1 /*
2 * p15card-helper.c: Utility library to assist in PKCS#15 emulation on Non-filesystem cards
3 *
4 * Copyright (C) 2006, Identity Alliance, Thomas Harning <thomas.harning@identityalliance.com>
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20
21 #if HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #ifdef ENABLE_OPENSSL /* empty file without openssl */
26 #include <string.h>
27 #include <stdlib.h>
28 #include <openssl/bn.h>
29 #include <openssl/bio.h>
30 #include <openssl/rsa.h>
31 #include <openssl/x509.h>
32
33 #include "internal.h"
34 #include "p15card-helper.h"
35 #include "opensc.h"
36 #include "types.h"
37 #include "log.h"
38 #include "pkcs15.h"
39
sc_pkcs15emu_initialize_objects(sc_pkcs15_card_t * p15card,p15data_items * items)40 int sc_pkcs15emu_initialize_objects(sc_pkcs15_card_t *p15card, p15data_items *items) {
41 sc_card_t* card = p15card->card;
42 const objdata* objects = items->objects;
43 int i, r;
44 if(!objects) return SC_SUCCESS;
45 for (i = 0; objects[i].label; i++) {
46 struct sc_pkcs15_data_info obj_info;
47 struct sc_pkcs15_object obj_obj;
48
49 memset(&obj_info, 0, sizeof(obj_info));
50 memset(&obj_obj, 0, sizeof(obj_obj));
51 sc_pkcs15_format_id(objects[i].id, &obj_info.id);
52 sc_format_path(objects[i].path, &obj_info.path);
53 strncpy(obj_info.app_label, objects[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1);
54 r = sc_format_oid(&obj_info.app_oid, objects[i].aoid);
55 if (r != SC_SUCCESS)
56 return r;
57
58 strncpy(obj_obj.label, objects[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1);
59 obj_obj.flags = objects[i].obj_flags;
60
61 r = sc_pkcs15emu_object_add(p15card, SC_PKCS15_TYPE_DATA_OBJECT,
62 &obj_obj, &obj_info);
63 if (r < 0)
64 LOG_FUNC_RETURN(card->ctx, r);
65 }
66 return SC_SUCCESS;
67 }
68
get_prkey_by_cert(p15data_items * items,const cdata * cert)69 static const prdata* get_prkey_by_cert(p15data_items* items, const cdata* cert) {
70 const prdata* keys;
71 if(!items->private_keys)
72 return NULL;
73 for(keys = items->private_keys; keys->id; keys++) {
74 if(0 == strcmp(cert->id, keys->id))
75 return keys;
76 }
77 return NULL;
78 }
79
add_private_key(sc_pkcs15_card_t * p15card,const prdata * key,int usage,int modulus_length)80 static int add_private_key(sc_pkcs15_card_t *p15card, const prdata* key, int usage, int modulus_length) {
81 struct sc_pkcs15_prkey_info prkey_info;
82 struct sc_pkcs15_object prkey_obj;
83
84 memset(&prkey_info, 0, sizeof(prkey_info));
85 memset(&prkey_obj, 0, sizeof(prkey_obj));
86
87 sc_pkcs15_format_id(key->id, &prkey_info.id);
88
89 prkey_info.native = 1;
90 prkey_info.key_reference = key->ref;
91
92 if(!modulus_length) modulus_length = key->modulus_len;
93 prkey_info.modulus_length= modulus_length;
94
95 sc_format_path(key->path, &prkey_info.path);
96
97 strncpy(prkey_obj.label, key->label, SC_PKCS15_MAX_LABEL_SIZE - 1);
98
99 prkey_obj.flags = key->obj_flags;
100
101 /* Setup key usage */
102 if(!usage) usage = key->usage;
103 prkey_info.usage = usage;
104
105 if (key->auth_id)
106 sc_pkcs15_format_id(key->auth_id, &prkey_obj.auth_id);
107
108 return sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
109 }
110
add_public_key(sc_pkcs15_card_t * p15card,const pubdata * key,int usage,int modulus_length)111 static int add_public_key(sc_pkcs15_card_t *p15card, const pubdata *key, int usage, int modulus_length) {
112 struct sc_pkcs15_pubkey_info pubkey_info;
113 struct sc_pkcs15_object pubkey_obj;
114
115 memset(&pubkey_info, 0, sizeof(pubkey_info));
116 memset(&pubkey_obj, 0, sizeof(pubkey_obj));
117
118 sc_pkcs15_format_id(key->id, &pubkey_info.id);
119 if(!usage) usage = key->usage;
120 pubkey_info.usage = usage;
121 pubkey_info.native = 1;
122 pubkey_info.key_reference = key->ref;
123 if(!modulus_length) modulus_length = key->modulus_len;
124 pubkey_info.modulus_length= modulus_length;
125 /* we really don't know how many bits or module length,
126 * we will assume 1024 for now
127 */
128 sc_format_path(key->path, &pubkey_info.path);
129
130 strncpy(pubkey_obj.label, key->label, SC_PKCS15_MAX_LABEL_SIZE - 1);
131
132 pubkey_obj.flags = key->obj_flags;
133
134 if (key->auth_id)
135 sc_pkcs15_format_id(key->auth_id, &pubkey_obj.auth_id);
136
137 return sc_pkcs15emu_add_rsa_pubkey(p15card, &pubkey_obj, &pubkey_info);
138 }
139
140 /* int default_cert_handle(sc_pkcs15_card_t *p15card, p15data_items* items, cdata* cert, u8* data, size_t length) { */
CERT_HANDLE_FUNCTION(default_cert_handle)141 CERT_HANDLE_FUNCTION(default_cert_handle) {
142 /* Certificate data exists, parse it */
143 int r;
144 X509 *cert_data = NULL;
145 EVP_PKEY *pkey = NULL;
146 const RSA * rsa = NULL;
147 int certtype = 0;
148 int modulus_len = 0;
149 const prdata* key = get_prkey_by_cert(items, cert);
150 if(!key) {
151 sc_log(p15card->card->ctx, "Error: No key for this certificate");
152 return SC_ERROR_INTERNAL;
153 }
154
155 if(!d2i_X509(&cert_data, (const u8**)&data, length)) {
156 sc_log(p15card->card->ctx, "Error converting certificate");
157 return SC_ERROR_INTERNAL;
158 }
159
160 pkey = X509_get_pubkey(cert_data);
161
162 if(pkey == NULL) {
163 sc_log(p15card->card->ctx, "Error: no public key associated with the certificate");
164 r = SC_ERROR_INTERNAL;
165 goto err;
166 }
167
168 certtype = X509_certificate_type(cert_data, pkey);
169 if(! (EVP_PK_RSA & certtype)) {
170 sc_log(p15card->card->ctx, "Error: certificate is not for an RSA key");
171 r = SC_ERROR_INTERNAL;
172 goto err;
173 }
174 rsa = EVP_PKEY_get0_RSA(pkey);
175 if( rsa == NULL) {
176 sc_log(p15card->card->ctx, "Error: no modulus associated with the certificate");
177 r = SC_ERROR_INTERNAL;
178 goto err;
179 }
180
181 modulus_len = RSA_bits(rsa);
182
183 /* printf("Key Size: %d bits\n\n", modulus_len); */
184 /* cached_cert->modulusLength = modulus_len; */
185
186 if(key->label) {
187 int usage = 0;
188 if (certtype & EVP_PKT_SIGN) {
189 usage |= SC_PKCS15_PRKEY_USAGE_SIGN;
190 usage |= SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
191 }
192
193 if (certtype & EVP_PKT_ENC) {
194 usage |= SC_PKCS15_PRKEY_USAGE_ENCRYPT;
195 usage |= SC_PKCS15_PRKEY_USAGE_DECRYPT;
196 }
197 if (certtype & EVP_PKT_EXCH) {
198 usage |= SC_PKCS15_PRKEY_USAGE_WRAP;
199 usage |= SC_PKCS15_PRKEY_USAGE_UNWRAP;
200 }
201 r = add_private_key(p15card, key, usage, modulus_len);
202 if (r < 0)
203 goto err;
204 }
205 r = SC_SUCCESS;
206 err:
207 if(pkey) {
208 EVP_PKEY_free(pkey);
209 pkey = NULL;
210 }
211 if(cert_data) {
212 X509_free(cert_data);
213 cert_data = NULL;
214 }
215 LOG_FUNC_RETURN(p15card->card->ctx, r);
216 }
217
sc_pkcs15emu_initialize_certificates(sc_pkcs15_card_t * p15card,p15data_items * items)218 int sc_pkcs15emu_initialize_certificates(sc_pkcs15_card_t *p15card, p15data_items* items) {
219 /* set certs */
220 sc_card_t* card = p15card->card;
221 const cdata* certs = items->certs;
222 int onFailResume = items->cert_continue;
223 int i, r;
224 if(!certs) return SC_SUCCESS;
225 for (i = 0; certs[i].label; i++) {
226 struct sc_pkcs15_cert_info cert_info;
227 struct sc_pkcs15_object cert_obj;
228
229 memset(&cert_info, 0, sizeof(cert_info));
230 memset(&cert_obj, 0, sizeof(cert_obj));
231
232 sc_pkcs15_format_id(certs[i].id, &cert_info.id);
233 cert_info.authority = certs[i].authority;
234 sc_format_path(certs[i].path, &cert_info.path);
235
236 strncpy(cert_obj.label, certs[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1);
237 cert_obj.flags = certs[i].obj_flags;
238
239 if(items->cert_load) {
240 u8* cert_buffer = NULL;
241 size_t cert_length = 0;
242 int should_free = 0;
243 if(SC_SUCCESS != sc_select_file(card, &cert_info.path, NULL)) {
244 if(onFailResume)
245 continue;
246 else
247 break;
248 }
249 if(SC_SUCCESS != (r = items->cert_load(card, &cert_buffer, &cert_length, &should_free))) {
250 if(onFailResume)
251 continue;
252 else
253 break;
254 }
255 /* Handle cert */
256 /* If no cert handler, add.. if cert handler succeeds.. add */
257 if(!items->cert_handle || SC_SUCCESS == (r = items->cert_handle(p15card, items, &certs[i], cert_buffer, cert_length))) {
258 r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
259 }
260 if(should_free)
261 free(cert_buffer);
262 if(SC_SUCCESS != r) {
263 if(onFailResume)
264 continue;
265 else
266 break;
267 }
268 } else { /* Automatically add */
269 if(SC_SUCCESS != sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info)) {
270 if(onFailResume)
271 continue;
272 else
273 break;
274 }
275 }
276 }
277 return SC_SUCCESS;
278 }
279
sc_pkcs15emu_initialize_pins(sc_pkcs15_card_t * p15card,p15data_items * items)280 int sc_pkcs15emu_initialize_pins(sc_pkcs15_card_t *p15card, p15data_items* items) {
281 /* set pins */
282 int i,r;
283 const pindata* pins = items->pins;
284 if(!pins) return SC_SUCCESS;
285 for (i = 0; pins[i].label; i++) {
286 struct sc_pkcs15_auth_info pin_info;
287 struct sc_pkcs15_object pin_obj;
288
289 memset(&pin_info, 0, sizeof(pin_info));
290 memset(&pin_obj, 0, sizeof(pin_obj));
291
292 pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
293 sc_pkcs15_format_id(pins[i].id, &pin_info.auth_id);
294
295 pin_info.attrs.pin.reference = pins[i].ref;
296 pin_info.attrs.pin.flags = pins[i].flags;
297 pin_info.attrs.pin.type = pins[i].type;
298 pin_info.attrs.pin.min_length = pins[i].minlen;
299 pin_info.attrs.pin.stored_length = pins[i].storedlen;
300 pin_info.attrs.pin.max_length = pins[i].maxlen;
301 pin_info.attrs.pin.pad_char = pins[i].pad_char;
302
303 sc_format_path(pins[i].path, &pin_info.path);
304 pin_info.tries_left = -1;
305
306 strncpy(pin_obj.label, pins[i].label, SC_PKCS15_MAX_LABEL_SIZE - 1);
307 pin_obj.flags = pins[i].obj_flags;
308
309 if(0 > (r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info)))
310 LOG_FUNC_RETURN(p15card->card->ctx, r);
311 }
312 return SC_SUCCESS;
313 }
314
sc_pkcs15emu_initialize_private_keys(sc_pkcs15_card_t * p15card,p15data_items * items)315 int sc_pkcs15emu_initialize_private_keys(sc_pkcs15_card_t *p15card, p15data_items* items) {
316 const prdata *prkeys = items->private_keys;
317 int i, r;
318 if(!prkeys) return SC_SUCCESS;
319 /* set private keys */
320 for (i = 0; prkeys[i].label; i++) {
321 r = add_private_key(p15card, &prkeys[i], 0, 0);
322 if (r < 0)
323 LOG_FUNC_RETURN(p15card->card->ctx, r);
324 }
325 return SC_SUCCESS;
326 }
327
sc_pkcs15emu_initialize_public_keys(sc_pkcs15_card_t * p15card,p15data_items * items)328 int sc_pkcs15emu_initialize_public_keys(sc_pkcs15_card_t *p15card, p15data_items *items) {
329 const pubdata *keys = items->public_keys;
330 int i, r;
331 if(!keys) return SC_SUCCESS;
332 /* set public keys */
333 for (i = 0; keys[i].label; i++) {
334 r = add_public_key(p15card, &keys[i], 0, 0);
335 if (r < 0)
336 LOG_FUNC_RETURN(p15card->card->ctx, r);
337 }
338 return SC_SUCCESS;
339
340 }
341
sc_pkcs15emu_initialize_all(sc_pkcs15_card_t * p15card,p15data_items * items)342 int sc_pkcs15emu_initialize_all(sc_pkcs15_card_t *p15card, p15data_items* items) {
343 int r;
344 if(SC_SUCCESS != (r = sc_pkcs15emu_initialize_objects(p15card, items)))
345 return r;
346 if(SC_SUCCESS != (r = sc_pkcs15emu_initialize_certificates(p15card, items)))
347 return r;
348 if(SC_SUCCESS != (r = sc_pkcs15emu_initialize_pins(p15card, items)))
349 return r;
350
351 if(items->forced_private && (SC_SUCCESS != (r = sc_pkcs15emu_initialize_private_keys(p15card, items))))
352 return r;
353 if(items->forced_public && (SC_SUCCESS != (r = sc_pkcs15emu_initialize_public_keys(p15card, items))))
354 return r;
355 return SC_SUCCESS;
356 }
357
358 #endif /* ENABLE_OPENSSL */
359