf, len); - if (new_response == NULL) { - return NULL; - } - vcard_response_set_status_bytes(new_response, sw1, sw2); - return new_response; -} - -/* - * get a new Response buffer that only has a status. - */ -static VCardResponse * -vcard_response_new_status(vcard_7816_status_t status) -{ - VCardResponse *new_response; - - new_response = g_new(VCardResponse, 1); - new_response->b_data = &new_response->b_sw1; - new_response->b_len = 0; - new_response->b_total_len = 2; - new_response->b_type = VCARD_MALLOC_STRUCT; - vcard_response_set_status(new_response, status); - return new_response; -} - -/* - * same as above, but specify the status as separate bytes - */ -VCardResponse * -vcard_response_new_status_bytes(unsigned char sw1, unsigned char sw2) -{ - VCardResponse *new_response; - - new_response = g_new(VCardResponse, 1); - new_response->b_data = &new_response->b_sw1; - new_response->b_len = 0; - new_response->b_total_len = 2; - new_response->b_type = VCARD_MALLOC_STRUCT; - vcard_response_set_status_bytes(new_response, sw1, sw2); - return new_response; -} - - -/* - * free the response buffer. The Buffer has a type to handle the buffer - * allocated in other ways than through malloc. - */ -void -vcard_response_delete(VCardResponse *response) -{ - if (response == NULL) { - return; - } - switch (response->b_type) { - case VCARD_MALLOC: - /* everything was malloc'ed */ - g_free(response->b_data); - g_free(response); - break; - case VCARD_MALLOC_DATA: - /* only the data buffer was malloc'ed */ - g_free(response->b_data); - break; - case VCARD_MALLOC_STRUCT: - /* only the structure was malloc'ed */ - g_free(response); - break; - case VCARD_STATIC: - break; - } -} - -/* - * decode the class bit and set our generic type field, channel, and - * secure messaging values. - */ -static vcard_7816_status_t -vcard_apdu_set_class(VCardAPDU *apdu) { - apdu->a_channel = 0; - apdu->a_secure_messaging = 0; - apdu->a_type = apdu->a_cla & 0xf0; - apdu->a_gen_type = VCARD_7816_ISO; - - /* parse the class tables 8 & 9 of the 7816-4 Part 4 spec */ - switch (apdu->a_type) { - /* we only support the basic types */ - case 0x00: - case 0x80: - case 0x90: - case 0xa0: - apdu->a_channel = apdu->a_cla & 3; - apdu->a_secure_messaging = apdu->a_cla & 0xe; - break; - case 0xb0: - case 0xc0: - break; - - case 0x10: - case 0x20: - case 0x30: - case 0x40: - case 0x50: - case 0x60: - case 0x70: - /* Reserved for future use */ - apdu->a_gen_type = VCARD_7816_RFU; - break; - case 0xd0: - case 0xe0: - case 0xf0: - default: - apdu->a_gen_type = - (apdu->a_cla == 0xff) ? VCARD_7816_PTS : VCARD_7816_PROPRIETARY; - break; - } - return VCARD7816_STATUS_SUCCESS; -} - -/* - * set the Le and Lc fields according to table 5 of the - * 7816-4 part 4 spec - */ -static vcard_7816_status_t -vcard_apdu_set_length(VCardAPDU *apdu) -{ - int L, Le; - - /* process according to table 5 of the 7816-4 Part 4 spec. - * variable names match the variables in the spec */ - L = apdu->a_len-4; /* fixed APDU header */ - apdu->a_Lc = 0; - apdu->a_Le = 0; - apdu->a_body = NULL; - switch (L) { - case 0: - /* 1 minimal apdu */ - return VCARD7816_STATUS_SUCCESS; - case 1: - /* 2S only return values apdu */ - /* zero maps to 256 here */ - apdu->a_Le = apdu->a_header->ah_Le ? - apdu->a_header->ah_Le : 256; - return VCARD7816_STATUS_SUCCESS; - default: - /* if the ah_Le byte is zero and we have more than - * 1 byte in the header, then we must be using extended Le and Lc. - * process the extended now. */ - if (apdu->a_header->ah_Le == 0) { - if (L < 3) { - /* coding error, need at least 3 bytes */ - return VCARD7816_STATUS_ERROR_WRONG_LENGTH; - } - /* calculate the first extended value. Could be either Le or Lc */ - Le = (apdu->a_header->ah_body[0] << 8) - || apdu->a_header->ah_body[1]; - if (L == 3) { - /* 2E extended, return data only */ - /* zero maps to 65536 */ - apdu->a_Le = Le ? Le : 65536; - return VCARD7816_STATUS_SUCCESS; - } - if (Le == 0) { - /* reserved for future use, probably for next time we need - * to extend the lengths */ - return VCARD7816_STATUS_ERROR_WRONG_LENGTH; - } - /* we know that the first extended value is Lc now */ - apdu->a_Lc = Le; - apdu->a_body = &apdu->a_header->ah_body[2]; - if (L == Le+3) { - /* 3E extended, only body parameters */ - return VCARD7816_STATUS_SUCCESS; - } - if (L == Le+5) { - /* 4E extended, parameters and return data */ - Le = (apdu->a_data[apdu->a_len-2] << 8) - || apdu->a_data[apdu->a_len-1]; - apdu->a_Le = Le ? Le : 65536; - return VCARD7816_STATUS_SUCCESS; - } - return VCARD7816_STATUS_ERROR_WRONG_LENGTH; - } - /* not extended */ - apdu->a_Lc = apdu->a_header->ah_Le; - apdu->a_body = &apdu->a_header->ah_body[0]; - if (L == apdu->a_Lc + 1) { - /* 3S only body parameters */ - return VCARD7816_STATUS_SUCCESS; - } - if (L == apdu->a_Lc + 2) { - /* 4S parameters and return data */ - Le = apdu->a_data[apdu->a_len-1]; - apdu->a_Le = Le ? Le : 256; - return VCARD7816_STATUS_SUCCESS; - } - break; - } - return VCARD7816_STATUS_ERROR_WRONG_LENGTH; -} - -/* - * create a new APDU from a raw set of bytes. This will decode all the - * above fields. users of VCARDAPDU's can then depend on the already decoded - * values. - */ -VCardAPDU * -vcard_apdu_new(unsigned char *raw_apdu, int len, vcard_7816_status_t *status) -{ - VCardAPDU *new_apdu; - - *status = VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE; - if (len < 4) { - *status = VCARD7816_STATUS_ERROR_WRONG_LENGTH; - return NULL; - } - - new_apdu = g_new(VCardAPDU, 1); - new_apdu->a_data = g_memdup(raw_apdu, len); - new_apdu->a_len = len; - *status = vcard_apdu_set_class(new_apdu); - if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); - return NULL; - } - *status = vcard_apdu_set_length(new_apdu); - if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); - new_apdu = NULL; - } - return new_apdu; -} - -void -vcard_apdu_delete(VCardAPDU *apdu) -{ - if (apdu == NULL) { - return; - } - g_free(apdu->a_data); - g_free(apdu); -} - - -/* - * declare response buffers for all the 7816 defined error codes - */ -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_SUCCESS) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_RET_CORUPT) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_CHANGE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_FILE_FILLED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR_CHANGE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_LENGTH) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED) -VCARD_RESPONSE_NEW_STATIC_STATUS( - VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_INVALID) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_NO_EF) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_PARAMETERS) -VCARD_RESPONSE_NEW_STATIC_STATUS( - VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_FILE_NOT_FOUND) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_NOT_FOUND) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_INS_CODE_INVALID) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CLA_INVALID) -VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_GENERAL) - -/* - * return a single response code. This function cannot fail. It will always - * return a response. - */ -VCardResponse * -vcard_make_response(vcard_7816_status_t status) -{ - VCardResponse *response; - - switch (status) { - /* known 7816 response codes */ - case VCARD7816_STATUS_SUCCESS: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_SUCCESS); - case VCARD7816_STATUS_WARNING: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING); - case VCARD7816_STATUS_WARNING_RET_CORUPT: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_RET_CORUPT); - case VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE); - case VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED); - case VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID); - case VCARD7816_STATUS_WARNING_CHANGE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_CHANGE); - case VCARD7816_STATUS_WARNING_FILE_FILLED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_WARNING_FILE_FILLED); - case VCARD7816_STATUS_EXC_ERROR: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_EXC_ERROR); - case VCARD7816_STATUS_EXC_ERROR_CHANGE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_EXC_ERROR_CHANGE); - case VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - case VCARD7816_STATUS_ERROR_WRONG_LENGTH: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_WRONG_LENGTH); - case VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED); - case VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED); - case VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED); - case VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - case VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE); - case VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED); - case VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED); - case VCARD7816_STATUS_ERROR_DATA_INVALID: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_DATA_INVALID); - case VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED); - case VCARD7816_STATUS_ERROR_DATA_NO_EF: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_DATA_NO_EF); - case VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING); - case VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT); - case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_WRONG_PARAMETERS); - case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA); - case VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED); - case VCARD7816_STATUS_ERROR_FILE_NOT_FOUND: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_FILE_NOT_FOUND); - case VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND); - case VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE); - case VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT); - case VCARD7816_STATUS_ERROR_P1_P2_INCORRECT: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_P1_P2_INCORRECT); - case VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT); - case VCARD7816_STATUS_ERROR_DATA_NOT_FOUND: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_DATA_NOT_FOUND); - case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2); - case VCARD7816_STATUS_ERROR_INS_CODE_INVALID: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_INS_CODE_INVALID); - case VCARD7816_STATUS_ERROR_CLA_INVALID: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_CLA_INVALID); - case VCARD7816_STATUS_ERROR_GENERAL: - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_ERROR_GENERAL); - default: - /* we don't know this status code, create a response buffer to - * hold it */ - response = vcard_response_new_status(status); - if (response == NULL) { - /* couldn't allocate the buffer, return memmory error */ - return VCARD_RESPONSE_GET_STATIC( - VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - } - return response; - } -} - -/* - * Add File card support here if you need it. - */ -static VCardStatus -vcard7816_file_system_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - /* TODO: if we want to support a virtual file system card, we do it here. - * It would probably be a pkcs #15 card type */ - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - return VCARD_DONE; -} - -/* - * VM card (including java cards) - */ -static VCardStatus -vcard7816_vm_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - int bytes_to_copy, next_byte_count, count; - VCardApplet *current_applet; - VCardBufferResponse *buffer_response; - vcard_7816_status_t status; - - /* parse the class first */ - if (apdu->a_gen_type != VCARD_7816_ISO) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - return VCARD_DONE; - } - - /* use a switch so that if we need to support secure channel stuff later, - * we know where to put it */ - switch (apdu->a_secure_messaging) { - case 0x0: /* no SM */ - break; - case 0x4: /* proprietary SM */ - case 0x8: /* header not authenticated */ - case 0xc: /* header authenticated */ - default: - /* for now, don't try to support secure channel stuff in the - * virtual card. */ - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED); - return VCARD_DONE; - } - - /* now parse the instruction */ - switch (apdu->a_ins) { - case VCARD7816_INS_MANAGE_CHANNEL: /* secure channel op */ - case VCARD7816_INS_EXTERNAL_AUTHENTICATE: /* secure channel op */ - case VCARD7816_INS_GET_CHALLENGE: /* secure channel op */ - case VCARD7816_INS_INTERNAL_AUTHENTICATE: /* secure channel op */ - case VCARD7816_INS_ERASE_BINARY: /* applet control op */ - case VCARD7816_INS_READ_BINARY: /* applet control op */ - case VCARD7816_INS_WRITE_BINARY: /* applet control op */ - case VCARD7816_INS_UPDATE_BINARY: /* applet control op */ - case VCARD7816_INS_READ_RECORD: /* file op */ - case VCARD7816_INS_WRITE_RECORD: /* file op */ - case VCARD7816_INS_UPDATE_RECORD: /* file op */ - case VCARD7816_INS_APPEND_RECORD: /* file op */ - case VCARD7816_INS_ENVELOPE: - case VCARD7816_INS_PUT_DATA: - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - break; - - case VCARD7816_INS_SELECT_FILE: - if (apdu->a_p1 != 0x04) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED); - break; - } - - /* side effect, deselect the current applet if no applet has been found - * */ - current_applet = vcard_find_applet(card, apdu->a_body, apdu->a_Lc); - vcard_select_applet(card, apdu->a_channel, current_applet); - if (current_applet) { - unsigned char *aid; - int aid_len; - aid = vcard_applet_get_aid(current_applet, &aid_len); - *response = vcard_response_new(card, aid, aid_len, apdu->a_Le, - VCARD7816_STATUS_SUCCESS); - } else { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_FILE_NOT_FOUND); - } - break; - - case VCARD7816_INS_VERIFY: - if ((apdu->a_p1 != 0x00) || (apdu->a_p2 != 0x00)) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_WRONG_PARAMETERS); - } else { - if (apdu->a_Lc == 0) { - /* handle pin count if possible */ - count = vcard_emul_get_login_count(card); - if (count < 0) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_DATA_NOT_FOUND); - } else { - if (count > 0xf) { - count = 0xf; - } - *response = vcard_response_new_status_bytes( - VCARD7816_SW1_WARNING_CHANGE, - 0xc0 | count); - if (*response == NULL) { - *response = vcard_make_response( - VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - } - } - } else { - status = vcard_emul_login(card, apdu->a_body, apdu->a_Lc); - *response = vcard_make_response(status); - } - } - break; - - case VCARD7816_INS_GET_RESPONSE: - buffer_response = vcard_get_buffer_response(card); - if (!buffer_response) { - *response = vcard_make_response( - VCARD7816_STATUS_ERROR_DATA_NOT_FOUND); - /* handle error */ - break; - } - bytes_to_copy = MIN(buffer_response->len, apdu->a_Le); - next_byte_count = MIN(256, buffer_response->len - bytes_to_copy); - *response = vcard_response_new_bytes( - card, buffer_response->current, bytes_to_copy, - apdu->a_Le, - next_byte_count ? - VCARD7816_SW1_RESPONSE_BYTES : VCARD7816_SW1_SUCCESS, - next_byte_count); - buffer_response->current += bytes_to_copy; - buffer_response->len -= bytes_to_copy; - if (*response == NULL || (next_byte_count == 0)) { - vcard_set_buffer_response(card, NULL); - vcard_buffer_response_delete(buffer_response); - } - if (*response == NULL) { - *response = - vcard_make_response(VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE); - } - break; - - case VCARD7816_INS_GET_DATA: - *response = - vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - break; - - default: - *response = - vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - break; - } - - /* response should have been set somewhere */ - assert(*response != NULL); - return VCARD_DONE; -} - - -/* - * APDU processing starts here. This routes the card processing stuff to the - * right location. - */ -VCardStatus -vcard_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response) -{ - VCardStatus status; - VCardBufferResponse *buffer_response; - - /* first handle any PTS commands, which aren't really APDU's */ - if (apdu->a_type == VCARD_7816_PTS) { - /* the PTS responses aren't really responses either */ - *response = vcard_response_new_data(apdu->a_data, apdu->a_len); - /* PTS responses have no status bytes */ - (*response)->b_total_len = (*response)->b_len; - return VCARD_DONE; - } - buffer_response = vcard_get_buffer_response(card); - if (buffer_response && apdu->a_ins != VCARD7816_INS_GET_RESPONSE) { - /* clear out buffer_response, return an error */ - vcard_set_buffer_response(card, NULL); - vcard_buffer_response_delete(buffer_response); - *response = vcard_make_response(VCARD7816_STATUS_EXC_ERROR); - return VCARD_DONE; - } - - status = vcard_process_applet_apdu(card, apdu, response); - if (status != VCARD_NEXT) { - return status; - } - switch (vcard_get_type(card)) { - case VCARD_FILE_SYSTEM: - return vcard7816_file_system_process_apdu(card, apdu, response); - case VCARD_VM: - return vcard7816_vm_process_apdu(card, apdu, response); - case VCARD_DIRECT: - /* if we are type direct, then the applet should handle everything */ - assert(!"VCARD_DIRECT: applet failure"); - break; - } - *response = - vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED); - return VCARD_DONE; -} diff --git a/libcacard/card_7816.h b/libcacard/card_7816.h deleted file mode 100644 index 4a01993..0000000 --- a/libcacard/card_7816.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Implement the 7816 portion of the card spec - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef CARD_7816_H -#define CARD_7816_H 1 - -#include "card_7816t.h" -#include "vcardt.h" - -/* - * constructors for VCardResponse's - */ -/* response from a return buffer and a status */ -VCardResponse *vcard_response_new(VCard *card, unsigned char *buf, int len, - int Le, vcard_7816_status_t status); -/* response from a return buffer and status bytes */ -VCardResponse *vcard_response_new_bytes(VCard *card, unsigned char *buf, - int len, int Le, - unsigned char sw1, unsigned char sw2); -/* response from just status bytes */ -VCardResponse *vcard_response_new_status_bytes(unsigned char sw1, - unsigned char sw2); -/* response from just status: NOTE this cannot fail, it will always return a - * valid response, if it can't allocate memory, the response will be - * VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE */ -VCardResponse *vcard_make_response(vcard_7816_status_t status); - -/* create a raw response (status has already been encoded */ -VCardResponse *vcard_response_new_data(unsigned char *buf, int len); - - - - -/* - * destructor for VCardResponse. - * Can be called with a NULL response - */ -void vcard_response_delete(VCardResponse *response); - -/* - * constructor for VCardAPDU - */ -VCardAPDU *vcard_apdu_new(unsigned char *raw_apdu, int len, - unsigned short *status); - -/* - * destructor for VCardAPDU - * Can be called with a NULL apdu - */ -void vcard_apdu_delete(VCardAPDU *apdu); - -/* - * APDU processing starts here. This routes the card processing stuff to the - * right location. Always returns a valid response. - */ -VCardStatus vcard_process_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response); - -#endif diff --git a/libcacard/card_7816t.h b/libcacard/card_7816t.h deleted file mode 100644 index 386acc5..0000000 --- a/libcacard/card_7816t.h +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Implement the 7816 portion of the card spec - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef CARD_7816T_H -#define CARD_7816T_H 1 - -typedef unsigned short vcard_7816_status_t; - -struct VCardResponseStruct { - unsigned char *b_data; - vcard_7816_status_t b_status; - unsigned char b_sw1; - unsigned char b_sw2; - int b_len; - int b_total_len; - enum VCardResponseBufferType { - VCARD_MALLOC, - VCARD_MALLOC_DATA, - VCARD_MALLOC_STRUCT, - VCARD_STATIC - } b_type; -}; - -#define VCARD_RESPONSE_NEW_STATIC_STATUS(stat) \ -static const VCardResponse VCardResponse##stat = \ - {(unsigned char *)&VCardResponse##stat.b_sw1, (stat), ((stat) >> 8), \ - ((stat) & 0xff), 0, 2, VCARD_STATIC}; - -#define VCARD_RESPONSE_NEW_STATIC_STATUS_BYTES(sw1, sw2) \ -static const VCardResponse VCARDResponse##sw1 = \ - {(unsigned char *)&VCardResponse##name.b_sw1, ((sw1) << 8 | (sw2)), \ - (sw1), (sw2), 0, 2, VCARD_STATIC}; - -/* cast away the const, callers need may need to 'free' the - * result, and const implies that they don't */ -#define VCARD_RESPONSE_GET_STATIC(name) \ - ((VCardResponse *)(&VCardResponse##name)) - -typedef enum { - VCARD_7816_ISO, - VCARD_7816_RFU, - VCARD_7816_PTS, - VCARD_7816_PROPRIETARY -} VCardAPDUType; - - -/* - * 7816 header. All APDU's have this header. - * They must be laid out in this order. - */ -struct VCardAPDUHeader { - unsigned char ah_cla; - unsigned char ah_ins; - unsigned char ah_p1; - unsigned char ah_p2; - unsigned char ah_Le; - unsigned char ah_body[1]; /* indefinite length */ -}; - -/* - * 7816 APDU structure. The raw bytes are stored in the union and can be - * accessed directly through u.data (which is aliased as a_data). - * - * Names of the fields match the 7816 documentation. - */ -struct VCardAPDUStruct { - int a_len; /* length of the whole buffer, including header */ - int a_Lc; /* 7816 Lc (parameter length) value */ - int a_Le; /* 7816 Le (expected result length) value */ - unsigned char *a_body; /* pointer to the parameter */ - int a_channel; /* decoded channel */ - int a_secure_messaging; /* decoded secure messaging type */ - int a_type; /* decoded type from cla (top nibble of class) */ - VCardAPDUType a_gen_type; /* generic type (7816, PROPRIETARY, RFU, etc) */ - union { - struct VCardAPDUHeader *header; - unsigned char *data; - } u; -/* give the subfields a unified look */ -#define a_header u.header -#define a_data u.data -#define a_cla a_header->ah_cla /* class */ -#define a_ins a_header->ah_ins /* instruction */ -#define a_p1 a_header->ah_p1 /* parameter 1 */ -#define a_p2 a_header->ah_p2 /* parameter 2 */ -}; - -/* 7816 status codes */ -#define VCARD7816_STATUS_SUCCESS 0x9000 -#define VCARD7816_STATUS_WARNING 0x6200 -#define VCARD7816_STATUS_WARNING_RET_CORUPT 0x6281 -#define VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE 0x6282 -#define VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED 0x6283 -#define VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID 0x6284 -#define VCARD7816_STATUS_WARNING_CHANGE 0x6300 -#define VCARD7816_STATUS_WARNING_FILE_FILLED 0x6381 -#define VCARD7816_STATUS_EXC_ERROR 0x6400 -#define VCARD7816_STATUS_EXC_ERROR_CHANGE 0x6500 -#define VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE 0x6581 -#define VCARD7816_STATUS_ERROR_WRONG_LENGTH 0x6700 -#define VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED 0x6800 -#define VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED 0x6881 -#define VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED 0x6882 -#define VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED 0x6900 -#define VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE 0x6981 -#define VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED 0x6982 -#define VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED 0x6983 -#define VCARD7816_STATUS_ERROR_DATA_INVALID 0x6984 -#define VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED 0x6985 -#define VCARD7816_STATUS_ERROR_DATA_NO_EF 0x6986 -#define VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING 0x6987 -#define VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT 0x6988 -#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS 0x6a00 -#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA 0x6a80 -#define VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED 0x6a81 -#define VCARD7816_STATUS_ERROR_FILE_NOT_FOUND 0x6a82 -#define VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND 0x6a83 -#define VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE 0x6a84 -#define VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT 0x6a85 -#define VCARD7816_STATUS_ERROR_P1_P2_INCORRECT 0x6a86 -#define VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT 0x6a87 -#define VCARD7816_STATUS_ERROR_DATA_NOT_FOUND 0x6a88 -#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2 0x6b00 -#define VCARD7816_STATUS_ERROR_INS_CODE_INVALID 0x6d00 -#define VCARD7816_STATUS_ERROR_CLA_INVALID 0x6e00 -#define VCARD7816_STATUS_ERROR_GENERAL 0x6f00 -/* 7816 sw1 codes */ -#define VCARD7816_SW1_SUCCESS 0x90 -#define VCARD7816_SW1_RESPONSE_BYTES 0x61 -#define VCARD7816_SW1_WARNING 0x62 -#define VCARD7816_SW1_WARNING_CHANGE 0x63 -#define VCARD7816_SW1_EXC_ERROR 0x64 -#define VCARD7816_SW1_EXC_ERROR_CHANGE 0x65 -#define VCARD7816_SW1_ERROR_WRONG_LENGTH 0x67 -#define VCARD7816_SW1_CLA_ERROR 0x68 -#define VCARD7816_SW1_COMMAND_ERROR 0x69 -#define VCARD7816_SW1_P1_P2_ERROR 0x6a -#define VCARD7816_SW1_LE_ERROR 0x6c -#define VCARD7816_SW1_INS_ERROR 0x6d -#define VCARD7816_SW1_CLA_NOT_SUPPORTED 0x6e - -/* 7816 Instructions */ -#define VCARD7816_INS_MANAGE_CHANNEL 0x70 -#define VCARD7816_INS_EXTERNAL_AUTHENTICATE 0x82 -#define VCARD7816_INS_GET_CHALLENGE 0x84 -#define VCARD7816_INS_INTERNAL_AUTHENTICATE 0x88 -#define VCARD7816_INS_ERASE_BINARY 0x0e -#define VCARD7816_INS_READ_BINARY 0xb0 -#define VCARD7816_INS_WRITE_BINARY 0xd0 -#define VCARD7816_INS_UPDATE_BINARY 0xd6 -#define VCARD7816_INS_READ_RECORD 0xb2 -#define VCARD7816_INS_WRITE_RECORD 0xd2 -#define VCARD7816_INS_UPDATE_RECORD 0xdc -#define VCARD7816_INS_APPEND_RECORD 0xe2 -#define VCARD7816_INS_ENVELOPE 0xc2 -#define VCARD7816_INS_PUT_DATA 0xda -#define VCARD7816_INS_GET_DATA 0xca -#define VCARD7816_INS_SELECT_FILE 0xa4 -#define VCARD7816_INS_VERIFY 0x20 -#define VCARD7816_INS_GET_RESPONSE 0xc0 - -#endif diff --git a/libcacard/event.c b/libcacard/event.c deleted file mode 100644 index 63f4057..0000000 --- a/libcacard/event.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * event queue implementation. - * - * This code is licensed under the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include "glib-compat.h" - -#include "vcard.h" -#include "vreader.h" -#include "vevent.h" - -VEvent * -vevent_new(VEventType type, VReader *reader, VCard *card) -{ - VEvent *new_vevent; - - new_vevent = g_new(VEvent, 1); - new_vevent->next = NULL; - new_vevent->type = type; - new_vevent->reader = vreader_reference(reader); - new_vevent->card = vcard_reference(card); - - return new_vevent; -} - -void -vevent_delete(VEvent *vevent) -{ - if (vevent == NULL) { - return; - } - vreader_free(vevent->reader); - vcard_free(vevent->card); - g_free(vevent); -} - -/* - * VEvent queue management - */ - -static VEvent *vevent_queue_head; -static VEvent *vevent_queue_tail; -static CompatGMutex vevent_queue_lock; -static CompatGCond vevent_queue_condition; - -void vevent_queue_init(void) -{ - vevent_queue_head = vevent_queue_tail = NULL; -} - -void -vevent_queue_vevent(VEvent *vevent) -{ - vevent->next = NULL; - g_mutex_lock(&vevent_queue_lock); - if (vevent_queue_head) { - assert(vevent_queue_tail); - vevent_queue_tail->next = vevent; - } else { - vevent_queue_head = vevent; - } - vevent_queue_tail = vevent; - g_cond_signal(&vevent_queue_condition); - g_mutex_unlock(&vevent_queue_lock); -} - -/* must have lock */ -static VEvent * -vevent_dequeue_vevent(void) -{ - VEvent *vevent = NULL; - if (vevent_queue_head) { - vevent = vevent_queue_head; - vevent_queue_head = vevent->next; - vevent->next = NULL; - } - return vevent; -} - -VEvent *vevent_wait_next_vevent(void) -{ - VEvent *vevent; - - g_mutex_lock(&vevent_queue_lock); - while ((vevent = vevent_dequeue_vevent()) == NULL) { - g_cond_wait(&vevent_queue_condition, &vevent_queue_lock); - } - g_mutex_unlock(&vevent_queue_lock); - return vevent; -} - -VEvent *vevent_get_next_vevent(void) -{ - VEvent *vevent; - - g_mutex_lock(&vevent_queue_lock); - vevent = vevent_dequeue_vevent(); - g_mutex_unlock(&vevent_queue_lock); - return vevent; -} - diff --git a/libcacard/eventt.h b/libcacard/eventt.h deleted file mode 100644 index 0dc7bd4..0000000 --- a/libcacard/eventt.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef EVENTT_H -#define EVENTT_H 1 -#include "vreadert.h" -#include "vcardt.h" - -typedef struct VEventStruct VEvent; - -typedef enum { - VEVENT_READER_INSERT, - VEVENT_READER_REMOVE, - VEVENT_CARD_INSERT, - VEVENT_CARD_REMOVE, - VEVENT_LAST, -} VEventType; - -struct VEventStruct { - VEvent *next; - VEventType type; - VReader *reader; - VCard *card; -}; -#endif - - diff --git a/libcacard/libcacard.pc.in b/libcacard/libcacard.pc.in deleted file mode 100644 index 4b60023..0000000 --- a/libcacard/libcacard.pc.in +++ /dev/null @@ -1,13 +0,0 @@ -prefix=@PREFIX@ -exec_prefix=${prefix} -libdir=@LIBDIR@ -includedir=@INCLUDEDIR@ - -Name: cacard -Description: CA Card library -Version: @VERSION@ - -Requires.private: nss glib-2.0 -Libs: -L${libdir} -lcacard -Libs.private: -Cflags: -I${includedir} diff --git a/libcacard/libcacard.syms b/libcacard/libcacard.syms deleted file mode 100644 index 1697515..0000000 --- a/libcacard/libcacard.syms +++ /dev/null @@ -1,77 +0,0 @@ -cac_card_init -cac_is_cac_card -vcard_add_applet -vcard_apdu_delete -vcard_apdu_new -vcard_applet_get_aid -vcard_buffer_response_delete -vcard_buffer_response_new -vcard_delete_applet -vcard_emul_delete_key -vcard_emul_force_card_insert -vcard_emul_force_card_remove -vcard_emul_get_atr -vcard_emul_get_login_count -vcard_emul_init -vcard_emul_login -vcard_emul_options -vcard_emul_replay_insertion_events -vcard_emul_reset -vcard_emul_rsa_op -vcard_emul_type_from_string -vcard_emul_type_select -vcard_emul_usage -vcard_find_applet -vcard_free -vcard_get_atr -vcard_get_buffer_response -vcard_get_current_applet_private -vcard_get_private -vcard_get_type -vcard_init -vcard_make_response -vcard_new -vcard_new_applet -vcard_process_apdu -vcard_process_applet_apdu -vcard_reference -vcard_reset -vcard_response_delete -vcard_response_new -vcard_response_new_bytes -vcard_response_new_data -vcard_response_new_status_bytes -vcard_select_applet -vcard_set_applet_private -vcard_set_atr_func -vcard_set_buffer_response -vcard_set_type -vevent_delete -vevent_get_next_vevent -vevent_new -vevent_queue_init -vevent_queue_vevent -vevent_wait_next_vevent -vreader_add_reader -vreader_card_is_present -vreader_free -vreader_get_id -vreader_get_name -vreader_get_private -vreader_get_reader_by_id -vreader_get_reader_by_name -vreader_get_reader_list -vreader_init -vreader_insert_card -vreader_list_delete -vreader_list_get_first -vreader_list_get_next -vreader_list_get_reader -vreader_new -vreader_power_off -vreader_power_on -vreader_queue_card_event -vreader_reference -vreader_remove_reader -vreader_set_id -vreader_xfr_bytes diff --git a/libcacard/link_test.c b/libcacard/link_test.c deleted file mode 100644 index 6f67a23..0000000 --- a/libcacard/link_test.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include <stdio.h> -#include "vcard.h" - -VCardStatus cac_card_init(const char *flags, VCard *card, - const unsigned char *cert[], - int cert_len[], VCardKey *key[] /* adopt the keys*/, - int cert_count); -/* - * this will crash... just test the linkage right now - */ - -main(int argc, char **argv) -{ - VCard *card; /* no constructor yet */ - cac_card_init("", card, NULL, 0, NULL, 0); -} - diff --git a/libcacard/vcard.c b/libcacard/vcard.c deleted file mode 100644 index 1a87208..0000000 --- a/libcacard/vcard.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * implement the Java card standard. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include "glib-compat.h" - -#include <string.h> - -#include "vcard.h" -#include "vcard_emul.h" -#include "card_7816t.h" - -struct VCardAppletStruct { - VCardApplet *next; - VCardProcessAPDU process_apdu; - VCardResetApplet reset_applet; - unsigned char *aid; - int aid_len; - void *applet_private; - VCardAppletPrivateFree applet_private_free; -}; - -struct VCardStruct { - int reference_count; - VCardApplet *applet_list; - VCardApplet *current_applet[MAX_CHANNEL]; - VCardBufferResponse *vcard_buffer_response; - VCardType type; - VCardEmul *vcard_private; - VCardEmulFree vcard_private_free; - VCardGetAtr vcard_get_atr; -}; - -VCardBufferResponse * -vcard_buffer_response_new(unsigned char *buffer, int size) -{ - VCardBufferResponse *new_buffer; - - new_buffer = g_new(VCardBufferResponse, 1); - new_buffer->buffer = (unsigned char *)g_memdup(buffer, size); - new_buffer->buffer_len = size; - new_buffer->current = new_buffer->buffer; - new_buffer->len = size; - return new_buffer; -} - -void -vcard_buffer_response_delete(VCardBufferResponse *buffer_response) -{ - if (buffer_response == NULL) { - return; - } - g_free(buffer_response->buffer); - g_free(buffer_response); -} - - -/* - * clean up state after a reset - */ -void -vcard_reset(VCard *card, VCardPower power) -{ - int i; - VCardApplet *applet = NULL; - - if (card->type == VCARD_DIRECT) { - /* select the last applet */ - VCardApplet *current_applet = NULL; - for (current_applet = card->applet_list; current_applet; - current_applet = current_applet->next) { - applet = current_applet; - } - } - for (i = 0; i < MAX_CHANNEL; i++) { - card->current_applet[i] = applet; - } - if (card->vcard_buffer_response) { - vcard_buffer_response_delete(card->vcard_buffer_response); - card->vcard_buffer_response = NULL; - } - vcard_emul_reset(card, power); - if (applet) { - applet->reset_applet(card, 0); - } -} - -/* applet utilities */ - -/* - * applet utilities - */ -/* constructor */ -VCardApplet * -vcard_new_applet(VCardProcessAPDU applet_process_function, - VCardResetApplet applet_reset_function, - unsigned char *aid, int aid_len) -{ - VCardApplet *applet; - - applet = g_new0(VCardApplet, 1); - applet->process_apdu = applet_process_function; - applet->reset_applet = applet_reset_function; - - applet->aid = g_memdup(aid, aid_len); - applet->aid_len = aid_len; - return applet; -} - -/* destructor */ -void -vcard_delete_applet(VCardApplet *applet) -{ - if (applet == NULL) { - return; - } - if (applet->applet_private_free) { - applet->applet_private_free(applet->applet_private); - } - g_free(applet->aid); - g_free(applet); -} - -/* accessor */ -void -vcard_set_applet_private(VCardApplet *applet, VCardAppletPrivate *private, - VCardAppletPrivateFree private_free) -{ - if (applet->applet_private_free) { - applet->applet_private_free(applet->applet_private); - } - applet->applet_private = private; - applet->applet_private_free = private_free; -} - -VCard * -vcard_new(VCardEmul *private, VCardEmulFree private_free) -{ - VCard *new_card; - - new_card = g_new0(VCard, 1); - new_card->type = VCARD_VM; - new_card->vcard_private = private; - new_card->vcard_private_free = private_free; - new_card->reference_count = 1; - return new_card; -} - -VCard * -vcard_reference(VCard *vcard) -{ - if (vcard == NULL) { - return NULL; - } - vcard->reference_count++; - return vcard; -} - -void -vcard_free(VCard *vcard) -{ - VCardApplet *current_applet; - VCardApplet *next_applet; - - if (vcard == NULL) { - return; - } - vcard->reference_count--; - if (vcard->reference_count != 0) { - return; - } - if (vcard->vcard_private_free) { - (*vcard->vcard_private_free)(vcard->vcard_private); - } - for (current_applet = vcard->applet_list; current_applet; - current_applet = next_applet) { - next_applet = current_applet->next; - vcard_delete_applet(current_applet); - } - vcard_buffer_response_delete(vcard->vcard_buffer_response); - g_free(vcard); -} - -void -vcard_get_atr(VCard *vcard, unsigned char *atr, int *atr_len) -{ - if (vcard->vcard_get_atr) { - (*vcard->vcard_get_atr)(vcard, atr, atr_len); - return; - } - vcard_emul_get_atr(vcard, atr, atr_len); -} - -void -vcard_set_atr_func(VCard *card, VCardGetAtr vcard_get_atr) -{ - card->vcard_get_atr = vcard_get_atr; -} - - -VCardStatus -vcard_add_applet(VCard *card, VCardApplet *applet) -{ - applet->next = card->applet_list; - card->applet_list = applet; - /* if our card-type is direct, always call the applet */ - if (card->type == VCARD_DIRECT) { - int i; - - for (i = 0; i < MAX_CHANNEL; i++) { - card->current_applet[i] = applet; - } - } - return VCARD_DONE; -} - -/* - * manage applets - */ -VCardApplet * -vcard_find_applet(VCard *card, unsigned char *aid, int aid_len) -{ - VCardApplet *current_applet; - - for (current_applet = card->applet_list; current_applet; - current_applet = current_applet->next) { - if (current_applet->aid_len != aid_len) { - continue; - } - if (memcmp(current_applet->aid, aid, aid_len) == 0) { - break; - } - } - return current_applet; -} - -unsigned char * -vcard_applet_get_aid(VCardApplet *applet, int *aid_len) -{ - if (applet == NULL) { - return NULL; - } - *aid_len = applet->aid_len; - return applet->aid; -} - - -void -vcard_select_applet(VCard *card, int channel, VCardApplet *applet) -{ - assert(channel < MAX_CHANNEL); - - /* If using an emulated card, make sure to log out of any already logged in - * session. */ - vcard_emul_logout(card); - - card->current_applet[channel] = applet; - /* reset the applet */ - if (applet && applet->reset_applet) { - applet->reset_applet(card, channel); - } -} - -VCardAppletPrivate * -vcard_get_current_applet_private(VCard *card, int channel) -{ - VCardApplet *applet = card->current_applet[channel]; - - if (applet == NULL) { - return NULL; - } - return applet->applet_private; -} - -VCardStatus -vcard_process_applet_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response) -{ - if (card->current_applet[apdu->a_channel]) { - return card->current_applet[apdu->a_channel]->process_apdu( - card, apdu, response); - } - return VCARD_NEXT; -} - -/* - * Accessor functions - */ -/* accessor functions for the response buffer */ -VCardBufferResponse * -vcard_get_buffer_response(VCard *card) -{ - return card->vcard_buffer_response; -} - -void -vcard_set_buffer_response(VCard *card, VCardBufferResponse *buffer) -{ - card->vcard_buffer_response = buffer; -} - - -/* accessor functions for the type */ -VCardType -vcard_get_type(VCard *card) -{ - return card->type; -} - -void -vcard_set_type(VCard *card, VCardType type) -{ - card->type = type; -} - -/* accessor for private data */ -VCardEmul * -vcard_get_private(VCard *vcard) -{ - return vcard->vcard_private; -} - diff --git a/libcacard/vcard.h b/libcacard/vcard.h deleted file mode 100644 index 47dc703..0000000 --- a/libcacard/vcard.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef VCARD_H -#define VCARD_H 1 - -#include "vcardt.h" - -/* - * response buffer constructors and destructors. - * - * response buffers are used when we need to return more data than will fit in - * a normal APDU response (nominally 254 bytes). - */ -VCardBufferResponse *vcard_buffer_response_new(unsigned char *buffer, int size); -void vcard_buffer_response_delete(VCardBufferResponse *buffer_response); - - -/* - * clean up state on reset - */ -void vcard_reset(VCard *card, VCardPower power); - -/* - * applet utilities - */ -/* - * Constructor for a VCardApplet - */ -VCardApplet *vcard_new_applet(VCardProcessAPDU applet_process_function, - VCardResetApplet applet_reset_function, - unsigned char *aid, int aid_len); - -/* - * destructor for a VCardApplet - * Can be called with a NULL applet - */ -void vcard_delete_applet(VCardApplet *applet); - -/* accessor - set the card type specific private data */ -void vcard_set_applet_private(VCardApplet *applet, VCardAppletPrivate *_private, - VCardAppletPrivateFree private_free); - -/* set type of vcard */ -void vcard_set_type(VCard *card, VCardType type); - -/* - * utilities interacting with the current applet - */ -/* add a new applet to a card */ -VCardStatus vcard_add_applet(VCard *card, VCardApplet *applet); -/* find the applet on the card with the given aid */ -VCardApplet *vcard_find_applet(VCard *card, unsigned char *aid, int aid_len); -/* set the following applet to be current on the given channel */ -void vcard_select_applet(VCard *card, int channel, VCardApplet *applet); -/* get the card type specific private data on the given channel */ -VCardAppletPrivate *vcard_get_current_applet_private(VCard *card, int channel); -/* fetch the applet's id */ -unsigned char *vcard_applet_get_aid(VCardApplet *applet, int *aid_len); - -/* process the apdu for the current selected applet/file */ -VCardStatus vcard_process_applet_apdu(VCard *card, VCardAPDU *apdu, - VCardResponse **response); -/* - * VCard utilities - */ -/* constructor */ -VCard *vcard_new(VCardEmul *_private, VCardEmulFree private_free); -/* get a reference */ -VCard *vcard_reference(VCard *); -/* destructor (reference counted) */ -void vcard_free(VCard *); -/* get the atr from the card */ -void vcard_get_atr(VCard *card, unsigned char *atr, int *atr_len); -void vcard_set_atr_func(VCard *card, VCardGetAtr vcard_get_atr); - -/* accessor functions for the response buffer */ -VCardBufferResponse *vcard_get_buffer_response(VCard *card); -void vcard_set_buffer_response(VCard *card, VCardBufferResponse *buffer); -/* accessor functions for the type */ -VCardType vcard_get_type(VCard *card); -/* get the private data */ -VCardEmul *vcard_get_private(VCard *card); - -#endif diff --git a/libcacard/vcard_emul.h b/libcacard/vcard_emul.h deleted file mode 100644 index f09ee98..0000000 --- a/libcacard/vcard_emul.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * This is the actual card emulator. - * - * These functions can be implemented in different ways on different platforms - * using the underlying system primitives. For Linux it uses NSS, though direct - * to PKCS #11, openssl+pkcs11, or even gnu crypto libraries+pkcs #11 could be - * used. On Windows CAPI could be used. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef VCARD_EMUL_H -#define VCARD_EMUL_H 1 - -#include "card_7816t.h" -#include "vcard.h" -#include "vcard_emul_type.h" - -/* - * types - */ -typedef enum { - VCARD_EMUL_OK = 0, - VCARD_EMUL_FAIL, - /* return values by vcard_emul_init */ - VCARD_EMUL_INIT_ALREADY_INITED, -} VCardEmulError; - -/* options are emul specific. call card_emul_parse_args to change a string - * To an options struct */ -typedef struct VCardEmulOptionsStruct VCardEmulOptions; - -/* - * Login functions - */ -/* return the number of login attempts still possible on the card. if unknown, - * return -1 */ -int vcard_emul_get_login_count(VCard *card); -/* login into the card, return the 7816 status word (sw2 || sw1) */ -vcard_7816_status_t vcard_emul_login(VCard *card, unsigned char *pin, - int pin_len); -void vcard_emul_logout(VCard *card); - -/* - * key functions - */ -/* delete a key */ -void vcard_emul_delete_key(VCardKey *key); -/* RSA sign/decrypt with the key, signature happens 'in place' */ -vcard_7816_status_t vcard_emul_rsa_op(VCard *card, VCardKey *key, - unsigned char *buffer, int buffer_size); - -void vcard_emul_reset(VCard *card, VCardPower power); -void vcard_emul_get_atr(VCard *card, unsigned char *atr, int *atr_len); - -/* Re-insert of a card that has been removed by force removal */ -VCardEmulError vcard_emul_force_card_insert(VReader *vreader); -/* Force a card removal even if the card is not physically removed */ -VCardEmulError vcard_emul_force_card_remove(VReader *vreader); - -VCardEmulOptions *vcard_emul_options(const char *args); -VCardEmulError vcard_emul_init(const VCardEmulOptions *options); -void vcard_emul_replay_insertion_events(void); -void vcard_emul_usage(void); -#endif diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c deleted file mode 100644 index d9761ee..0000000 --- a/libcacard/vcard_emul_nss.c +++ /dev/null @@ -1,1274 +0,0 @@ -/* - * This is the actual card emulator. - * - * These functions can be implemented in different ways on different platforms - * using the underlying system primitives. For Linux it uses NSS, though direct - * to PKCS #11, openssl+pkcs11, or even gnu crypto libraries+pkcs #11 could be - * used. On Windows CAPI could be used. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -/* - * NSS headers - */ - -/* avoid including prototypes.h that redefines uint32 */ -#define NO_NSPR_10_SUPPORT - -#include <nss.h> -#include <pk11pub.h> -#include <cert.h> -#include <key.h> -#include <secmod.h> -#include <prthread.h> -#include <secerr.h> - -#include "glib-compat.h" - -#include "vcard.h" -#include "card_7816t.h" -#include "vcard_emul.h" -#include "vreader.h" -#include "vevent.h" - -#include "vcardt_internal.h" - - -typedef enum { - VCardEmulUnknown = -1, - VCardEmulFalse = 0, - VCardEmulTrue = 1 -} VCardEmulTriState; - -struct VCardKeyStruct { - CERTCertificate *cert; - PK11SlotInfo *slot; - SECKEYPrivateKey *key; - VCardEmulTriState failedX509; -}; - - -typedef struct VirtualReaderOptionsStruct VirtualReaderOptions; - -struct VReaderEmulStruct { - PK11SlotInfo *slot; - VCardEmulType default_type; - char *type_params; - PRBool present; - int series; - VCard *saved_vcard; -}; - -/* - * NSS Specific options - */ -struct VirtualReaderOptionsStruct { - char *name; - char *vname; - VCardEmulType card_type; - char *type_params; - char **cert_name; - int cert_count; -}; - -struct VCardEmulOptionsStruct { - void *nss_db; - VirtualReaderOptions *vreader; - int vreader_count; - VCardEmulType hw_card_type; - const char *hw_type_params; - PRBool use_hw; -}; - -static int nss_emul_init; - -/* if we have more that just the slot, define - * VCardEmulStruct here */ - -/* - * allocate the set of arrays for certs, cert_len, key - */ -static void -vcard_emul_alloc_arrays(unsigned char ***certsp, int **cert_lenp, - VCardKey ***keysp, int cert_count) -{ - *certsp = g_new(unsigned char *, cert_count); - *cert_lenp = g_new(int, cert_count); - *keysp = g_new(VCardKey *, cert_count); -} - -/* - * Emulator specific card information - */ -typedef struct CardEmulCardStruct CardEmulPrivate; - -static VCardEmul * -vcard_emul_new_card(PK11SlotInfo *slot) -{ - PK11_ReferenceSlot(slot); - /* currently we don't need anything other than the slot */ - return (VCardEmul *)slot; -} - -static void -vcard_emul_delete_card(VCardEmul *vcard_emul) -{ - PK11SlotInfo *slot = (PK11SlotInfo *)vcard_emul; - if (slot == NULL) { - return; - } - PK11_FreeSlot(slot); -} - -static PK11SlotInfo * -vcard_emul_card_get_slot(VCard *card) -{ - /* note, the card is holding the reference, no need to get another one */ - return (PK11SlotInfo *)vcard_get_private(card); -} - - -/* - * key functions - */ -/* private constructure */ -static VCardKey * -vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert) -{ - VCardKey *key; - - key = g_new(VCardKey, 1); - key->slot = PK11_ReferenceSlot(slot); - key->cert = CERT_DupCertificate(cert); - /* NOTE: if we aren't logged into the token, this could return NULL */ - /* NOTE: the cert is a temp cert, not necessarily the cert in the token, - * use the DER version of this function */ - key->key = PK11_FindKeyByDERCert(slot, cert, NULL); - key->failedX509 = VCardEmulUnknown; - return key; -} - -/* destructor */ -void -vcard_emul_delete_key(VCardKey *key) -{ - if (!nss_emul_init || (key == NULL)) { - return; - } - if (key->key) { - SECKEY_DestroyPrivateKey(key->key); - key->key = NULL; - } - if (key->cert) { - CERT_DestroyCertificate(key->cert); - } - if (key->slot) { - PK11_FreeSlot(key->slot); - } -} - -/* - * grab the nss key from a VCardKey. If it doesn't exist, try to look it up - */ -static SECKEYPrivateKey * -vcard_emul_get_nss_key(VCardKey *key) -{ - if (key->key) { - return key->key; - } - /* NOTE: if we aren't logged into the token, this could return NULL */ - key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL); - return key->key; -} - -/* - * Map NSS errors to 7816 errors - */ -static vcard_7816_status_t -vcard_emul_map_error(int error) -{ - switch (error) { - case SEC_ERROR_TOKEN_NOT_LOGGED_IN: - return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED; - case SEC_ERROR_BAD_DATA: - case SEC_ERROR_OUTPUT_LEN: - case SEC_ERROR_INPUT_LEN: - case SEC_ERROR_INVALID_ARGS: - case SEC_ERROR_INVALID_ALGORITHM: - case SEC_ERROR_NO_KEY: - case SEC_ERROR_INVALID_KEY: - case SEC_ERROR_DECRYPTION_DISALLOWED: - return VCARD7816_STATUS_ERROR_DATA_INVALID; - case SEC_ERROR_NO_MEMORY: - return VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE; - } - return VCARD7816_STATUS_EXC_ERROR_CHANGE; -} - -/* RSA sign/decrypt with the key, signature happens 'in place' */ -vcard_7816_status_t -vcard_emul_rsa_op(VCard *card, VCardKey *key, - unsigned char *buffer, int buffer_size) -{ - SECKEYPrivateKey *priv_key; - unsigned signature_len; - PK11SlotInfo *slot; - SECStatus rv; - unsigned char buf[2048]; - unsigned char *bp = NULL; - int pad_len; - vcard_7816_status_t ret = VCARD7816_STATUS_SUCCESS; - - if ((!nss_emul_init) || (key == NULL)) { - /* couldn't get the key, indicate that we aren't logged in */ - return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED; - } - priv_key = vcard_emul_get_nss_key(key); - if (priv_key == NULL) { - /* couldn't get the key, indicate that we aren't logged in */ - return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED; - } - slot = vcard_emul_card_get_slot(card); - - /* - * this is only true of the rsa signature - */ - signature_len = PK11_SignatureLen(priv_key); - if (buffer_size != signature_len) { - return VCARD7816_STATUS_ERROR_DATA_INVALID; - } - /* be able to handle larger keys if necessariy */ - bp = &buf[0]; - if (sizeof(buf) < signature_len) { - bp = g_malloc(signature_len); - } - - /* - * do the raw operations. Some tokens claim to do CKM_RSA_X_509, but then - * choke when they try to do the actual operations. Try to detect - * those cases and treat them as if the token didn't claim support for - * X_509. - */ - if (key->failedX509 != VCardEmulTrue - && PK11_DoesMechanism(slot, CKM_RSA_X_509)) { - rv = PK11_PrivDecryptRaw(priv_key, bp, &signature_len, signature_len, - buffer, buffer_size); - if (rv == SECSuccess) { - assert(buffer_size == signature_len); - memcpy(buffer, bp, signature_len); - key->failedX509 = VCardEmulFalse; - goto cleanup; - } - /* - * we've had a successful X509 operation, this failure must be - * somethine else - */ - if (key->failedX509 == VCardEmulFalse) { - ret = vcard_emul_map_error(PORT_GetError()); - goto cleanup; - } - /* - * key->failedX509 must be Unknown at this point, try the - * non-x_509 case - */ - } - /* token does not support CKM_RSA_X509, emulate that with CKM_RSA_PKCS */ - /* is this a PKCS #1 formatted signature? */ - if ((buffer[0] == 0) && (buffer[1] == 1)) { - int i; - - for (i = 2; i < buffer_size; i++) { - /* rsa signature pad */ - if (buffer[i] != 0xff) { - break; - } - } - if ((i < buffer_size) && (buffer[i] == 0)) { - /* yes, we have a properly formatted PKCS #1 signature */ - /* - * NOTE: even if we accidentally got an encrypt buffer, which - * through sheer luck started with 00, 01, ff, 00, it won't matter - * because the resulting Sign operation will effectively decrypt - * the real buffer. - */ - SECItem signature; - SECItem hash; - - i++; - hash.data = &buffer[i]; - hash.len = buffer_size - i; - signature.data = bp; - signature.len = signature_len; - rv = PK11_Sign(priv_key, &signature, &hash); - if (rv != SECSuccess) { - ret = vcard_emul_map_error(PORT_GetError()); - goto cleanup; - } - assert(buffer_size == signature.len); - memcpy(buffer, bp, signature.len); - /* - * we got here because either the X509 attempt failed, or the - * token couldn't do the X509 operation, in either case stay - * with the PKCS version for future operations on this key - */ - key->failedX509 = VCardEmulTrue; - goto cleanup; - } - } - pad_len = buffer_size - signature_len; - assert(pad_len < 4); - /* - * OK now we've decrypted the payload, package it up in PKCS #1 for the - * upper layer. - */ - buffer[0] = 0; - buffer[1] = 2; /* RSA_encrypt */ - pad_len -= 3; /* format is 0 || 2 || pad || 0 || data */ - /* - * padding for PKCS #1 encrypted data is a string of random bytes. The - * random butes protect against potential decryption attacks against RSA. - * Since PrivDecrypt has already stripped those bytes, we can't reconstruct - * them. This shouldn't matter to the upper level code which should just - * strip this code out anyway, so We'll pad with a constant 3. - */ - memset(&buffer[2], 0x03, pad_len); - pad_len += 2; /* index to the end of the pad */ - buffer[pad_len] = 0; - pad_len++; /* index to the start of the data */ - memcpy(&buffer[pad_len], bp, signature_len); - /* - * we got here because either the X509 attempt failed, or the - * token couldn't do the X509 operation, in either case stay - * with the PKCS version for future operations on this key - */ - key->failedX509 = VCardEmulTrue; -cleanup: - if (bp != buf) { - g_free(bp); - } - return ret; -} - -/* - * Login functions - */ -/* return the number of login attempts still possible on the card. if unknown, - * return -1 */ -int -vcard_emul_get_login_count(VCard *card) -{ - return -1; -} - -/* login into the card, return the 7816 status word (sw2 || sw1) */ -vcard_7816_status_t -vcard_emul_login(VCard *card, unsigned char *pin, int pin_len) -{ - PK11SlotInfo *slot; - unsigned char *pin_string; - int i; - SECStatus rv; - - if (!nss_emul_init) { - return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED; - } - slot = vcard_emul_card_get_slot(card); - /* We depend on the PKCS #11 module internal login state here because we - * create a separate process to handle each guest instance. If we needed - * to handle multiple guests from one process, then we would need to keep - * a lot of extra state in our card structure - * */ - pin_string = g_malloc(pin_len+1); - memcpy(pin_string, pin, pin_len); - pin_string[pin_len] = 0; - - /* handle CAC expanded pins correctly */ - for (i = pin_len-1; i >= 0 && (pin_string[i] == 0xff); i--) { - pin_string[i] = 0; - } - - rv = PK11_Authenticate(slot, PR_FALSE, pin_string); - memset(pin_string, 0, pin_len); /* don't let the pin hang around in memory - to be snooped */ - g_free(pin_string); - if (rv == SECSuccess) { - return VCARD7816_STATUS_SUCCESS; - } - /* map the error from port get error */ - return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED; -} - -void -vcard_emul_logout(VCard *card) -{ - PK11SlotInfo *slot; - - if (!nss_emul_init) { - return; - } - - slot = vcard_emul_card_get_slot(card); - if (PK11_IsLoggedIn(slot, NULL)) { - PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */ - } -} - -void -vcard_emul_reset(VCard *card, VCardPower power) -{ - /* - * if we reset the card (either power on or power off), we lose our login - * state - */ - vcard_emul_logout(card); - - /* TODO: we may also need to send insertion/removal events? */ -} - -static VReader * -vcard_emul_find_vreader_from_slot(PK11SlotInfo *slot) -{ - VReaderList *reader_list = vreader_get_reader_list(); - VReaderListEntry *current_entry; - - if (reader_list == NULL) { - return NULL; - } - for (current_entry = vreader_list_get_first(reader_list); current_entry; - current_entry = vreader_list_get_next(current_entry)) { - VReader *reader = vreader_list_get_reader(current_entry); - VReaderEmul *reader_emul = vreader_get_private(reader); - if (reader_emul->slot == slot) { - vreader_list_delete(reader_list); - return reader; - } - vreader_free(reader); - } - - vreader_list_delete(reader_list); - return NULL; -} - -/* - * create a new reader emul - */ -static VReaderEmul * -vreader_emul_new(PK11SlotInfo *slot, VCardEmulType type, const char *params) -{ - VReaderEmul *new_reader_emul; - - new_reader_emul = g_new(VReaderEmul, 1); - - new_reader_emul->slot = PK11_ReferenceSlot(slot); - new_reader_emul->default_type = type; - new_reader_emul->type_params = g_strdup(params); - new_reader_emul->present = PR_FALSE; - new_reader_emul->series = 0; - new_reader_emul->saved_vcard = NULL; - return new_reader_emul; -} - -static void -vreader_emul_delete(VReaderEmul *vreader_emul) -{ - if (vreader_emul == NULL) { - return; - } - if (vreader_emul->slot) { - PK11_FreeSlot(vreader_emul->slot); - } - g_free(vreader_emul->type_params); - g_free(vreader_emul); -} - -/* - * TODO: move this to emulater non-specific file - */ -static VCardEmulType -vcard_emul_get_type(VReader *vreader) -{ - VReaderEmul *vreader_emul; - - vreader_emul = vreader_get_private(vreader); - if (vreader_emul && vreader_emul->default_type != VCARD_EMUL_NONE) { - return vreader_emul->default_type; - } - - return vcard_emul_type_select(vreader); -} -/* - * TODO: move this to emulater non-specific file - */ -static const char * -vcard_emul_get_type_params(VReader *vreader) -{ - VReaderEmul *vreader_emul; - - vreader_emul = vreader_get_private(vreader); - if (vreader_emul && vreader_emul->type_params) { - return vreader_emul->type_params; - } - - return ""; -} - -/* pull the slot out of the reader private data */ -static PK11SlotInfo * -vcard_emul_reader_get_slot(VReader *vreader) -{ - VReaderEmul *vreader_emul = vreader_get_private(vreader); - if (vreader_emul == NULL) { - return NULL; - } - return vreader_emul->slot; -} - -/* - * Card ATR's map to physical cards. vcard_alloc_atr will set appropriate - * historical bytes for any software emulated card. The remaining bytes can be - * used to indicate the actual emulator - */ -static unsigned char *nss_atr; -static int nss_atr_len; - -void -vcard_emul_get_atr(VCard *card, unsigned char *atr, int *atr_len) -{ - int len; - assert(atr != NULL); - - if (nss_atr == NULL) { - nss_atr = vcard_alloc_atr("NSS", &nss_atr_len); - } - len = MIN(nss_atr_len, *atr_len); - memcpy(atr, nss_atr, len); - *atr_len = len; -} - -/* - * create a new card from certs and keys - */ -static VCard * -vcard_emul_make_card(VReader *reader, - unsigned char * const *certs, int *cert_len, - VCardKey *keys[], int cert_count) -{ - VCardEmul *vcard_emul; - VCard *vcard; - PK11SlotInfo *slot; - VCardEmulType type; - const char *params; - - type = vcard_emul_get_type(reader); - - /* ignore the inserted card */ - if (type == VCARD_EMUL_NONE) { - return NULL; - } - slot = vcard_emul_reader_get_slot(reader); - if (slot == NULL) { - return NULL; - } - - params = vcard_emul_get_type_params(reader); - /* params these can be NULL */ - - vcard_emul = vcard_emul_new_card(slot); - if (vcard_emul == NULL) { - return NULL; - } - vcard = vcard_new(vcard_emul, vcard_emul_delete_card); - if (vcard == NULL) { - vcard_emul_delete_card(vcard_emul); - return NULL; - } - vcard_init(reader, vcard, type, params, certs, cert_len, keys, cert_count); - return vcard; -} - - -/* - * 'clone' a physical card as a virtual card - */ -static VCard * -vcard_emul_mirror_card(VReader *vreader) -{ - /* - * lookup certs using the C_FindObjects. The Stan Cert handle won't give - * us the real certs until we log in. - */ - PK11GenericObject *firstObj, *thisObj; - int cert_count; - unsigned char **certs; - int *cert_len; - VCardKey **keys; - PK11SlotInfo *slot; - VCard *card; - - slot = vcard_emul_reader_get_slot(vreader); - if (slot == NULL) { - return NULL; - } - - firstObj = PK11_FindGenericObjects(slot, CKO_CERTIFICATE); - if (firstObj == NULL) { - return NULL; - } - - /* count the certs */ - cert_count = 0; - for (thisObj = firstObj; thisObj; - thisObj = PK11_GetNextGenericObject(thisObj)) { - cert_count++; - } - - /* allocate the arrays */ - vcard_emul_alloc_arrays(&certs, &cert_len, &keys, cert_count); - - /* fill in the arrays */ - cert_count = 0; - for (thisObj = firstObj; thisObj; - thisObj = PK11_GetNextGenericObject(thisObj)) { - SECItem derCert; - CERTCertificate *cert; - SECStatus rv; - - rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisObj, - CKA_VALUE, &derCert); - if (rv != SECSuccess) { - continue; - } - /* create floating temp cert. This gives us a cert structure even if - * the token isn't logged in */ - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, - NULL, PR_FALSE, PR_TRUE); - SECITEM_FreeItem(&derCert, PR_FALSE); - if (cert == NULL) { - continue; - } - - certs[cert_count] = cert->derCert.data; - cert_len[cert_count] = cert->derCert.len; - keys[cert_count] = vcard_emul_make_key(slot, cert); - cert_count++; - CERT_DestroyCertificate(cert); /* key obj still has a reference */ - } - - /* now create the card */ - card = vcard_emul_make_card(vreader, certs, cert_len, keys, cert_count); - g_free(certs); - g_free(cert_len); - g_free(keys); - - return card; -} - -static VCardEmulType default_card_type = VCARD_EMUL_NONE; -static const char *default_type_params = ""; - -/* - * This thread looks for card and reader insertions and puts events on the - * event queue - */ -static void -vcard_emul_event_thread(void *arg) -{ - PK11SlotInfo *slot; - VReader *vreader; - VReaderEmul *vreader_emul; - VCard *vcard; - SECMODModule *module = (SECMODModule *)arg; - - do { - /* - * XXX - the latency value doesn't matter one bit. you only get no - * blocking (flags |= CKF_DONT_BLOCK) or PKCS11_WAIT_LATENCY (==500), - * hard coded in coolkey. And it isn't coolkey's fault - the timeout - * value we pass get's dropped on the floor before C_WaitForSlotEvent - * is called. - */ - slot = SECMOD_WaitForAnyTokenEvent(module, 0, 500); - if (slot == NULL) { - /* this could be just a no event indication */ - if (PORT_GetError() == SEC_ERROR_NO_EVENT) { - continue; - } - break; - } - vreader = vcard_emul_find_vreader_from_slot(slot); - if (vreader == NULL) { - /* new vreader */ - vreader_emul = vreader_emul_new(slot, default_card_type, - default_type_params); - vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul, - vreader_emul_delete); - PK11_FreeSlot(slot); - slot = NULL; - vreader_add_reader(vreader); - vreader_free(vreader); - continue; - } - /* card remove/insert */ - vreader_emul = vreader_get_private(vreader); - if (PK11_IsPresent(slot)) { - int series = PK11_GetSlotSeries(slot); - if (series != vreader_emul->series) { - if (vreader_emul->present) { - vreader_insert_card(vreader, NULL); - } - vcard = vcard_emul_mirror_card(vreader); - vreader_insert_card(vreader, vcard); - vcard_free(vcard); - } - vreader_emul->series = series; - vreader_emul->present = 1; - vreader_free(vreader); - PK11_FreeSlot(slot); - continue; - } - if (vreader_emul->present) { - vreader_insert_card(vreader, NULL); - } - vreader_emul->series = 0; - vreader_emul->present = 0; - PK11_FreeSlot(slot); - vreader_free(vreader); - } while (1); -} - -/* if the card is inserted when we start up, make sure our state is correct */ -static void -vcard_emul_init_series(VReader *vreader, VCard *vcard) -{ - VReaderEmul *vreader_emul = vreader_get_private(vreader); - PK11SlotInfo *slot = vreader_emul->slot; - - vreader_emul->present = PK11_IsPresent(slot); - vreader_emul->series = PK11_GetSlotSeries(slot); - if (vreader_emul->present == 0) { - vreader_insert_card(vreader, NULL); - } -} - -/* - * each module has a separate wait call, create a thread for each module that - * we are using. - */ -static void -vcard_emul_new_event_thread(SECMODModule *module) -{ - PR_CreateThread(PR_SYSTEM_THREAD, vcard_emul_event_thread, - module, PR_PRIORITY_HIGH, PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); -} - -static const VCardEmulOptions default_options = { - .nss_db = NULL, - .vreader = NULL, - .vreader_count = 0, - .hw_card_type = VCARD_EMUL_CAC, - .hw_type_params = "", - .use_hw = PR_TRUE -}; - - -/* - * NSS needs the app to supply a password prompt. In our case the only time - * the password is supplied is as part of the Login APDU. The actual password - * is passed in the pw_arg in that case. In all other cases pw_arg should be - * NULL. - */ -static char * -vcard_emul_get_password(PK11SlotInfo *slot, PRBool retries, void *pw_arg) -{ - /* if it didn't work the first time, don't keep trying */ - if (retries) { - return NULL; - } - /* we are looking up a password when we don't have one in hand */ - if (pw_arg == NULL) { - return NULL; - } - /* TODO: we really should verify that were are using the right slot */ - return PORT_Strdup(pw_arg); -} - -/* Force a card removal even if the card is not physically removed */ -VCardEmulError -vcard_emul_force_card_remove(VReader *vreader) -{ - if (!nss_emul_init || (vreader_card_is_present(vreader) != VREADER_OK)) { - return VCARD_EMUL_FAIL; /* card is already removed */ - } - - /* OK, remove it */ - vreader_insert_card(vreader, NULL); - return VCARD_EMUL_OK; -} - -/* Re-insert of a card that has been removed by force removal */ -VCardEmulError -vcard_emul_force_card_insert(VReader *vreader) -{ - VReaderEmul *vreader_emul; - VCard *vcard; - - if (!nss_emul_init || (vreader_card_is_present(vreader) == VREADER_OK)) { - return VCARD_EMUL_FAIL; /* card is already removed */ - } - vreader_emul = vreader_get_private(vreader); - - /* if it's a softcard, get the saved vcard from the reader emul structure */ - if (vreader_emul->saved_vcard) { - vcard = vcard_reference(vreader_emul->saved_vcard); - } else { - /* it must be a physical card, rebuild it */ - if (!PK11_IsPresent(vreader_emul->slot)) { - /* physical card has been removed, not way to reinsert it */ - return VCARD_EMUL_FAIL; - } - vcard = vcard_emul_mirror_card(vreader); - } - vreader_insert_card(vreader, vcard); - vcard_free(vcard); - - return VCARD_EMUL_OK; -} - - -static PRBool -module_has_removable_hw_slots(SECMODModule *mod) -{ - int i; - PRBool ret = PR_FALSE; - SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); - - if (!moduleLock) { - PORT_SetError(SEC_ERROR_NOT_INITIALIZED); - return ret; - } - SECMOD_GetReadLock(moduleLock); - for (i = 0; i < mod->slotCount; i++) { - PK11SlotInfo *slot = mod->slots[i]; - if (PK11_IsRemovable(slot) && PK11_IsHW(slot)) { - ret = PR_TRUE; - break; - } - } - SECMOD_ReleaseReadLock(moduleLock); - return ret; -} - -/* Previously we returned FAIL if no readers found. This makes - * no sense when using hardware, since there may be no readers connected - * at the time vcard_emul_init is called, but they will be properly - * recognized later. So Instead return FAIL only if no_hw==1 and no - * vcards can be created (indicates error with certificates provided - * or db), or if any other higher level error (NSS error, missing coolkey). */ -static int vcard_emul_init_called; - -VCardEmulError -vcard_emul_init(const VCardEmulOptions *options) -{ - SECStatus rv; - PRBool has_readers = PR_FALSE; - VReader *vreader; - VReaderEmul *vreader_emul; - SECMODListLock *module_lock; - SECMODModuleList *module_list; - SECMODModuleList *mlp; - int i; - - if (vcard_emul_init_called) { - return VCARD_EMUL_INIT_ALREADY_INITED; - } - vcard_emul_init_called = 1; - vreader_init(); - vevent_queue_init(); - - if (options == NULL) { - options = &default_options; - } - - /* first initialize NSS */ - if (options->nss_db) { - rv = NSS_Init(options->nss_db); - } else { - gchar *path; -#ifndef _WIN32 - path = g_strdup("/etc/pki/nssdb"); -#else - if (g_get_system_config_dirs() == NULL || - g_get_system_config_dirs()[0] == NULL) { - return VCARD_EMUL_FAIL; - } - - path = g_build_filename( - g_get_system_config_dirs()[0], "pki", "nssdb", NULL); -#endif - - rv = NSS_Init(path); - g_free(path); - } - if (rv != SECSuccess) { - return VCARD_EMUL_FAIL; - } - /* Set password callback function */ - PK11_SetPasswordFunc(vcard_emul_get_password); - - /* set up soft cards emulated by software certs rather than physical cards - * */ - for (i = 0; i < options->vreader_count; i++) { - int j; - int cert_count; - unsigned char **certs; - int *cert_len; - VCardKey **keys; - PK11SlotInfo *slot; - - slot = PK11_FindSlotByName(options->vreader[i].name); - if (slot == NULL) { - continue; - } - vreader_emul = vreader_emul_new(slot, options->vreader[i].card_type, - options->vreader[i].type_params); - vreader = vreader_new(options->vreader[i].vname, vreader_emul, - vreader_emul_delete); - vreader_add_reader(vreader); - - vcard_emul_alloc_arrays(&certs, &cert_len, &keys, - options->vreader[i].cert_count); - - cert_count = 0; - for (j = 0; j < options->vreader[i].cert_count; j++) { - /* we should have a better way of identifying certs than by - * nickname here */ - CERTCertificate *cert = PK11_FindCertFromNickname( - options->vreader[i].cert_name[j], - NULL); - if (cert == NULL) { - continue; - } - certs[cert_count] = cert->derCert.data; - cert_len[cert_count] = cert->derCert.len; - keys[cert_count] = vcard_emul_make_key(slot, cert); - /* this is safe because the key is still holding a cert reference */ - CERT_DestroyCertificate(cert); - cert_count++; - } - if (cert_count) { - VCard *vcard = vcard_emul_make_card(vreader, certs, cert_len, - keys, cert_count); - vreader_insert_card(vreader, vcard); - vcard_emul_init_series(vreader, vcard); - /* allow insertion and removal of soft cards */ - vreader_emul->saved_vcard = vcard_reference(vcard); - vcard_free(vcard); - vreader_free(vreader); - has_readers = PR_TRUE; - } - g_free(certs); - g_free(cert_len); - g_free(keys); - } - - /* if we aren't suppose to use hw, skip looking up hardware tokens */ - if (!options->use_hw) { - nss_emul_init = has_readers; - return has_readers ? VCARD_EMUL_OK : VCARD_EMUL_FAIL; - } - - /* make sure we have some PKCS #11 module loaded */ - module_lock = SECMOD_GetDefaultModuleListLock(); - module_list = SECMOD_GetDefaultModuleList(); - SECMOD_GetReadLock(module_lock); - for (mlp = module_list; mlp; mlp = mlp->next) { - SECMODModule *module = mlp->module; - if (module_has_removable_hw_slots(module)) { - break; - } - } - SECMOD_ReleaseReadLock(module_lock); - - /* now examine all the slots, finding which should be readers */ - /* We should control this with options. For now we mirror out any - * removable hardware slot */ - default_card_type = options->hw_card_type; - default_type_params = g_strdup(options->hw_type_params); - - SECMOD_GetReadLock(module_lock); - for (mlp = module_list; mlp; mlp = mlp->next) { - SECMODModule *module = mlp->module; - - /* Ignore the internal module */ - if (module == NULL || module == SECMOD_GetInternalModule()) { - continue; - } - - for (i = 0; i < module->slotCount; i++) { - PK11SlotInfo *slot = module->slots[i]; - - /* only map removable HW slots */ - if (slot == NULL || !PK11_IsRemovable(slot) || !PK11_IsHW(slot)) { - continue; - } - if (strcmp("E-Gate 0 0", PK11_GetSlotName(slot)) == 0) { - /* - * coolkey <= 1.1.0-20 emulates this reader if it can't find - * any hardware readers. This causes problems, warn user of - * problems. - */ - fprintf(stderr, "known bad coolkey version - see " - "https://bugzilla.redhat.com/show_bug.cgi?id=802435\n"); - continue; - } - vreader_emul = vreader_emul_new(slot, options->hw_card_type, - options->hw_type_params); - vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul, - vreader_emul_delete); - vreader_add_reader(vreader); - - if (PK11_IsPresent(slot)) { - VCard *vcard; - vcard = vcard_emul_mirror_card(vreader); - vreader_insert_card(vreader, vcard); - vcard_emul_init_series(vreader, vcard); - vcard_free(vcard); - } - } - vcard_emul_new_event_thread(module); - } - SECMOD_ReleaseReadLock(module_lock); - nss_emul_init = PR_TRUE; - - return VCARD_EMUL_OK; -} - -/* Recreate card insert events for all readers (user should - * deduce implied reader insert. perhaps do a reader insert as well?) - */ -void -vcard_emul_replay_insertion_events(void) -{ - VReaderListEntry *current_entry; - VReaderListEntry *next_entry; - VReaderList *list = vreader_get_reader_list(); - - for (current_entry = vreader_list_get_first(list); current_entry; - current_entry = next_entry) { - VReader *vreader = vreader_list_get_reader(current_entry); - next_entry = vreader_list_get_next(current_entry); - vreader_queue_card_event(vreader); - } - - vreader_list_delete(list); -} - -/* - * Silly little functions to help parsing our argument string - */ -static int -count_tokens(const char *str, char token, char token_end) -{ - int count = 0; - - for (; *str; str++) { - if (*str == token) { - count++; - } - if (*str == token_end) { - break; - } - } - return count; -} - -static const char * -strip(const char *str) -{ - for (; *str && isspace(*str); str++) { - } - return str; -} - -static const char * -find_blank(const char *str) -{ - for (; *str && !isspace(*str); str++) { - } - return str; -} - - -/* - * We really want to use some existing argument parsing library here. That - * would give us a consistent look */ -static VCardEmulOptions options; -#define READER_STEP 4 - -/* Expects "args" to be at the beginning of a token (ie right after the ',' - * ending the previous token), and puts the next token start in "token", - * and its length in "token_length". "token" will not be nul-terminated. - * After calling the macro, "args" will be advanced to the beginning of - * the next token. - * This macro may call continue or break. - */ -#define NEXT_TOKEN(token) \ - (token) = args; \ - args = strpbrk(args, ",)"); \ - if (*args == 0) { \ - break; \ - } \ - if (*args == ')') { \ - args++; \ - continue; \ - } \ - (token##_length) = args - (token); \ - args = strip(args+1); - -VCardEmulOptions * -vcard_emul_options(const char *args) -{ - int reader_count = 0; - VCardEmulOptions *opts; - - /* Allow the future use of allocating the options structure on the fly */ - memcpy(&options, &default_options, sizeof(options)); - opts = &options; - - do { - args = strip(args); /* strip off the leading spaces */ - if (*args == ',') { - continue; - } - /* soft=(slot_name,virt_name,emul_type,emul_flags,cert_1, (no eol) - * cert_2,cert_3...) */ - if (strncmp(args, "soft=", 5) == 0) { - const char *name; - size_t name_length; - const char *vname; - size_t vname_length; - const char *type_params; - size_t type_params_length; - char type_str[100]; - VCardEmulType type; - int count, i; - VirtualReaderOptions *vreaderOpt; - - args = strip(args + 5); - if (*args != '(') { - continue; - } - args = strip(args+1); - - NEXT_TOKEN(name) - NEXT_TOKEN(vname) - NEXT_TOKEN(type_params) - type_params_length = MIN(type_params_length, sizeof(type_str)-1); - memcpy(type_str, type_params, type_params_length); - type_str[type_params_length] = '\0'; - type = vcard_emul_type_from_string(type_str); - - NEXT_TOKEN(type_params) - - if (*args == 0) { - break; - } - - if (opts->vreader_count >= reader_count) { - reader_count += READER_STEP; - opts->vreader = g_renew(VirtualReaderOptions, opts->vreader, - reader_count); - } - vreaderOpt = &opts->vreader[opts->vreader_count]; - vreaderOpt->name = g_strndup(name, name_length); - vreaderOpt->vname = g_strndup(vname, vname_length); - vreaderOpt->card_type = type; - vreaderOpt->type_params = - g_strndup(type_params, type_params_length); - count = count_tokens(args, ',', ')') + 1; - vreaderOpt->cert_count = count; - vreaderOpt->cert_name = g_new(char *, count); - for (i = 0; i < count; i++) { - const char *cert = args; - args = strpbrk(args, ",)"); - vreaderOpt->cert_name[i] = g_strndup(cert, args - cert); - args = strip(args+1); - } - if (*args == ')') { - args++; - } - opts->vreader_count++; - /* use_hw= */ - } else if (strncmp(args, "use_hw=", 7) == 0) { - args = strip(args+7); - if (*args == '0' || *args == 'N' || *args == 'n' || *args == 'F') { - opts->use_hw = PR_FALSE; - } else { - opts->use_hw = PR_TRUE; - } - args = find_blank(args); - /* hw_type= */ - } else if (strncmp(args, "hw_type=", 8) == 0) { - args = strip(args+8); - opts->hw_card_type = vcard_emul_type_from_string(args); - args = find_blank(args); - /* hw_params= */ - } else if (strncmp(args, "hw_params=", 10) == 0) { - const char *params; - args = strip(args+10); - params = args; - args = find_blank(args); - opts->hw_type_params = g_strndup(params, args-params); - /* db="/data/base/path" */ - } else if (strncmp(args, "db=", 3) == 0) { - const char *db; - args = strip(args+3); - if (*args != '"') { - continue; - } - args++; - db = args; - args = strpbrk(args, "\"\n"); - opts->nss_db = g_strndup(db, args-db); - if (*args != 0) { - args++; - } - } else { - args = find_blank(args); - } - } while (*args != 0); - - return opts; -} - -void -vcard_emul_usage(void) -{ - fprintf(stderr, -"emul args: comma separated list of the following arguments\n" -" db={nss_database} (default sql:/etc/pki/nssdb)\n" -" use_hw=[yes|no] (default yes)\n" -" hw_type={card_type_to_emulate} (default CAC)\n" -" hw_param={param_for_card} (default \"\")\n" -" soft=({slot_name},{vreader_name},{card_type_to_emulate},{params_for_card},\n" -" {cert1},{cert2},{cert3} (default none)\n" -"\n" -" {nss_database} The location of the NSS cert & key database\n" -" {card_type_to_emulate} What card interface to present to the guest\n" -" {param_for_card} Card interface specific parameters\n" -" {slot_name} NSS slot that contains the certs\n" -" {vreader_name} Virtual reader name to present to the guest\n" -" {certN} Nickname of the certificate n on the virtual card\n" -"\n" -"These parameters come as a single string separated by blanks or newlines." -"\n" -"Unless use_hw is set to no, all tokens that look like removable hardware\n" -"tokens will be presented to the guest using the emulator specified by\n" -"hw_type, and parameters of hw_param.\n" -"\n" -"If more one or more soft= parameters are specified, these readers will be\n" -"presented to the guest\n"); -} diff --git a/libcacard/vcard_emul_type.c b/libcacard/vcard_emul_type.c deleted file mode 100644 index 59a1458..0000000 --- a/libcacard/vcard_emul_type.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * This file contains utility functions which abstract the different card - * types. The goal is that new card types can easily be added by simply - * changing this file and vcard_emul_type.h. It is currently not a requirement - * to dynamically add new card types. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include <strings.h> -#include "vcardt.h" -#include "vcard_emul_type.h" -#include "cac.h" - -VCardStatus vcard_init(VReader *vreader, VCard *vcard, - VCardEmulType type, const char *params, - unsigned char *const *cert, int cert_len[], - VCardKey *key[], int cert_count) -{ - switch (type) { - case VCARD_EMUL_NONE: - break; - case VCARD_EMUL_CAC: - return cac_card_init(vreader, vcard, params, - cert, cert_len, key, cert_count); - /* add new ones here */ - default: - break; - } - return VCARD_FAIL; -} - -VCardEmulType vcard_emul_type_select(VReader *vreader) -{ -#ifdef notdef - /* since there is only one emulator no need to call this function */ - if (cac_is_cac_card(vreader) == VCARD_DONE) { - return VCARD_EMUL_CAC; - } -#endif - /* return the default */ - return VCARD_EMUL_CAC; -} - -VCardEmulType vcard_emul_type_from_string(const char *type_string) -{ - if (strcasecmp(type_string, "CAC") == 0) { - return VCARD_EMUL_CAC; - } -#ifdef USE_PASSTHRU - if (strcasecmp(type_string, "PASSTHRU") == 0) { - return VCARD_EMUL_PASSTHRU; - } -#endif - return VCARD_EMUL_NONE; -} diff --git a/libcacard/vcard_emul_type.h b/libcacard/vcard_emul_type.h deleted file mode 100644 index 0242f40..0000000 --- a/libcacard/vcard_emul_type.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * This header file abstracts the different card types. The goal is new card - * types can easily be added by simply changing this file and - * vcard_emul_type.c. It is currently not a requirement to dynamically add new - * card types. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef VCARD_EMUL_TYPE_H -#define VCARD_EMUL_TYPE_H 1 -#include "vcardt.h" -#include "vreadert.h" - -/* - * types - */ -typedef enum { - VCARD_EMUL_NONE = 0, - VCARD_EMUL_CAC, - VCARD_EMUL_PASSTHRU -} VCardEmulType; - -/* functions used by the rest of the emulator */ -VCardStatus vcard_init(VReader *vreader, VCard *vcard, VCardEmulType type, - const char *params, unsigned char * const *cert, - int cert_len[], VCardKey *key[], int cert_count); -VCardEmulType vcard_emul_type_select(VReader *vreader); -VCardEmulType vcard_emul_type_from_string(const char *type_string); - -#endif diff --git a/libcacard/vcardt.c b/libcacard/vcardt.c deleted file mode 100644 index c67de2f..0000000 --- a/libcacard/vcardt.c +++ /dev/null @@ -1,40 +0,0 @@ -#include <stdlib.h> -#include <string.h> -#include <glib.h> - -#include "vcardt.h" - -#include "vcardt_internal.h" - -/* create an ATR with appropriate historical bytes */ -#define ATR_TS_DIRECT_CONVENTION 0x3b -#define ATR_TA_PRESENT 0x10 -#define ATR_TB_PRESENT 0x20 -#define ATR_TC_PRESENT 0x40 -#define ATR_TD_PRESENT 0x80 - -unsigned char *vcard_alloc_atr(const char *postfix, int *atr_len) -{ - int postfix_len; - const char prefix[] = "VCARD_"; - const char default_postfix[] = "DEFAULT"; - const int prefix_len = sizeof(prefix) - 1; - int total_len; - unsigned char *atr; - - if (postfix == NULL) { - postfix = default_postfix; - } - postfix_len = strlen(postfix); - total_len = 3 + prefix_len + postfix_len; - atr = g_malloc(total_len); - atr[0] = ATR_TS_DIRECT_CONVENTION; - atr[1] = ATR_TD_PRESENT + prefix_len + postfix_len; - atr[2] = 0x00; - memcpy(&atr[3], prefix, prefix_len); - memcpy(&atr[3 + prefix_len], postfix, postfix_len); - if (atr_len) { - *atr_len = total_len; - } - return atr; -} diff --git a/libcacard/vcardt.h b/libcacard/vcardt.h deleted file mode 100644 index 795e265..0000000 --- a/libcacard/vcardt.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef VCARDT_H -#define VCARDT_H 1 - -/* - * these should come from some common spice header file - */ -#include <assert.h> -#ifndef MIN -#define MIN(x, y) ((x) > (y) ? (y) : (x)) -#define MAX(x, y) ((x) > (y) ? (x) : (y)) -#endif - -typedef struct VCardStruct VCard; -typedef struct VCardAPDUStruct VCardAPDU; -typedef struct VCardResponseStruct VCardResponse; -typedef struct VCardBufferResponseStruct VCardBufferResponse; -typedef struct VCardAppletStruct VCardApplet; -typedef struct VCardAppletPrivateStruct VCardAppletPrivate; -typedef struct VCardKeyStruct VCardKey; /* opaque */ -typedef struct VCardEmulStruct VCardEmul; - -#define MAX_CHANNEL 4 - -typedef enum { - VCARD_DONE, - VCARD_NEXT, - VCARD_FAIL -} VCardStatus; - -typedef enum { - VCARD_FILE_SYSTEM, - VCARD_VM, - VCARD_DIRECT -} VCardType; - -typedef enum { - VCARD_POWER_ON, - VCARD_POWER_OFF -} VCardPower; - -typedef VCardStatus (*VCardProcessAPDU)(VCard *card, VCardAPDU *apdu, - VCardResponse **response); -typedef VCardStatus (*VCardResetApplet)(VCard *card, int channel); -typedef void (*VCardAppletPrivateFree) (VCardAppletPrivate *); -typedef void (*VCardEmulFree) (VCardEmul *); -typedef void (*VCardGetAtr) (VCard *, unsigned char *atr, int *atr_len); - -struct VCardBufferResponseStruct { - unsigned char *buffer; - int buffer_len; - unsigned char *current; - int len; -}; - -#endif diff --git a/libcacard/vcardt_internal.h b/libcacard/vcardt_internal.h deleted file mode 100644 index e5c8d2d..0000000 --- a/libcacard/vcardt_internal.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef VCARDT_INTERNAL_H -#define VCARDT_INTERNAL_H - -unsigned char *vcard_alloc_atr(const char *postfix, int *atr_len); - -#endif diff --git a/libcacard/vevent.h b/libcacard/vevent.h deleted file mode 100644 index 38c3482..0000000 --- a/libcacard/vevent.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ -#ifndef EVENT_H -#define EVENT_H 1 -#include "eventt.h" -#include "vreadert.h" -#include "vcardt.h" - -VEvent *vevent_new(VEventType type, VReader *reader, VCard *card); -void vevent_delete(VEvent *); - -/* - * VEvent queueing services - */ -void vevent_queue_vevent(VEvent *); -void vevent_queue_init(void); - -/* - * VEvent dequeing services - */ -VEvent *vevent_wait_next_vevent(void); -VEvent *vevent_get_next_vevent(void); - - -#endif diff --git a/libcacard/vreader.c b/libcacard/vreader.c deleted file mode 100644 index 9725f46..0000000 --- a/libcacard/vreader.c +++ /dev/null @@ -1,578 +0,0 @@ -/* - * emulate the reader - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifdef G_LOG_DOMAIN -#undef G_LOG_DOMAIN -#endif -#define G_LOG_DOMAIN "libcacard" - -#include "glib-compat.h" - -#include <string.h> - -#include "vcard.h" -#include "vcard_emul.h" -#include "card_7816.h" -#include "vreader.h" -#include "vevent.h" -#include "cac.h" /* just for debugging defines */ - -#define LIBCACARD_LOG_DOMAIN "libcacard" - -struct VReaderStruct { - int reference_count; - VCard *card; - char *name; - vreader_id_t id; - CompatGMutex lock; - VReaderEmul *reader_private; - VReaderEmulFree reader_private_free; -}; - -/* - * Debug helpers - */ - -static const char * -apdu_ins_to_string(int ins) -{ - switch (ins) { - case VCARD7816_INS_MANAGE_CHANNEL: - return "manage channel"; - case VCARD7816_INS_EXTERNAL_AUTHENTICATE: - return "external authenticate"; - case VCARD7816_INS_GET_CHALLENGE: - return "get challenge"; - case VCARD7816_INS_INTERNAL_AUTHENTICATE: - return "internal authenticate"; - case VCARD7816_INS_ERASE_BINARY: - return "erase binary"; - case VCARD7816_INS_READ_BINARY: - return "read binary"; - case VCARD7816_INS_WRITE_BINARY: - return "write binary"; - case VCARD7816_INS_UPDATE_BINARY: - return "update binary"; - case VCARD7816_INS_READ_RECORD: - return "read record"; - case VCARD7816_INS_WRITE_RECORD: - return "write record"; - case VCARD7816_INS_UPDATE_RECORD: - return "update record"; - case VCARD7816_INS_APPEND_RECORD: - return "append record"; - case VCARD7816_INS_ENVELOPE: - return "envelope"; - case VCARD7816_INS_PUT_DATA: - return "put data"; - case VCARD7816_INS_GET_DATA: - return "get data"; - case VCARD7816_INS_SELECT_FILE: - return "select file"; - case VCARD7816_INS_VERIFY: - return "verify"; - case VCARD7816_INS_GET_RESPONSE: - return "get response"; - case CAC_GET_PROPERTIES: - return "get properties"; - case CAC_GET_ACR: - return "get acr"; - case CAC_READ_BUFFER: - return "read buffer"; - case CAC_UPDATE_BUFFER: - return "update buffer"; - case CAC_SIGN_DECRYPT: - return "sign decrypt"; - case CAC_GET_CERTIFICATE: - return "get certificate"; - } - return "unknown"; -} - -/* manage locking */ -static inline void -vreader_lock(VReader *reader) -{ - g_mutex_lock(&reader->lock); -} - -static inline void -vreader_unlock(VReader *reader) -{ - g_mutex_unlock(&reader->lock); -} - -/* - * vreader constructor - */ -VReader * -vreader_new(const char *name, VReaderEmul *private, - VReaderEmulFree private_free) -{ - VReader *reader; - - reader = g_new(VReader, 1); - g_mutex_init(&reader->lock); - reader->reference_count = 1; - reader->name = g_strdup(name); - reader->card = NULL; - reader->id = (vreader_id_t)-1; - reader->reader_private = private; - reader->reader_private_free = private_free; - return reader; -} - -/* get a reference */ -VReader* -vreader_reference(VReader *reader) -{ - if (reader == NULL) { - return NULL; - } - vreader_lock(reader); - reader->reference_count++; - vreader_unlock(reader); - return reader; -} - -/* free a reference */ -void -vreader_free(VReader *reader) -{ - if (reader == NULL) { - return; - } - vreader_lock(reader); - if (reader->reference_count-- > 1) { - vreader_unlock(reader); - return; - } - vreader_unlock(reader); - g_mutex_clear(&reader->lock); - if (reader->card) { - vcard_free(reader->card); - } - g_free(reader->name); - if (reader->reader_private_free) { - reader->reader_private_free(reader->reader_private); - } - g_free(reader); -} - -static VCard * -vreader_get_card(VReader *reader) -{ - VCard *card; - - vreader_lock(reader); - card = vcard_reference(reader->card); - vreader_unlock(reader); - return card; -} - -VReaderStatus -vreader_card_is_present(VReader *reader) -{ - VCard *card = vreader_get_card(reader); - - if (card == NULL) { - return VREADER_NO_CARD; - } - vcard_free(card); - return VREADER_OK; -} - -vreader_id_t -vreader_get_id(VReader *reader) -{ - if (reader == NULL) { - return (vreader_id_t)-1; - } - return reader->id; -} - -VReaderStatus -vreader_set_id(VReader *reader, vreader_id_t id) -{ - if (reader == NULL) { - return VREADER_NO_CARD; - } - reader->id = id; - return VREADER_OK; -} - -const char * -vreader_get_name(VReader *reader) -{ - if (reader == NULL) { - return NULL; - } - return reader->name; -} - -VReaderEmul * -vreader_get_private(VReader *reader) -{ - return reader->reader_private; -} - -static VReaderStatus -vreader_reset(VReader *reader, VCardPower power, unsigned char *atr, int *len) -{ - VCard *card = vreader_get_card(reader); - - if (card == NULL) { - return VREADER_NO_CARD; - } - /* - * clean up our state - */ - vcard_reset(card, power); - if (atr) { - vcard_get_atr(card, atr, len); - } - vcard_free(card); /* free our reference */ - return VREADER_OK; -} - -VReaderStatus -vreader_power_on(VReader *reader, unsigned char *atr, int *len) -{ - return vreader_reset(reader, VCARD_POWER_ON, atr, len); -} - -VReaderStatus -vreader_power_off(VReader *reader) -{ - return vreader_reset(reader, VCARD_POWER_OFF, NULL, 0); -} - - -VReaderStatus -vreader_xfr_bytes(VReader *reader, - unsigned char *send_buf, int send_buf_len, - unsigned char *receive_buf, int *receive_buf_len) -{ - VCardAPDU *apdu; - VCardResponse *response = NULL; - VCardStatus card_status; - unsigned short status; - VCard *card = vreader_get_card(reader); - - if (card == NULL) { - return VREADER_NO_CARD; - } - - apdu = vcard_apdu_new(send_buf, send_buf_len, &status); - if (apdu == NULL) { - response = vcard_make_response(status); - card_status = VCARD_DONE; - } else { - g_debug("%s: CLS=0x%x,INS=0x%x,P1=0x%x,P2=0x%x,Lc=%d,Le=%d %s", - __func__, apdu->a_cla, apdu->a_ins, apdu->a_p1, apdu->a_p2, - apdu->a_Lc, apdu->a_Le, apdu_ins_to_string(apdu->a_ins)); - card_status = vcard_process_apdu(card, apdu, &response); - if (response) { - g_debug("%s: status=%d sw1=0x%x sw2=0x%x len=%d (total=%d)", - __func__, response->b_status, response->b_sw1, - response->b_sw2, response->b_len, response->b_total_len); - } - } - assert(card_status == VCARD_DONE && response); - int size = MIN(*receive_buf_len, response->b_total_len); - memcpy(receive_buf, response->b_data, size); - *receive_buf_len = size; - vcard_response_delete(response); - vcard_apdu_delete(apdu); - vcard_free(card); /* free our reference */ - return VREADER_OK; -} - -struct VReaderListStruct { - VReaderListEntry *head; - VReaderListEntry *tail; -}; - -struct VReaderListEntryStruct { - VReaderListEntry *next; - VReaderListEntry *prev; - VReader *reader; -}; - - -static VReaderListEntry * -vreader_list_entry_new(VReader *reader) -{ - VReaderListEntry *new_reader_list_entry; - - new_reader_list_entry = g_new0(VReaderListEntry, 1); - new_reader_list_entry->reader = vreader_reference(reader); - return new_reader_list_entry; -} - -static void -vreader_list_entry_delete(VReaderListEntry *entry) -{ - if (entry == NULL) { - return; - } - vreader_free(entry->reader); - g_free(entry); -} - - -static VReaderList * -vreader_list_new(void) -{ - VReaderList *new_reader_list; - - new_reader_list = g_new0(VReaderList, 1); - return new_reader_list; -} - -void -vreader_list_delete(VReaderList *list) -{ - VReaderListEntry *current_entry; - VReaderListEntry *next_entry; - for (current_entry = vreader_list_get_first(list); current_entry; - current_entry = next_entry) { - next_entry = vreader_list_get_next(current_entry); - vreader_list_entry_delete(current_entry); - } - g_free(list); -} - - -VReaderListEntry * -vreader_list_get_first(VReaderList *list) -{ - return list ? list->head : NULL; -} - -VReaderListEntry * -vreader_list_get_next(VReaderListEntry *current) -{ - return current ? current->next : NULL; -} - -VReader * -vreader_list_get_reader(VReaderListEntry *entry) -{ - return entry ? vreader_reference(entry->reader) : NULL; -} - -static void -vreader_queue(VReaderList *list, VReaderListEntry *entry) -{ - if (entry == NULL) { - return; - } - entry->next = NULL; - entry->prev = list->tail; - if (list->head) { - list->tail->next = entry; - } else { - list->head = entry; - } - list->tail = entry; -} - -static void -vreader_dequeue(VReaderList *list, VReaderListEntry *entry) -{ - if (entry == NULL) { - return; - } - if (entry->next == NULL) { - list->tail = entry->prev; - } else if (entry->prev == NULL) { - list->head = entry->next; - } else { - entry->prev->next = entry->next; - entry->next->prev = entry->prev; - } - if ((list->tail == NULL) || (list->head == NULL)) { - list->head = list->tail = NULL; - } - entry->next = entry->prev = NULL; -} - -static VReaderList *vreader_list; -static CompatGMutex vreader_list_mutex; - -static void -vreader_list_init(void) -{ - vreader_list = vreader_list_new(); -} - -static void -vreader_list_lock(void) -{ - g_mutex_lock(&vreader_list_mutex); -} - -static void -vreader_list_unlock(void) -{ - g_mutex_unlock(&vreader_list_mutex); -} - -static VReaderList * -vreader_copy_list(VReaderList *list) -{ - VReaderList *new_list; - VReaderListEntry *current_entry; - - new_list = vreader_list_new(); - if (new_list == NULL) { - return NULL; - } - for (current_entry = vreader_list_get_first(list); current_entry; - current_entry = vreader_list_get_next(current_entry)) { - VReader *reader = vreader_list_get_reader(current_entry); - VReaderListEntry *new_entry = vreader_list_entry_new(reader); - - vreader_free(reader); - vreader_queue(new_list, new_entry); - } - return new_list; -} - -VReaderList * -vreader_get_reader_list(void) -{ - VReaderList *new_reader_list; - - vreader_list_lock(); - new_reader_list = vreader_copy_list(vreader_list); - vreader_list_unlock(); - return new_reader_list; -} - -VReader * -vreader_get_reader_by_id(vreader_id_t id) -{ - VReader *reader = NULL; - VReaderListEntry *current_entry; - - if (id == (vreader_id_t) -1) { - return NULL; - } - - vreader_list_lock(); - for (current_entry = vreader_list_get_first(vreader_list); current_entry; - current_entry = vreader_list_get_next(current_entry)) { - VReader *creader = vreader_list_get_reader(current_entry); - if (creader->id == id) { - reader = creader; - break; - } - vreader_free(creader); - } - vreader_list_unlock(); - return reader; -} - -VReader * -vreader_get_reader_by_name(const char *name) -{ - VReader *reader = NULL; - VReaderListEntry *current_entry; - - vreader_list_lock(); - for (current_entry = vreader_list_get_first(vreader_list); current_entry; - current_entry = vreader_list_get_next(current_entry)) { - VReader *creader = vreader_list_get_reader(current_entry); - if (strcmp(creader->name, name) == 0) { - reader = creader; - break; - } - vreader_free(creader); - } - vreader_list_unlock(); - return reader; -} - -/* called from card_emul to initialize the readers */ -VReaderStatus -vreader_add_reader(VReader *reader) -{ - VReaderListEntry *reader_entry; - - reader_entry = vreader_list_entry_new(reader); - if (reader_entry == NULL) { - return VREADER_OUT_OF_MEMORY; - } - vreader_list_lock(); - vreader_queue(vreader_list, reader_entry); - vreader_list_unlock(); - vevent_queue_vevent(vevent_new(VEVENT_READER_INSERT, reader, NULL)); - return VREADER_OK; -} - - -VReaderStatus -vreader_remove_reader(VReader *reader) -{ - VReaderListEntry *current_entry; - - vreader_list_lock(); - for (current_entry = vreader_list_get_first(vreader_list); current_entry; - current_entry = vreader_list_get_next(current_entry)) { - if (current_entry->reader == reader) { - break; - } - } - vreader_dequeue(vreader_list, current_entry); - vreader_list_unlock(); - vreader_list_entry_delete(current_entry); - vevent_queue_vevent(vevent_new(VEVENT_READER_REMOVE, reader, NULL)); - return VREADER_OK; -} - -/* - * Generate VEVENT_CARD_INSERT or VEVENT_CARD_REMOVE based on vreader - * state. Separated from vreader_insert_card to allow replaying events - * for a given state. - */ -void -vreader_queue_card_event(VReader *reader) -{ - vevent_queue_vevent(vevent_new( - reader->card ? VEVENT_CARD_INSERT : VEVENT_CARD_REMOVE, reader, - reader->card)); -} - -/* - * insert/remove a new card. for removal, card == NULL - */ -VReaderStatus -vreader_insert_card(VReader *reader, VCard *card) -{ - vreader_lock(reader); - if (reader->card) { - /* decrement reference count */ - vcard_free(reader->card); - reader->card = NULL; - } - reader->card = vcard_reference(card); - vreader_unlock(reader); - vreader_queue_card_event(reader); - return VREADER_OK; -} - -/* - * initialize all the static reader structures - */ -void -vreader_init(void) -{ - vreader_list_init(); -} - diff --git a/libcacard/vreader.h b/libcacard/vreader.h deleted file mode 100644 index ec20421..0000000 --- a/libcacard/vreader.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef VREADER_H -#define VREADER_H 1 - -#include "eventt.h" -#include "vreadert.h" -#include "vcardt.h" - -/* - * calls for reader front end - */ -VReaderStatus vreader_power_on(VReader *reader, unsigned char *atr, int *len); -VReaderStatus vreader_power_off(VReader *reader); -VReaderStatus vreader_xfr_bytes(VReader *reader, unsigned char *send_buf, - int send_buf_len, unsigned char *receive_buf, - int *receive_buf_len); - -/* constructor */ -VReader *vreader_new(const char *readerName, VReaderEmul *emul_private, - VReaderEmulFree private_free); -/* get a new reference to a reader */ -VReader *vreader_reference(VReader *reader); -/* "destructor" (readers are reference counted) */ -void vreader_free(VReader *reader); - -/* accessors */ -VReaderEmul *vreader_get_private(VReader *); -VReaderStatus vreader_card_is_present(VReader *reader); -void vreader_queue_card_event(VReader *reader); -const char *vreader_get_name(VReader *reader); -vreader_id_t vreader_get_id(VReader *reader); -VReaderStatus vreader_set_id(VReader *reader, vreader_id_t id); - -/* list operations */ -VReaderList *vreader_get_reader_list(void); -void vreader_list_delete(VReaderList *list); -VReader *vreader_list_get_reader(VReaderListEntry *entry); -VReaderListEntry *vreader_list_get_first(VReaderList *list); -VReaderListEntry *vreader_list_get_next(VReaderListEntry *list); -VReader *vreader_get_reader_by_id(vreader_id_t id); -VReader *vreader_get_reader_by_name(const char *name); - -/* - * list tools for vcard_emul - */ -void vreader_init(void); -VReaderStatus vreader_add_reader(VReader *reader); -VReaderStatus vreader_remove_reader(VReader *reader); -VReaderStatus vreader_insert_card(VReader *reader, VCard *card); - -#endif diff --git a/libcacard/vreadert.h b/libcacard/vreadert.h deleted file mode 100644 index f97e0a7..0000000 --- a/libcacard/vreadert.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef VREADERT_H -#define VREADERT_H 1 - -typedef enum { - VREADER_OK = 0, - VREADER_NO_CARD, - VREADER_OUT_OF_MEMORY -} VReaderStatus; - -typedef unsigned int vreader_id_t; -typedef struct VReaderStruct VReader; -typedef struct VReaderListStruct VReaderList; -typedef struct VReaderListEntryStruct VReaderListEntry; - -typedef struct VReaderEmulStruct VReaderEmul; -typedef void (*VReaderEmulFree)(VReaderEmul *); - -#endif - diff --git a/libcacard/vscard_common.h b/libcacard/vscard_common.h deleted file mode 100644 index 08f68e4..0000000 --- a/libcacard/vscard_common.h +++ /dev/null @@ -1,178 +0,0 @@ -/* Virtual Smart Card protocol definition - * - * This protocol is between a host using virtual smart card readers, - * and a client providing the smart cards, perhaps by emulating them or by - * access to real cards. - * - * Definitions for this protocol: - * Host - user of the card - * Client - owner of the card - * - * The current implementation passes the raw APDU's from 7816 and additionally - * contains messages to setup and teardown readers, handle insertion and - * removal of cards, negotiate the protocol via capabilities and provide - * for error responses. - * - * Copyright (c) 2011 Red Hat. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#ifndef VSCARD_COMMON_H -#define VSCARD_COMMON_H - -#include <stdint.h> - -#define VERSION_MAJOR_BITS 11 -#define VERSION_MIDDLE_BITS 11 -#define VERSION_MINOR_BITS 10 - -#define MAKE_VERSION(major, middle, minor) \ - ((major << (VERSION_MINOR_BITS + VERSION_MIDDLE_BITS)) \ - | (middle << VERSION_MINOR_BITS) \ - | (minor)) - -/* - * IMPORTANT NOTE on VERSION - * - * The version below MUST be changed whenever a change in this file is made. - * - * The last digit, the minor, is for bug fix changes only. - * - * The middle digit is for backward / forward compatible changes, updates - * to the existing messages, addition of fields. - * - * The major digit is for a breaking change of protocol, presumably - * something that cannot be accommodated with the existing protocol. - */ - -#define VSCARD_VERSION MAKE_VERSION(0, 0, 2) - -typedef enum VSCMsgType { - VSC_Init = 1, - VSC_Error, - VSC_ReaderAdd, - VSC_ReaderRemove, - VSC_ATR, - VSC_CardRemove, - VSC_APDU, - VSC_Flush, - VSC_FlushComplete -} VSCMsgType; - -typedef enum VSCErrorCode { - VSC_SUCCESS = 0, - VSC_GENERAL_ERROR = 1, - VSC_CANNOT_ADD_MORE_READERS, - VSC_CARD_ALREAY_INSERTED, -} VSCErrorCode; - -#define VSCARD_UNDEFINED_READER_ID 0xffffffff -#define VSCARD_MINIMAL_READER_ID 0 - -#define VSCARD_MAGIC (*(uint32_t *)"VSCD") - -/* - * Header - * Each message starts with the header. - * type - message type - * reader_id - used by messages that are reader specific - * length - length of payload (not including header, i.e. zero for - * messages containing empty payloads) - */ -typedef struct VSCMsgHeader { - uint32_t type; - uint32_t reader_id; - uint32_t length; - uint8_t data[0]; -} VSCMsgHeader; - -/* - * VSCMsgInit Client <-> Host - * Client sends it on connection, with its own capabilities. - * Host replies with VSCMsgInit filling in its capabilities. - * - * It is not meant to be used for negotiation, i.e. sending more then - * once from any side, but could be used for that in the future. - */ -typedef struct VSCMsgInit { - uint32_t magic; - uint32_t version; - uint32_t capabilities[1]; /* receiver must check length, - array may grow in the future*/ -} VSCMsgInit; - -/* - * VSCMsgError Client <-> Host - * This message is a response to any of: - * Reader Add - * Reader Remove - * Card Remove - * If the operation was successful then VSC_SUCCESS - * is returned, other wise a specific error code. - */ -typedef struct VSCMsgError { - uint32_t code; -} VSCMsgError; - -/* - * VSCMsgReaderAdd Client -> Host - * Host replies with allocated reader id in VSCMsgError with code==SUCCESS. - * - * name - name of the reader on client side, UTF-8 encoded. Only used - * for client presentation (may be translated to the device presented to the - * guest), protocol wise only reader_id is important. - */ -typedef struct VSCMsgReaderAdd { - uint8_t name[0]; -} VSCMsgReaderAdd; - -/* - * VSCMsgReaderRemove Client -> Host - * The client's reader has been removed. - */ -typedef struct VSCMsgReaderRemove { -} VSCMsgReaderRemove; - -/* - * VSCMsgATR Client -> Host - * Answer to reset. Sent for card insertion or card reset. The reset/insertion - * happens on the client side, they do not require any action from the host. - */ -typedef struct VSCMsgATR { - uint8_t atr[0]; -} VSCMsgATR; - -/* - * VSCMsgCardRemove Client -> Host - * The client card has been removed. - */ -typedef struct VSCMsgCardRemove { -} VSCMsgCardRemove; - -/* - * VSCMsgAPDU Client <-> Host - * Main reason of existence. Transfer a single APDU in either direction. - */ -typedef struct VSCMsgAPDU { - uint8_t data[0]; -} VSCMsgAPDU; - -/* - * VSCMsgFlush Host -> Client - * Request client to send a FlushComplete message when it is done - * servicing all outstanding APDUs - */ -typedef struct VSCMsgFlush { -} VSCMsgFlush; - -/* - * VSCMsgFlush Client -> Host - * Client response to Flush after all APDUs have been processed and - * responses sent. - */ -typedef struct VSCMsgFlushComplete { -} VSCMsgFlushComplete; - -#endif /* VSCARD_COMMON_H */ diff --git a/libcacard/vscclient.c b/libcacard/vscclient.c deleted file mode 100644 index 0652684..0000000 --- a/libcacard/vscclient.c +++ /dev/null @@ -1,785 +0,0 @@ -/* - * Tester for VSCARD protocol, client side. - * - * Can be used with ccid-card-passthru. - * - * Copyright (c) 2011 Red Hat. - * Written by Alon Levy. - * - * This work is licensed under the terms of the GNU LGPL, version 2.1 or later. - * See the COPYING.LIB file in the top-level directory. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#ifndef _WIN32 -#include <sys/socket.h> -#include <netinet/in.h> -#include <netdb.h> -#include <unistd.h> -#define closesocket(x) close(x) -#else -#include <getopt.h> -#endif - -#include "glib-compat.h" - -#include "vscard_common.h" - -#include "vreader.h" -#include "vcard_emul.h" -#include "vevent.h" - -static int verbose; - -static void -print_byte_array( - uint8_t *arrBytes, - unsigned int nSize -) { - int i; - for (i = 0; i < nSize; i++) { - printf("%02X ", arrBytes[i]); - } - printf("\n"); -} - -static void -print_usage(void) { - printf("vscclient [-c <certname> .. -e <emul_args> -d <level>%s] " - "<host> <port>\n", -#ifdef USE_PASSTHRU - " -p"); - printf(" -p use passthrough mode\n"); -#else - ""); -#endif - vcard_emul_usage(); -} - -static GIOChannel *channel_socket; -static GByteArray *socket_to_send; -static CompatGMutex socket_to_send_lock; -static guint socket_tag; - -static void -update_socket_watch(void); - -static gboolean -do_socket_send(GIOChannel *source, - GIOCondition condition, - gpointer data) -{ - gsize bw; - GError *err = NULL; - - g_return_val_if_fail(socket_to_send->len != 0, FALSE); - g_return_val_if_fail(condition & G_IO_OUT, FALSE); - - g_io_channel_write_chars(channel_socket, - (gchar *)socket_to_send->data, socket_to_send->len, &bw, &err); - if (err != NULL) { - g_error("Error while sending socket %s", err->message); - return FALSE; - } - g_byte_array_remove_range(socket_to_send, 0, bw); - - if (socket_to_send->len == 0) { - update_socket_watch(); - return FALSE; - } - return TRUE; -} - -static gboolean -socket_prepare_sending(gpointer user_data) -{ - update_socket_watch(); - - return FALSE; -} - -static int -send_msg( - VSCMsgType type, - uint32_t reader_id, - const void *msg, - unsigned int length -) { - VSCMsgHeader mhHeader; - - g_mutex_lock(&socket_to_send_lock); - - if (verbose > 10) { - printf("sending type=%d id=%u, len =%u (0x%x)\n", - type, reader_id, length, length); - } - - mhHeader.type = htonl(type); - mhHeader.reader_id = 0; - mhHeader.length = htonl(length); - g_byte_array_append(socket_to_send, (guint8 *)&mhHeader, sizeof(mhHeader)); - g_byte_array_append(socket_to_send, (guint8 *)msg, length); - g_idle_add(socket_prepare_sending, NULL); - - g_mutex_unlock(&socket_to_send_lock); - - return 0; -} - -static VReader *pending_reader; -static CompatGMutex pending_reader_lock; -static CompatGCond pending_reader_condition; - -#define MAX_ATR_LEN 40 -static gpointer -event_thread(gpointer arg) -{ - unsigned char atr[MAX_ATR_LEN]; - int atr_len; - VEvent *event; - unsigned int reader_id; - - - while (1) { - const char *reader_name; - - event = vevent_wait_next_vevent(); - if (event == NULL) { - break; - } - reader_id = vreader_get_id(event->reader); - if (reader_id == VSCARD_UNDEFINED_READER_ID && - event->type != VEVENT_READER_INSERT) { - /* ignore events from readers qemu has rejected */ - /* if qemu is still deciding on this reader, wait to see if need to - * forward this event */ - g_mutex_lock(&pending_reader_lock); - if (!pending_reader || (pending_reader != event->reader)) { - /* wasn't for a pending reader, this reader has already been - * rejected by qemu */ - g_mutex_unlock(&pending_reader_lock); - vevent_delete(event); - continue; - } - /* this reader hasn't been told its status from qemu yet, wait for - * that status */ - while (pending_reader != NULL) { - g_cond_wait(&pending_reader_condition, &pending_reader_lock); - } - g_mutex_unlock(&pending_reader_lock); - /* now recheck the id */ - reader_id = vreader_get_id(event->reader); - if (reader_id == VSCARD_UNDEFINED_READER_ID) { - /* this reader was rejected */ - vevent_delete(event); - continue; - } - /* reader was accepted, now forward the event */ - } - switch (event->type) { - case VEVENT_READER_INSERT: - /* tell qemu to insert a new CCID reader */ - /* wait until qemu has responded to our first reader insert - * before we send a second. That way we won't confuse the responses - * */ - g_mutex_lock(&pending_reader_lock); - while (pending_reader != NULL) { - g_cond_wait(&pending_reader_condition, &pending_reader_lock); - } - pending_reader = vreader_reference(event->reader); - g_mutex_unlock(&pending_reader_lock); - reader_name = vreader_get_name(event->reader); - if (verbose > 10) { - printf(" READER INSERT: %s\n", reader_name); - } - send_msg(VSC_ReaderAdd, - reader_id, /* currerntly VSCARD_UNDEFINED_READER_ID */ - NULL, 0 /* TODO reader_name, strlen(reader_name) */); - break; - case VEVENT_READER_REMOVE: - /* future, tell qemu that an old CCID reader has been removed */ - if (verbose > 10) { - printf(" READER REMOVE: %u\n", reader_id); - } - send_msg(VSC_ReaderRemove, reader_id, NULL, 0); - break; - case VEVENT_CARD_INSERT: - /* get the ATR (intended as a response to a power on from the - * reader */ - atr_len = MAX_ATR_LEN; - vreader_power_on(event->reader, atr, &atr_len); - /* ATR call functions as a Card Insert event */ - if (verbose > 10) { - printf(" CARD INSERT %u: ", reader_id); - print_byte_array(atr, atr_len); - } - send_msg(VSC_ATR, reader_id, atr, atr_len); - break; - case VEVENT_CARD_REMOVE: - /* Card removed */ - if (verbose > 10) { - printf(" CARD REMOVE %u:\n", reader_id); - } - send_msg(VSC_CardRemove, reader_id, NULL, 0); - break; - default: - break; - } - vevent_delete(event); - } - return NULL; -} - - -static unsigned int -get_id_from_string(char *string, unsigned int default_id) -{ - unsigned int id = atoi(string); - - /* don't accidentally swith to zero because no numbers have been supplied */ - if ((id == 0) && *string != '0') { - return default_id; - } - return id; -} - -static int -on_host_init(VSCMsgHeader *mhHeader, VSCMsgInit *incoming) -{ - uint32_t *capabilities = (incoming->capabilities); - int num_capabilities = - 1 + ((mhHeader->length - sizeof(VSCMsgInit)) / sizeof(uint32_t)); - int i; - - incoming->version = ntohl(incoming->version); - if (incoming->version != VSCARD_VERSION) { - if (verbose > 0) { - printf("warning: host has version %d, we have %d\n", - verbose, VSCARD_VERSION); - } - } - if (incoming->magic != VSCARD_MAGIC) { - printf("unexpected magic: got %d, expected %d\n", - incoming->magic, VSCARD_MAGIC); - return -1; - } - for (i = 0 ; i < num_capabilities; ++i) { - capabilities[i] = ntohl(capabilities[i]); - } - /* Future: check capabilities */ - /* remove whatever reader might be left in qemu, - * in case of an unclean previous exit. */ - send_msg(VSC_ReaderRemove, VSCARD_MINIMAL_READER_ID, NULL, 0); - /* launch the event_thread. This will trigger reader adds for all the - * existing readers */ - g_thread_new("vsc/event", event_thread, NULL); - return 0; -} - - -enum { - STATE_HEADER, - STATE_MESSAGE, -}; - -#define APDUBufSize 270 - -static gboolean -do_socket_read(GIOChannel *source, - GIOCondition condition, - gpointer data) -{ - int rv; - int dwSendLength; - int dwRecvLength; - uint8_t pbRecvBuffer[APDUBufSize]; - static uint8_t pbSendBuffer[APDUBufSize]; - VReaderStatus reader_status; - VReader *reader = NULL; - static VSCMsgHeader mhHeader; - VSCMsgError *error_msg; - GError *err = NULL; - - static gchar *buf; - static gsize br, to_read; - static int state = STATE_HEADER; - - if (state == STATE_HEADER && to_read == 0) { - buf = (gchar *)&mhHeader; - to_read = sizeof(mhHeader); - } - - if (to_read > 0) { - g_io_channel_read_chars(source, (gchar *)buf, to_read, &br, &err); - if (err != NULL) { - g_error("error while reading: %s", err->message); - } - buf += br; - to_read -= br; - if (to_read != 0) { - return TRUE; - } - } - - if (state == STATE_HEADER) { - mhHeader.type = ntohl(mhHeader.type); - mhHeader.reader_id = ntohl(mhHeader.reader_id); - mhHeader.length = ntohl(mhHeader.length); - if (verbose) { - printf("Header: type=%d, reader_id=%u length=%d (0x%x)\n", - mhHeader.type, mhHeader.reader_id, mhHeader.length, - mhHeader.length); - } - switch (mhHeader.type) { - case VSC_APDU: - case VSC_Flush: - case VSC_Error: - case VSC_Init: - buf = (gchar *)pbSendBuffer; - to_read = mhHeader.length; - state = STATE_MESSAGE; - return TRUE; - default: - fprintf(stderr, "Unexpected message of type 0x%X\n", mhHeader.type); - return FALSE; - } - } - - if (state == STATE_MESSAGE) { - switch (mhHeader.type) { - case VSC_APDU: - if (verbose) { - printf(" recv APDU: "); - print_byte_array(pbSendBuffer, mhHeader.length); - } - /* Transmit received APDU */ - dwSendLength = mhHeader.length; - dwRecvLength = sizeof(pbRecvBuffer); - reader = vreader_get_reader_by_id(mhHeader.reader_id); - reader_status = vreader_xfr_bytes(reader, - pbSendBuffer, dwSendLength, - pbRecvBuffer, &dwRecvLength); - if (reader_status == VREADER_OK) { - mhHeader.length = dwRecvLength; - if (verbose) { - printf(" send response: "); - print_byte_array(pbRecvBuffer, mhHeader.length); - } - send_msg(VSC_APDU, mhHeader.reader_id, - pbRecvBuffer, dwRecvLength); - } else { - rv = reader_status; /* warning: not meaningful */ - send_msg(VSC_Error, mhHeader.reader_id, &rv, sizeof(uint32_t)); - } - vreader_free(reader); - reader = NULL; /* we've freed it, don't use it by accident - again */ - break; - case VSC_Flush: - /* TODO: actually flush */ - send_msg(VSC_FlushComplete, mhHeader.reader_id, NULL, 0); - break; - case VSC_Error: - error_msg = (VSCMsgError *) pbSendBuffer; - if (error_msg->code == VSC_SUCCESS) { - g_mutex_lock(&pending_reader_lock); - if (pending_reader) { - vreader_set_id(pending_reader, mhHeader.reader_id); - vreader_free(pending_reader); - pending_reader = NULL; - g_cond_signal(&pending_reader_condition); - } - g_mutex_unlock(&pending_reader_lock); - break; - } - printf("warning: qemu refused to add reader\n"); - if (error_msg->code == VSC_CANNOT_ADD_MORE_READERS) { - /* clear pending reader, qemu can't handle any more */ - g_mutex_lock(&pending_reader_lock); - if (pending_reader) { - pending_reader = NULL; - /* make sure the event loop doesn't hang */ - g_cond_signal(&pending_reader_condition); - } - g_mutex_unlock(&pending_reader_lock); - } - break; - case VSC_Init: - if (on_host_init(&mhHeader, (VSCMsgInit *)pbSendBuffer) < 0) { - return FALSE; - } - break; - default: - g_assert_not_reached(); - return FALSE; - } - - state = STATE_HEADER; - } - - - return TRUE; -} - -static gboolean -do_socket(GIOChannel *source, - GIOCondition condition, - gpointer data) -{ - /* not sure if two watches work well with a single win32 sources */ - if (condition & G_IO_OUT) { - if (!do_socket_send(source, condition, data)) { - return FALSE; - } - } - - if (condition & G_IO_IN) { - if (!do_socket_read(source, condition, data)) { - return FALSE; - } - } - - return TRUE; -} - -static void -update_socket_watch(void) -{ - gboolean out = socket_to_send->len > 0; - - if (socket_tag != 0) { - g_source_remove(socket_tag); - } - - socket_tag = g_io_add_watch(channel_socket, - G_IO_IN | (out ? G_IO_OUT : 0), do_socket, NULL); -} - -static gboolean -do_command(GIOChannel *source, - GIOCondition condition, - gpointer data) -{ - char *string; - VCardEmulError error; - static unsigned int default_reader_id; - unsigned int reader_id; - VReader *reader = NULL; - GError *err = NULL; - - g_assert(condition & G_IO_IN); - - reader_id = default_reader_id; - g_io_channel_read_line(source, &string, NULL, NULL, &err); - if (err != NULL) { - g_error("Error while reading command: %s", err->message); - } - - if (string != NULL) { - if (strncmp(string, "exit", 4) == 0) { - /* remove all the readers */ - VReaderList *list = vreader_get_reader_list(); - VReaderListEntry *reader_entry; - printf("Active Readers:\n"); - for (reader_entry = vreader_list_get_first(list); reader_entry; - reader_entry = vreader_list_get_next(reader_entry)) { - VReader *reader = vreader_list_get_reader(reader_entry); - vreader_id_t reader_id; - reader_id = vreader_get_id(reader); - if (reader_id == -1) { - continue; - } - /* be nice and signal card removal first (qemu probably should - * do this itself) */ - if (vreader_card_is_present(reader) == VREADER_OK) { - send_msg(VSC_CardRemove, reader_id, NULL, 0); - } - send_msg(VSC_ReaderRemove, reader_id, NULL, 0); - } - exit(0); - } else if (strncmp(string, "insert", 6) == 0) { - if (string[6] == ' ') { - reader_id = get_id_from_string(&string[7], reader_id); - } - reader = vreader_get_reader_by_id(reader_id); - if (reader != NULL) { - error = vcard_emul_force_card_insert(reader); - printf("insert %s, returned %d\n", - vreader_get_name(reader), error); - } else { - printf("no reader by id %u found\n", reader_id); - } - } else if (strncmp(string, "remove", 6) == 0) { - if (string[6] == ' ') { - reader_id = get_id_from_string(&string[7], reader_id); - } - reader = vreader_get_reader_by_id(reader_id); - if (reader != NULL) { - error = vcard_emul_force_card_remove(reader); - printf("remove %s, returned %d\n", - vreader_get_name(reader), error); - } else { - printf("no reader by id %u found\n", reader_id); - } - } else if (strncmp(string, "select", 6) == 0) { - if (string[6] == ' ') { - reader_id = get_id_from_string(&string[7], - VSCARD_UNDEFINED_READER_ID); - } - if (reader_id != VSCARD_UNDEFINED_READER_ID) { - reader = vreader_get_reader_by_id(reader_id); - } - if (reader) { - printf("Selecting reader %u, %s\n", reader_id, - vreader_get_name(reader)); - default_reader_id = reader_id; - } else { - printf("Reader with id %u not found\n", reader_id); - } - } else if (strncmp(string, "debug", 5) == 0) { - if (string[5] == ' ') { - verbose = get_id_from_string(&string[6], 0); - } - printf("debug level = %d\n", verbose); - } else if (strncmp(string, "list", 4) == 0) { - VReaderList *list = vreader_get_reader_list(); - VReaderListEntry *reader_entry; - printf("Active Readers:\n"); - for (reader_entry = vreader_list_get_first(list); reader_entry; - reader_entry = vreader_list_get_next(reader_entry)) { - VReader *reader = vreader_list_get_reader(reader_entry); - vreader_id_t reader_id; - reader_id = vreader_get_id(reader); - if (reader_id == -1) { - continue; - } - printf("%3u %s %s\n", reader_id, - vreader_card_is_present(reader) == VREADER_OK ? - "CARD_PRESENT" : " ", - vreader_get_name(reader)); - } - printf("Inactive Readers:\n"); - for (reader_entry = vreader_list_get_first(list); reader_entry; - reader_entry = vreader_list_get_next(reader_entry)) { - VReader *reader = vreader_list_get_reader(reader_entry); - vreader_id_t reader_id; - reader_id = vreader_get_id(reader); - if (reader_id != -1) { - continue; - } - - printf("INA %s %s\n", - vreader_card_is_present(reader) == VREADER_OK ? - "CARD_PRESENT" : " ", - vreader_get_name(reader)); - } - vreader_list_delete(list); - } else if (*string != 0) { - printf("valid commands:\n"); - printf("insert [reader_id]\n"); - printf("remove [reader_id]\n"); - printf("select reader_id\n"); - printf("list\n"); - printf("debug [level]\n"); - printf("exit\n"); - } - } - vreader_free(reader); - printf("> "); - fflush(stdout); - - return TRUE; -} - - -/* just for ease of parsing command line arguments. */ -#define MAX_CERTS 100 - -static int -connect_to_qemu( - const char *host, - const char *port -) { - struct addrinfo hints; - struct addrinfo *server = NULL; - int ret, sock; - - sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) { - /* Error */ - fprintf(stderr, "Error opening socket!\n"); - return -1; - } - - memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = 0; - hints.ai_protocol = 0; /* Any protocol */ - - ret = getaddrinfo(host, port, &hints, &server); - - if (ret != 0) { - /* Error */ - fprintf(stderr, "getaddrinfo failed\n"); - goto cleanup_socket; - } - - if (connect(sock, server->ai_addr, server->ai_addrlen) < 0) { - /* Error */ - fprintf(stderr, "Could not connect\n"); - goto cleanup_socket; - } - if (verbose) { - printf("Connected (sizeof Header=%zd)!\n", sizeof(VSCMsgHeader)); - } - - freeaddrinfo(server); - return sock; - -cleanup_socket: - if (server) { - freeaddrinfo(server); - } - closesocket(sock); - return -1; -} - -int -main( - int argc, - char *argv[] -) { - GMainLoop *loop; - GIOChannel *channel_stdin; - char *qemu_host; - char *qemu_port; - - VCardEmulOptions *command_line_options = NULL; - - char *cert_names[MAX_CERTS]; - char *emul_args = NULL; - int cert_count = 0; - int c, sock; - -#ifdef _WIN32 - WSADATA Data; - - if (WSAStartup(MAKEWORD(2, 2), &Data) != 0) { - c = WSAGetLastError(); - fprintf(stderr, "WSAStartup: %d\n", c); - return 1; - } -#endif -#if !GLIB_CHECK_VERSION(2, 31, 0) - if (!g_thread_supported()) { - g_thread_init(NULL); - } -#endif - - while ((c = getopt(argc, argv, "c:e:pd:")) != -1) { - switch (c) { - case 'c': - if (cert_count >= MAX_CERTS) { - printf("too many certificates (max = %d)\n", MAX_CERTS); - exit(5); - } - cert_names[cert_count++] = optarg; - break; - case 'e': - emul_args = optarg; - break; - case 'p': - print_usage(); - exit(4); - break; - case 'd': - verbose = get_id_from_string(optarg, 1); - break; - } - } - - if (argc - optind != 2) { - print_usage(); - exit(4); - } - - if (cert_count > 0) { - char *new_args; - int len, i; - /* if we've given some -c options, we clearly we want do so some - * software emulation. add that emulation now. this is NSS Emulator - * specific */ - if (emul_args == NULL) { - emul_args = (char *)"db=\"/etc/pki/nssdb\""; - } -#define SOFT_STRING ",soft=(,Virtual Reader,CAC,," - /* 2 == close paren & null */ - len = strlen(emul_args) + strlen(SOFT_STRING) + 2; - for (i = 0; i < cert_count; i++) { - len += strlen(cert_names[i])+1; /* 1 == comma */ - } - new_args = g_malloc(len); - strcpy(new_args, emul_args); - strcat(new_args, SOFT_STRING); - for (i = 0; i < cert_count; i++) { - strcat(new_args, cert_names[i]); - strcat(new_args, ","); - } - strcat(new_args, ")"); - emul_args = new_args; - } - if (emul_args) { - command_line_options = vcard_emul_options(emul_args); - } - - qemu_host = g_strdup(argv[argc - 2]); - qemu_port = g_strdup(argv[argc - 1]); - sock = connect_to_qemu(qemu_host, qemu_port); - if (sock == -1) { - fprintf(stderr, "error opening socket, exiting.\n"); - exit(5); - } - - socket_to_send = g_byte_array_new(); - vcard_emul_init(command_line_options); - loop = g_main_loop_new(NULL, TRUE); - - printf("> "); - fflush(stdout); - -#ifdef _WIN32 - channel_stdin = g_io_channel_win32_new_fd(STDIN_FILENO); -#else - channel_stdin = g_io_channel_unix_new(STDIN_FILENO); -#endif - g_io_add_watch(channel_stdin, G_IO_IN, do_command, NULL); -#ifdef _WIN32 - channel_socket = g_io_channel_win32_new_socket(sock); -#else - channel_socket = g_io_channel_unix_new(sock); -#endif - g_io_channel_set_encoding(channel_socket, NULL, NULL); - /* we buffer ourself for thread safety reasons */ - g_io_channel_set_buffered(channel_socket, FALSE); - - /* Send init message, Host responds (and then we send reader attachments) */ - VSCMsgInit init = { - .version = htonl(VSCARD_VERSION), - .magic = VSCARD_MAGIC, - .capabilities = {0} - }; - send_msg(VSC_Init, 0, &init, sizeof(init)); - - g_main_loop_run(loop); - g_main_loop_unref(loop); - - g_io_channel_unref(channel_stdin); - g_io_channel_unref(channel_socket); - g_byte_array_free(socket_to_send, TRUE); - - closesocket(sock); - return 0; -} |