1 /* 2 * iasecc-sdo.h: Support for IAS/ECC smart cards 3 * 4 * Copyright (C) 2010 Viktor Tarasov <vtarasov@opentrust.com> 5 * OpenTrust <www.opentrust.com> 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation; either 10 * version 2.1 of the License, or (at your option) any later version. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 */ 21 22 #ifndef SC_IASECC_SDO_H 23 #define SC_IASECC_SDO_H 24 25 #include "libopensc/types.h" 26 27 #define IASECC_SDO_TAG_HEADER 0xBF 28 29 #define IASECC_SDO_TEMPLATE_TAG 0x70 30 31 #define IASECC_DOCP_TAG 0xA0 32 #define IASECC_DOCP_TAG_NAME 0x84 33 #define IASECC_DOCP_TAG_TRIES_MAXIMUM 0x9A 34 #define IASECC_DOCP_TAG_TRIES_REMAINING 0x9B 35 #define IASECC_DOCP_TAG_USAGE_MAXIMUM 0x9C 36 #define IASECC_DOCP_TAG_USAGE_REMAINING 0x9D 37 #define IASECC_DOCP_TAG_NON_REPUDIATION 0x9E 38 #define IASECC_DOCP_TAG_SIZE 0x80 39 #define IASECC_DOCP_TAG_ACLS 0xA1 40 #define IASECC_DOCP_TAG_ACLS_CONTACT 0x8C 41 #define IASECC_DOCP_TAG_ACLS_CONTACTLESS 0x9C 42 #define IASECC_DOCP_TAG_ISSUER_DATA_BER 0xA5 43 #define IASECC_DOCP_TAG_ISSUER_DATA 0x85 44 45 #define IASECC_ACLS_CHV_CHANGE 0 46 #define IASECC_ACLS_CHV_VERIFY 1 47 #define IASECC_ACLS_CHV_RESET 2 48 #define IASECC_ACLS_CHV_PUT_DATA 5 49 #define IASECC_ACLS_CHV_GET_DATA 6 50 51 #define IASECC_ACLS_RSAKEY_PSO_SIGN 0 52 #define IASECC_ACLS_RSAKEY_INTERNAL_AUTH 1 53 #define IASECC_ACLS_RSAKEY_PSO_DECIPHER 2 54 #define IASECC_ACLS_RSAKEY_GENERATE 3 55 #define IASECC_ACLS_RSAKEY_PUT_DATA 5 56 #define IASECC_ACLS_RSAKEY_GET_DATA 6 57 58 #define IASECC_ACLS_KEYSET_EXTERNAL_AUTH 1 59 #define IASECC_ACLS_KEYSET_MUTUAL_AUTH 3 60 #define IASECC_ACLS_KEYSET_PUT_DATA 5 61 #define IASECC_ACLS_KEYSET_GET_DATA 6 62 63 #define IASECC_SDO_CHV_TAG 0x7F41 64 #define IASECC_SDO_CHV_TAG_SIZE_MAX 0x80 65 #define IASECC_SDO_CHV_TAG_SIZE_MIN 0x81 66 #define IASECC_SDO_CHV_TAG_VALUE 0x82 67 68 #define IASECC_SDO_PRVKEY_TAG 0x7F48 69 #define IASECC_SDO_PRVKEY_TAG_P 0x92 70 #define IASECC_SDO_PRVKEY_TAG_Q 0x93 71 #define IASECC_SDO_PRVKEY_TAG_IQMP 0x94 72 #define IASECC_SDO_PRVKEY_TAG_DMP1 0x95 73 #define IASECC_SDO_PRVKEY_TAG_DMQ1 0x96 74 #define IASECC_SDO_PRVKEY_TAG_COMPULSORY 0x80 75 76 #define IASECC_SDO_PUBKEY_TAG 0x7F49 77 #define IASECC_SDO_PUBKEY_TAG_N 0x81 78 #define IASECC_SDO_PUBKEY_TAG_E 0x82 79 #define IASECC_SDO_PUBKEY_TAG_COMPULSORY 0x80 80 #define IASECC_SDO_PUBKEY_TAG_CHR 0x5F20 81 #define IASECC_SDO_PUBKEY_TAG_CHA 0x5F4C 82 83 #define IASECC_SDO_KEYSET_TAG 0xA2 84 #define IASECC_SDO_KEYSET_TAG_MAC 0x90 85 #define IASECC_SDO_KEYSET_TAG_ENC 0x91 86 #define IASECC_SDO_KEYSET_TAG_COMPULSORY 0x80 87 88 #define IASECC_SCB_METHOD_NEED_ALL 0x80 89 #define IASECC_SCB_METHOD_MASK 0x70 90 #define IASECC_SCB_METHOD_MASK_REF 0x0F 91 #define IASECC_SCB_METHOD_SM 0x40 92 #define IASECC_SCB_METHOD_EXT_AUTH 0x20 93 #define IASECC_SCB_METHOD_USER_AUTH 0x10 94 95 #define IASECC_SCB_NEVER 0xFF 96 #define IASECC_SCB_ALWAYS 0x00 97 98 #define IASECC_SDO_CLASS_CHV 0x01 99 #define IASECC_SDO_CLASS_KEYSET 0x0A 100 #define IASECC_SDO_CLASS_RSA_PRIVATE 0x10 101 #define IASECC_SDO_CLASS_RSA_PUBLIC 0x20 102 #define IASECC_SDO_CLASS_SE 0x7B 103 104 #define IASECC_CRT_TAG_AT 0xA4 105 #define IASECC_CRT_TAG_CT 0xB8 106 #define IASECC_CRT_TAG_CCT 0xB4 107 #define IASECC_CRT_TAG_DST 0xB6 108 #define IASECC_CRT_TAG_HT 0xAA 109 #define IASECC_CRT_TAG_KAT 0xA6 110 111 #define IASECC_CRT_TAG_USAGE 0x95 112 #define IASECC_CRT_TAG_REFERENCE 0x83 113 #define IASECC_CRT_TAG_ALGO 0x80 114 115 #define IASECC_ALGORITHM_SYMMETRIC 0x0C 116 #define IASECC_ALGORITHM_DH 0x0B 117 #define IASECC_ALGORITHM_RSA_PKCS 0x02 118 #define IASECC_ALGORITHM_RSA_9796_2 0x01 119 #define IASECC_ALGORITHM_RSA_PKCS_DECRYPT 0x0A 120 #define IASECC_ALGORITHM_SHA1 0x10 121 #define IASECC_ALGORITHM_SHA2 0x40 122 123 #define IASECC_ALGORITHM_ROLE_AUTH 0x1C 124 #define IASECC_ALGORITHM_SYMMETRIC_SHA1 0x0C 125 #define IASECC_ALGORITHM_SYMMETRIC_SHA256 0x8C 126 127 #define IASECC_UQB_AT_MUTUAL_AUTHENTICATION 0xC0 128 #define IASECC_UQB_AT_EXTERNAL_AUTHENTICATION 0x80 129 #define IASECC_UQB_AT_AUTHENTICATION 0x40 130 #define IASECC_UQB_AT_USER_PASSWORD 0x08 131 #define IASECC_UQB_AT_USER_BIOMETRIC 0x04 132 133 #define IASECC_UQB_DST_VERIFICATION 0x80 134 #define IASECC_UQB_DST_COMPUTATION 0x40 135 136 #define IASECC_UQB_CT_ENCIPHERMENT 0x80 137 #define IASECC_UQB_CT_DECIPHERMENT 0x40 138 #define IASECC_UQB_CT_SM_RESPONSE 0x20 139 #define IASECC_UQB_CT_SM_COMMAND 0x10 140 141 #define IASECC_UQB_CCT_VERIFICATION 0x80 142 #define IASECC_UQB_CCT_COMPUTATION 0x40 143 #define IASECC_UQB_CCT_SM_RESPONSE 0x20 144 #define IASECC_UQB_CCT_SM_COMMAND 0x10 145 146 #define IASECC_UQB_KAT 0x80 147 148 #define IASECC_ACL_GET_DATA 0x01 149 #define IASECC_ACL_PUT_DATA 0x02 150 #define IASECC_ACL_GENERATE_KEY 0x08 151 #define IASECC_ACL_PSO_DECIPHER 0x10 152 #define IASECC_ACL_INTERNAL_AUTHENTICATE 0x20 153 #define IASECC_ACL_PSO_SIGNATURE 0x40 154 155 #define IASECC_SDO_TAGS_UPDATE_MAX 16 156 157 //#define IASECC_SE_CRTS_MAX 24 158 159 #define _MAKE_IASECC_SDO_MAGIC(a, b, c, d) (((a) << 24) | ((b) << 16) | ((c) << 8) | ((d))) 160 161 #define IASECC_SDO_MAGIC _MAKE_IASECC_SDO_MAGIC('E', 'C', 'S', 'D') 162 #define IASECC_SDO_MAGIC_UPDATE _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'D') 163 #define IASECC_SDO_MAGIC_UPDATE_RSA _MAKE_IASECC_SDO_MAGIC('E', 'C', 'U', 'R') 164 165 #define IASECC_MAX_SCBS 7 166 //#define IASECC_MAX_CRTS_IN_SE 24 167 168 struct iasecc_extended_tlv { 169 unsigned tag; 170 unsigned parent_tag; 171 172 unsigned char *value; 173 size_t size; 174 175 unsigned on_card; 176 }; 177 178 struct iasecc_sdo_docp { 179 struct iasecc_extended_tlv name; 180 struct iasecc_extended_tlv tries_maximum; 181 struct iasecc_extended_tlv tries_remaining; 182 struct iasecc_extended_tlv usage_maximum; 183 struct iasecc_extended_tlv usage_remaining; 184 struct iasecc_extended_tlv non_repudiation; 185 struct iasecc_extended_tlv size; 186 struct iasecc_extended_tlv acls_contact; 187 struct iasecc_extended_tlv acls_contactless; 188 struct iasecc_extended_tlv issuer_data; 189 190 unsigned char amb, scbs[IASECC_MAX_SCBS]; 191 }; 192 193 struct iasecc_sdo_chv { 194 struct iasecc_extended_tlv size_max; 195 struct iasecc_extended_tlv size_min; 196 struct iasecc_extended_tlv value; 197 }; 198 199 struct iasecc_sdo_prvkey { 200 struct iasecc_extended_tlv p; 201 struct iasecc_extended_tlv q; 202 struct iasecc_extended_tlv iqmp; 203 struct iasecc_extended_tlv dmp1; 204 struct iasecc_extended_tlv dmq1; 205 struct iasecc_extended_tlv compulsory; 206 }; 207 208 struct iasecc_sdo_pubkey { 209 struct iasecc_extended_tlv n; 210 struct iasecc_extended_tlv e; 211 struct iasecc_extended_tlv compulsory; 212 struct iasecc_extended_tlv chr; 213 struct iasecc_extended_tlv cha; 214 }; 215 216 struct iasecc_sdo_keyset { 217 struct iasecc_extended_tlv mac; 218 struct iasecc_extended_tlv enc; 219 struct iasecc_extended_tlv compulsory; 220 }; 221 222 struct iasecc_sdo { 223 unsigned char sdo_class; 224 unsigned char sdo_ref; 225 226 unsigned int usage; 227 228 struct iasecc_sdo_docp docp; 229 230 union { 231 struct iasecc_sdo_chv chv; 232 struct iasecc_sdo_prvkey prv_key; 233 struct iasecc_sdo_pubkey pub_key; 234 struct iasecc_sdo_keyset keyset; 235 } data; 236 237 unsigned not_on_card; 238 unsigned magic; 239 }; 240 241 struct iasecc_sdo_update { 242 unsigned char sdo_class; 243 unsigned char sdo_ref; 244 245 struct iasecc_extended_tlv fields[IASECC_SDO_TAGS_UPDATE_MAX]; 246 247 unsigned magic; 248 }; 249 250 struct iasecc_sdo_rsa_update { 251 struct iasecc_sdo *sdo_prv_key; 252 struct iasecc_sdo *sdo_pub_key; 253 struct sc_pkcs15_prkey_rsa *p15_rsa; 254 255 struct iasecc_sdo_update update_prv; 256 struct iasecc_sdo_update update_pub; 257 258 unsigned magic; 259 }; 260 261 struct iasecc_se_info { 262 struct iasecc_sdo_docp docp; 263 int reference; 264 265 struct sc_crt crts[SC_MAX_CRTS_IN_SE]; 266 267 struct sc_file *df; 268 struct iasecc_se_info *next; 269 270 unsigned magic; 271 }; 272 273 struct iasecc_sm_card_answer { 274 unsigned char data[SC_MAX_APDU_BUFFER_SIZE]; 275 size_t data_len; 276 277 unsigned sw; 278 279 unsigned char mac[8]; 280 unsigned char ticket[14]; 281 }; 282 283 struct iasecc_ctl_get_free_reference { 284 size_t key_size; 285 unsigned usage; 286 unsigned access; 287 int index; 288 }; 289 290 enum IASECC_KEY_TYPE { 291 IASECC_SDO_CLASS_RSA_PRV = 0x10, 292 IASECC_SDO_CLASS_RSA_PUB = 0x20 293 }; 294 295 struct iasecc_sm_cmd_update_binary { 296 const unsigned char *data; 297 size_t offs, count; 298 }; 299 300 struct iasecc_sm_cmd_create_file { 301 const unsigned char *data; 302 size_t size; 303 }; 304 305 struct sc_card; 306 int iasecc_sdo_convert_acl(struct sc_card *, struct iasecc_sdo *, unsigned char, unsigned *, unsigned *); 307 void iasecc_sdo_free_fields(struct sc_card *, struct iasecc_sdo *); 308 void iasecc_sdo_free(struct sc_card *, struct iasecc_sdo *); 309 int iasecc_se_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_se_info *); 310 int iasecc_sdo_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo *); 311 int iasecc_sdo_allocate_and_parse(struct sc_card *, unsigned char *, size_t, struct iasecc_sdo **); 312 int iasecc_encode_size(size_t, unsigned char *); 313 int iasecc_sdo_encode_create(struct sc_context*, struct iasecc_sdo *, unsigned char **); 314 int iasecc_sdo_encode_update_field(struct sc_context *, unsigned char, unsigned char, 315 struct iasecc_extended_tlv *, unsigned char **); 316 int iasecc_se_get_crt(struct sc_card *, struct iasecc_se_info *, struct sc_crt *); 317 int iasecc_se_get_crt_by_usage(struct sc_card *, struct iasecc_se_info *, 318 unsigned char, unsigned char, struct sc_crt *); 319 int iasecc_sdo_encode_rsa_update(struct sc_context *, struct iasecc_sdo *, struct sc_pkcs15_prkey_rsa *, struct iasecc_sdo_update *); 320 int iasecc_sdo_parse_card_answer(struct sc_context *, unsigned char *, size_t, struct iasecc_sm_card_answer *); 321 int iasecc_docp_copy(struct sc_context *, struct iasecc_sdo_docp *, struct iasecc_sdo_docp *); 322 int iasecc_se_get_info(struct sc_card *card, struct iasecc_se_info *se); 323 324 int iasecc_sm_external_authentication(struct sc_card *card, unsigned skey_ref, int *tries_left); 325 int iasecc_sm_pin_verify(struct sc_card *card, unsigned se_num, struct sc_pin_cmd_data *data, int *tries_left); 326 int iasecc_sm_pin_reset(struct sc_card *card, unsigned se_num, struct sc_pin_cmd_data *data); 327 int iasecc_sm_update_binary(struct sc_card *card, unsigned se_num, size_t offs, const unsigned char *buff, size_t count); 328 int iasecc_sm_read_binary(struct sc_card *card, unsigned se_num, size_t offs, unsigned char *buff, size_t count); 329 int iasecc_sm_create_file(struct sc_card *card, unsigned se_num, unsigned char *fcp, size_t fcp_len); 330 int iasecc_sm_delete_file(struct sc_card *card, unsigned se_num, unsigned int file_id); 331 int iasecc_sm_rsa_generate(struct sc_card *card, unsigned se_num, struct iasecc_sdo *sdo); 332 int iasecc_sm_rsa_update(struct sc_card *card, unsigned se_num, struct iasecc_sdo_rsa_update *udata); 333 int iasecc_sm_sdo_update(struct sc_card *card, unsigned se_num, struct iasecc_sdo_update *update); 334 #endif 335