2 * openpgp-do.c -- OpenPGP card Data Objects (DO) handling
4 * Copyright (C) 2010, 2011, 2012 Free Software Initiative of Japan
5 * Author: NIIBE Yutaka <gniibe@fsij.org>
7 * This file is a part of Gnuk, a GnuPG USB Token implementation.
9 * Gnuk is free software: you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
14 * Gnuk is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
17 * License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
32 #include "polarssl/config.h"
33 #include "polarssl/aes.h"
34 #include "polarssl/sha1.h"
36 #define PASSWORD_ERRORS_MAX 3 /* >= errors, it will be locked */
37 static const uint8_t *pw_err_counter_p[3];
40 gpg_pw_get_err_counter (uint8_t which)
42 return flash_cnt123_get_value (pw_err_counter_p[which]);
46 gpg_pw_locked (uint8_t which)
48 if (gpg_pw_get_err_counter (which) >= PASSWORD_ERRORS_MAX)
55 gpg_pw_reset_err_counter (uint8_t which)
57 flash_cnt123_clear (&pw_err_counter_p[which]);
58 if (pw_err_counter_p[which] != NULL)
59 GPG_MEMORY_FAILURE ();
63 gpg_pw_increment_err_counter (uint8_t which)
65 flash_cnt123_increment (which, &pw_err_counter_p[which]);
69 uint16_t data_objects_number_of_bytes;
73 * Historical Bytes (template), Extended Capabilities,
74 * and Algorithm Attributes
77 /* Historical Bytes (template) */
78 static const uint8_t historical_bytes[] __attribute__ ((aligned (1))) = {
81 0x31, 0x84, /* Full DF name, GET DATA, MF */
83 0x80, 0x01, 0x80, /* Full DF name */
85 /* Command chaining, No extended Lc and Le */
86 0x00, 0x90, 0x00 /* Status info (no life cycle management) */
89 /* Extended Capabilities */
90 static const uint8_t extended_capabilities[] __attribute__ ((aligned (1))) = {
95 * Key import supported,
96 * PW status byte can be put,
98 * No algo change allowed
100 0, /* Secure Messaging Algorithm: N/A (TDES=0, AES=1) */
101 0x00, 0x00, /* Max get challenge (0: Get challenge not supported) */
102 #ifdef CERTDO_SUPPORT
103 0x08, 0x00, /* max. length of cardholder certificate (2KiB) */
107 /* Max. length of command APDU data */
109 /* Max. length of response APDU data */
113 /* Algorithm Attributes */
114 static const uint8_t algorithm_attr[] __attribute__ ((aligned (1))) = {
117 0x08, 0x00, /* Length modulus (in bit): 2048 */
118 0x00, 0x20, /* Length exponent (in bit): 32 */
119 0x00 /* 0: p&q , 3: CRT with N (not yet supported) */
122 #define PW_LEN_MAX 127
124 * Representation of PW1_LIFETIME:
125 * 0: PW1_LIEFTIME_P == NULL : PW1 is valid for single PSO:CDS command
126 * 1: PW1_LIEFTIME_P != NULL : PW1 is valid for several PSO:CDS commands
128 * The address in the variable PW1_LIEFTIME_P is used when filling zero
131 static const uint8_t *pw1_lifetime_p;
134 gpg_get_pw1_lifetime (void)
136 if (pw1_lifetime_p == NULL)
143 static uint32_t digital_signature_counter;
145 static const uint8_t *
146 gpg_write_digital_signature_counter (const uint8_t *p, uint32_t dsc)
150 if ((dsc >> 10) == 0)
151 { /* no upper bits */
152 hw1 = NR_COUNTER_DS_LSB | ((dsc & 0x0300) >> 8) | ((dsc & 0x00ff) << 8);
153 flash_put_data_internal (p, hw1);
158 hw0 = NR_COUNTER_DS | ((dsc & 0xfc0000) >> 18) | ((dsc & 0x03fc00) >> 2);
159 hw1 = NR_COUNTER_DS_LSB;
160 flash_put_data_internal (p, hw0);
161 flash_put_data_internal (p+2, hw1);
167 gpg_reset_digital_signature_counter (void)
169 if (digital_signature_counter != 0)
171 flash_put_data (NR_COUNTER_DS);
172 flash_put_data (NR_COUNTER_DS_LSB);
173 digital_signature_counter = 0;
178 gpg_increment_digital_signature_counter (void)
181 uint32_t dsc = (digital_signature_counter + 1) & 0x00ffffff;
183 if ((dsc & 0x03ff) == 0)
184 { /* carry occurs from l10 to h14 */
185 hw0 = NR_COUNTER_DS | ((dsc & 0xfc0000) >> 18) | ((dsc & 0x03fc00) >> 2);
186 hw1 = NR_COUNTER_DS_LSB; /* zero */
187 flash_put_data (hw0);
188 flash_put_data (hw1);
192 hw1 = NR_COUNTER_DS_LSB | ((dsc & 0x0300) >> 8) | ((dsc & 0x00ff) << 8);
193 flash_put_data (hw1);
196 digital_signature_counter = dsc;
198 if (gpg_get_pw1_lifetime () == 0)
203 #define SIZE_FINGER_PRINT 20
204 #define SIZE_KEYGEN_TIME 4 /* RFC4880 */
215 struct do_table_entry {
217 enum do_type do_type;
223 static uint8_t *res_p;
225 static void copy_do_1 (uint16_t tag, const uint8_t *do_data, int with_tag);
226 static const struct do_table_entry *get_do_entry (uint16_t tag);
228 #define GPG_DO_AID 0x004f
229 #define GPG_DO_NAME 0x005b
230 #define GPG_DO_LOGIN_DATA 0x005e
231 #define GPG_DO_CH_DATA 0x0065
232 #define GPG_DO_APP_DATA 0x006e
233 /* XXX: 0x0073 ??? */
234 #define GPG_DO_SS_TEMP 0x007a
235 #define GPG_DO_DS_COUNT 0x0093
236 #define GPG_DO_EXTCAP 0x00c0
237 #define GPG_DO_ALG_SIG 0x00c1
238 #define GPG_DO_ALG_DEC 0x00c2
239 #define GPG_DO_ALG_AUT 0x00c3
240 #define GPG_DO_PW_STATUS 0x00c4
241 #define GPG_DO_FP_ALL 0x00c5
242 #define GPG_DO_CAFP_ALL 0x00c6
243 #define GPG_DO_FP_SIG 0x00c7
244 #define GPG_DO_FP_DEC 0x00c8
245 #define GPG_DO_FP_AUT 0x00c9
246 #define GPG_DO_CAFP_1 0x00ca
247 #define GPG_DO_CAFP_2 0x00cb
248 #define GPG_DO_CAFP_3 0x00cc
249 #define GPG_DO_KGTIME_ALL 0x00cd
250 #define GPG_DO_KGTIME_SIG 0x00ce
251 #define GPG_DO_KGTIME_DEC 0x00cf
252 #define GPG_DO_KGTIME_AUT 0x00d0
253 #define GPG_DO_RESETTING_CODE 0x00d3
254 #define GPG_DO_KEY_IMPORT 0x3fff
255 #define GPG_DO_LANGUAGE 0x5f2d
256 #define GPG_DO_SEX 0x5f35
257 #define GPG_DO_URL 0x5f50
258 #define GPG_DO_HIST_BYTES 0x5f52
259 #define GPG_DO_CH_CERTIFICATE 0x7f21
261 static const uint8_t *do_ptr[NR_DO__LAST__];
264 do_tag_to_nr (uint16_t tag)
282 case GPG_DO_KGTIME_SIG:
283 return NR_DO_KGTIME_SIG;
284 case GPG_DO_KGTIME_DEC:
285 return NR_DO_KGTIME_DEC;
286 case GPG_DO_KGTIME_AUT:
287 return NR_DO_KGTIME_AUT;
288 case GPG_DO_LOGIN_DATA:
289 return NR_DO_LOGIN_DATA;
294 case GPG_DO_LANGUAGE:
295 return NR_DO_LANGUAGE;
302 copy_tag (uint16_t tag)
305 *res_p++ = (tag & 0xff);
308 *res_p++ = (tag >> 8);
309 *res_p++ = (tag & 0xff);
314 do_hist_bytes (uint16_t tag, int with_tag)
316 /* XXX: For now, no life cycle management, just return template as is. */
317 /* XXX: Supporing TERMINATE DF / ACTIVATE FILE, we need to fix here */
318 copy_do_1 (tag, historical_bytes, with_tag);
323 #define SIZE_KGTIME 4
326 do_fp_all (uint16_t tag, int with_tag)
333 *res_p++ = SIZE_FP*3;
336 data = gpg_do_read_simple (NR_DO_FP_SIG);
338 memcpy (res_p, data, SIZE_FP);
340 memset (res_p, 0, SIZE_FP);
343 data = gpg_do_read_simple (NR_DO_FP_DEC);
345 memcpy (res_p, data, SIZE_FP);
347 memset (res_p, 0, SIZE_FP);
350 data = gpg_do_read_simple (NR_DO_FP_AUT);
352 memcpy (res_p, data, SIZE_FP);
354 memset (res_p, 0, SIZE_FP);
360 do_cafp_all (uint16_t tag, int with_tag)
367 *res_p++ = SIZE_FP*3;
370 data = gpg_do_read_simple (NR_DO_CAFP_1);
372 memcpy (res_p, data, SIZE_FP);
374 memset (res_p, 0, SIZE_FP);
377 data = gpg_do_read_simple (NR_DO_CAFP_2);
379 memcpy (res_p, data, SIZE_FP);
381 memset (res_p, 0, SIZE_FP);
384 data = gpg_do_read_simple (NR_DO_CAFP_2);
386 memcpy (res_p, data, SIZE_FP);
388 memset (res_p, 0, SIZE_FP);
394 do_kgtime_all (uint16_t tag, int with_tag)
401 *res_p++ = SIZE_KGTIME*3;
404 data = gpg_do_read_simple (NR_DO_KGTIME_SIG);
406 memcpy (res_p, data, SIZE_KGTIME);
408 memset (res_p, 0, SIZE_KGTIME);
409 res_p += SIZE_KGTIME;
411 data = gpg_do_read_simple (NR_DO_KGTIME_DEC);
413 memcpy (res_p, data, SIZE_KGTIME);
415 memset (res_p, 0, SIZE_KGTIME);
416 res_p += SIZE_KGTIME;
418 data = gpg_do_read_simple (NR_DO_KGTIME_AUT);
420 memcpy (res_p, data, SIZE_KGTIME);
422 memset (res_p, 0, SIZE_KGTIME);
423 res_p += SIZE_KGTIME;
427 const uint8_t openpgpcard_aid[] = {
428 0xd2, 0x76, /* D: National, 276: DEU ISO 3166-1 */
429 0x00, 0x01, 0x24, /* Registered Application Provider Identifier */
430 0x01, /* Application: OpenPGPcard */
431 0x02, 0x00, /* Version 2.0 */
432 /* v. id */ /* serial number */
433 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* To be overwritten */
437 do_openpgpcard_aid (uint16_t tag, int with_tag)
439 uint16_t vid = *((const volatile uint16_t *)&openpgpcard_aid[8]);
447 if (vid == 0xffff || vid == 0x0000)
449 const uint8_t *u = unique_device_id ();
451 memcpy (res_p, openpgpcard_aid, 8);
454 /* vid == 0xfffe: serial number is random byte */
457 memcpy (res_p, u, 4);
462 memcpy (res_p, openpgpcard_aid, 14);
473 do_ds_count (uint16_t tag, int with_tag)
481 *res_p++ = (digital_signature_counter >> 16) & 0xff;
482 *res_p++ = (digital_signature_counter >> 8) & 0xff;
483 *res_p++ = digital_signature_counter & 0xff;
488 rw_pw_status (uint16_t tag, int with_tag,
489 const uint8_t *data, int len, int is_write)
493 (void)len; /* Should be SIZE_PW_STATUS_BYTES */
495 /* Only the first byte of DATA is checked */
498 flash_bool_clear (&pw1_lifetime_p);
499 if (pw1_lifetime_p == NULL)
506 pw1_lifetime_p = flash_bool_write (NR_BOOL_PW1_LIFETIME);
507 if (pw1_lifetime_p != NULL)
518 *res_p++ = SIZE_PW_STATUS_BYTES;
521 *res_p++ = gpg_get_pw1_lifetime ();
522 *res_p++ = PW_LEN_MAX;
523 *res_p++ = PW_LEN_MAX;
524 *res_p++ = PW_LEN_MAX;
525 *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1);
526 *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC);
527 *res_p++ = PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3);
533 proc_resetting_code (const uint8_t *data, int len)
535 const uint8_t *old_ks = keystring_md_pw3;
536 uint8_t new_ks0[KEYSTRING_MD_SIZE+1];
537 uint8_t *new_ks = &new_ks0[1];
538 const uint8_t *newpw;
542 DEBUG_INFO ("Resetting Code!\r\n");
546 sha1 (newpw, newpw_len, new_ks);
547 new_ks0[0] = newpw_len;
548 r = gpg_change_keystring (admin_authorized, old_ks, BY_RESETCODE, new_ks);
551 DEBUG_INFO ("memory error.\r\n");
556 DEBUG_INFO ("security error.\r\n");
561 DEBUG_INFO ("done (no prvkey).\r\n");
562 gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, KEYSTRING_SIZE_RC);
566 DEBUG_INFO ("done.\r\n");
567 gpg_do_write_simple (NR_DO_KEYSTRING_RC, new_ks0, 1);
570 gpg_pw_reset_err_counter (PW_ERR_RC);
575 encrypt (const uint8_t *key_str, uint8_t *data, int len)
581 DEBUG_INFO ("ENC\r\n");
582 DEBUG_BINARY (data, len);
584 aes_setkey_enc (&aes, key_str, 128);
587 aes_crypt_cfb128 (&aes, AES_ENCRYPT, len, &iv_offset, iv, data, data);
590 /* Signing, Decryption, and Authentication */
591 struct key_data kd[3];
594 decrypt (const uint8_t *key_str, uint8_t *data, int len)
600 aes_setkey_enc (&aes, key_str, 128);
603 aes_crypt_cfb128 (&aes, AES_DECRYPT, len, &iv_offset, iv, data, data);
605 DEBUG_INFO ("DEC\r\n");
606 DEBUG_BINARY (data, len);
610 get_do_ptr_nr_for_kk (enum kind_of_key kk)
614 case GPG_KEY_FOR_SIGNING:
615 return NR_DO_PRVKEY_SIG;
616 case GPG_KEY_FOR_DECRYPTION:
617 return NR_DO_PRVKEY_DEC;
618 case GPG_KEY_FOR_AUTHENTICATION:
619 return NR_DO_PRVKEY_AUT;
621 return NR_DO_PRVKEY_SIG;
625 gpg_do_clear_prvkey (enum kind_of_key kk)
627 memset ((void *)&kd[kk], 0, sizeof (struct key_data));
631 * Return 1 on success,
636 gpg_do_load_prvkey (enum kind_of_key kk, int who, const uint8_t *keystring)
638 uint8_t nr = get_do_ptr_nr_for_kk (kk);
639 const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
641 uint8_t dek[DATA_ENCRYPTION_KEY_SIZE];
642 struct key_data_internal kdi;
644 DEBUG_INFO ("Loading private key: ");
650 key_addr = *(uint8_t **)&(do_data)[1];
651 memcpy (kdi.data, key_addr, KEY_CONTENT_LEN);
652 memcpy (((uint8_t *)&kdi.check), do_data+5, ADDITIONAL_DATA_SIZE);
654 memcpy (dek, do_data+5+16*who, DATA_ENCRYPTION_KEY_SIZE);
655 decrypt (keystring, dek, DATA_ENCRYPTION_KEY_SIZE);
657 decrypt (dek, (uint8_t *)&kdi, sizeof (struct key_data_internal));
658 if (memcmp (kdi.magic, GNUK_MAGIC, KEY_MAGIC_LEN) != 0)
660 DEBUG_INFO ("gpg_do_load_prvkey failed.\r\n");
663 /* more sanity check??? */
665 memcpy (kd[kk].data, kdi.data, KEY_CONTENT_LEN);
666 DEBUG_BINARY (&kd[kk], KEY_CONTENT_LEN);
671 calc_check32 (const uint8_t *p, int len)
674 uint32_t *data = (uint32_t *)p;
677 for (i = 0; i < len/4; i++)
683 static int8_t num_prv_keys;
686 gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, int key_len,
687 const uint8_t *keystring_admin, const uint8_t *modulus)
689 uint8_t nr = get_do_ptr_nr_for_kk (kk);
692 struct prvkey_data *pd;
695 const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
696 const uint8_t *ks_pw1;
697 const uint8_t *ks_rc;
698 struct key_data_internal kdi;
699 int modulus_allocated_here = 0;
701 DEBUG_INFO ("Key import\r\n");
702 DEBUG_SHORT (key_len);
705 /* No replace support, you need to remove it first. */
708 if (key_len != KEY_CONTENT_LEN)
711 pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data));
717 modulus = modulus_calc (key_data, key_len);
724 modulus_allocated_here = 1;
727 DEBUG_INFO ("Getting keystore address...\r\n");
728 key_addr = flash_key_alloc ();
729 if (key_addr == NULL)
732 if (modulus_allocated_here)
733 modulus_free (modulus);
737 DEBUG_INFO ("key_addr: ");
738 DEBUG_WORD ((uint32_t)key_addr);
740 memcpy (kdi.data, key_data, KEY_CONTENT_LEN);
741 kdi.check = calc_check32 (key_data, KEY_CONTENT_LEN);
742 kdi.random = get_salt ();
743 memcpy (kdi.magic, GNUK_MAGIC, KEY_MAGIC_LEN);
745 dek = random_bytes_get (); /* 16-byte random bytes */
746 memcpy (pd->dek_encrypted_1, dek, DATA_ENCRYPTION_KEY_SIZE);
747 memcpy (pd->dek_encrypted_2, dek, DATA_ENCRYPTION_KEY_SIZE);
748 memcpy (pd->dek_encrypted_3, dek, DATA_ENCRYPTION_KEY_SIZE);
749 ks_pw1 = gpg_do_read_simple (NR_DO_KEYSTRING_PW1);
750 ks_rc = gpg_do_read_simple (NR_DO_KEYSTRING_RC);
752 encrypt (dek, (uint8_t *)&kdi, sizeof (struct key_data_internal));
754 r = flash_key_write (key_addr, kdi.data, modulus);
755 if (modulus_allocated_here)
756 modulus_free (modulus);
760 random_bytes_free (dek);
765 pd->key_addr = key_addr;
766 memcpy (pd->crm_encrypted, (uint8_t *)&kdi.check, ADDITIONAL_DATA_SIZE);
768 if (kk == GPG_KEY_FOR_SIGNING)
771 gpg_reset_digital_signature_counter ();
777 encrypt (ks_pw1+1, pd->dek_encrypted_1, DATA_ENCRYPTION_KEY_SIZE);
780 uint8_t ks123_pw1[KEYSTRING_SIZE_PW1];
782 ks123_pw1[0] = strlen (OPENPGP_CARD_INITIAL_PW1);
783 sha1 ((uint8_t *)OPENPGP_CARD_INITIAL_PW1,
784 strlen (OPENPGP_CARD_INITIAL_PW1), ks123_pw1+1);
785 encrypt (ks123_pw1+1, pd->dek_encrypted_1, DATA_ENCRYPTION_KEY_SIZE);
789 encrypt (ks_rc+1, pd->dek_encrypted_2, DATA_ENCRYPTION_KEY_SIZE);
791 memset (pd->dek_encrypted_2, 0, DATA_ENCRYPTION_KEY_SIZE);
794 encrypt (keystring_admin, pd->dek_encrypted_3, DATA_ENCRYPTION_KEY_SIZE);
796 memset (pd->dek_encrypted_3, 0, DATA_ENCRYPTION_KEY_SIZE);
798 p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
799 do_ptr[nr - NR_DO__FIRST__] = p;
801 random_bytes_free (dek);
806 if (++num_prv_keys == NUM_ALL_PRV_KEYS) /* All keys are registered. */
808 /* Remove contents of keystrings from DO, but length */
811 uint8_t ks_pw1_len = ks_pw1[0];
812 gpg_do_write_simple (NR_DO_KEYSTRING_PW1, &ks_pw1_len, 1);
817 uint8_t ks_rc_len = ks_rc[0];
818 gpg_do_write_simple (NR_DO_KEYSTRING_RC, &ks_rc_len, 1);
826 gpg_do_chks_prvkey (enum kind_of_key kk,
827 int who_old, const uint8_t *old_ks,
828 int who_new, const uint8_t *new_ks)
830 uint8_t nr = get_do_ptr_nr_for_kk (kk);
831 const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
832 uint8_t dek[DATA_ENCRYPTION_KEY_SIZE];
833 struct prvkey_data *pd;
838 return 0; /* No private key */
840 pd = (struct prvkey_data *)malloc (sizeof (struct prvkey_data));
844 memcpy (pd, &(do_data)[1], sizeof (struct prvkey_data));
845 dek_p = ((uint8_t *)pd) + 4 + ADDITIONAL_DATA_SIZE
846 + DATA_ENCRYPTION_KEY_SIZE * (who_old - 1);
847 memcpy (dek, dek_p, DATA_ENCRYPTION_KEY_SIZE);
848 decrypt (old_ks, dek, DATA_ENCRYPTION_KEY_SIZE);
849 encrypt (new_ks, dek, DATA_ENCRYPTION_KEY_SIZE);
850 dek_p += DATA_ENCRYPTION_KEY_SIZE * (who_new - who_old);
851 memcpy (dek_p, dek, DATA_ENCRYPTION_KEY_SIZE);
853 p = flash_do_write (nr, (const uint8_t *)pd, sizeof (struct prvkey_data));
854 do_ptr[nr - NR_DO__FIRST__] = p;
856 flash_do_release (do_data);
865 * 4d, xx, xx, xx: Extended Header List
866 * b6 00 (SIG) / b8 00 (DEC) / a4 00 (AUT)
867 * 7f48, xx: cardholder private key template
871 * 5f48, xx xx xx: cardholder private key
874 proc_key_import (const uint8_t *data, int len)
878 const uint8_t *keystring_admin;
879 const uint8_t *p = data;
881 if (admin_authorized == BY_ADMIN)
882 keystring_admin = keystring_md_pw3;
884 keystring_admin = NULL;
886 DEBUG_BINARY (data, len);
900 kk = GPG_KEY_FOR_SIGNING;
902 kk = GPG_KEY_FOR_DECRYPTION;
904 kk = GPG_KEY_FOR_AUTHENTICATION;
907 { /* Deletion of the key */
908 uint8_t nr = get_do_ptr_nr_for_kk (kk);
909 const uint8_t *do_data = do_ptr[nr - NR_DO__FIRST__];
914 do_ptr[nr - NR_DO__FIRST__] = NULL;
915 flash_do_release (do_data);
917 if (--num_prv_keys == 0)
919 flash_keystore_release ();
921 /* Delete PW1 and RC if any */
922 gpg_do_write_simple (NR_DO_KEYSTRING_PW1, NULL, 0);
923 gpg_do_write_simple (NR_DO_KEYSTRING_RC, NULL, 0);
929 /* It should starts with 00 01 00 01 (E) */
931 r = gpg_do_write_prvkey (kk, &data[26], len - 26, keystring_admin, NULL);
938 static const uint16_t cmp_ch_data[] = {
945 static const uint16_t cmp_app_data[] = {
949 /* XXX Discretionary data objects 0x0073 ??? */
951 GPG_DO_ALG_SIG, GPG_DO_ALG_DEC, GPG_DO_ALG_AUT,
953 GPG_DO_FP_ALL, GPG_DO_CAFP_ALL, GPG_DO_KGTIME_ALL
956 static const uint16_t cmp_ss_temp[] = { 1, GPG_DO_DS_COUNT };
958 static const struct do_table_entry
960 /* Variables: Fixed size */
961 { GPG_DO_SEX, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[0] },
962 { GPG_DO_FP_SIG, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[1] },
963 { GPG_DO_FP_DEC, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[2] },
964 { GPG_DO_FP_AUT, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[3] },
965 { GPG_DO_CAFP_1, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[4] },
966 { GPG_DO_CAFP_2, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[5] },
967 { GPG_DO_CAFP_3, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[6] },
968 { GPG_DO_KGTIME_SIG, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[7] },
969 { GPG_DO_KGTIME_DEC, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[8] },
970 { GPG_DO_KGTIME_AUT, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[9] },
971 /* Variables: Variable size */
972 { GPG_DO_LOGIN_DATA, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[10] },
973 { GPG_DO_URL, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[11] },
974 { GPG_DO_NAME, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[12] },
975 { GPG_DO_LANGUAGE, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, &do_ptr[13] },
976 /* Pseudo DO READ: calculated */
977 { GPG_DO_HIST_BYTES, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_hist_bytes },
978 { GPG_DO_FP_ALL, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_fp_all },
979 { GPG_DO_CAFP_ALL, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_cafp_all },
980 { GPG_DO_KGTIME_ALL, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_kgtime_all },
981 /* Pseudo DO READ: calculated, not changeable by user */
982 { GPG_DO_DS_COUNT, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_ds_count },
983 { GPG_DO_AID, DO_PROC_READ, AC_ALWAYS, AC_NEVER, do_openpgpcard_aid },
984 /* Pseudo DO READ/WRITE: calculated */
985 { GPG_DO_PW_STATUS, DO_PROC_READWRITE, AC_ALWAYS, AC_ADMIN_AUTHORIZED,
988 { GPG_DO_EXTCAP, DO_FIXED, AC_ALWAYS, AC_NEVER, extended_capabilities },
989 { GPG_DO_ALG_SIG, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
990 { GPG_DO_ALG_DEC, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
991 { GPG_DO_ALG_AUT, DO_FIXED, AC_ALWAYS, AC_NEVER, algorithm_attr },
992 /* Compound data: Read access only */
993 { GPG_DO_CH_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ch_data },
994 { GPG_DO_APP_DATA, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_app_data },
995 { GPG_DO_SS_TEMP, DO_CMP_READ, AC_ALWAYS, AC_NEVER, cmp_ss_temp },
996 /* Simple data: write access only */
997 { GPG_DO_RESETTING_CODE, DO_PROC_WRITE, AC_NEVER, AC_ADMIN_AUTHORIZED,
998 proc_resetting_code },
999 /* Compound data: Write access only */
1000 { GPG_DO_KEY_IMPORT, DO_PROC_WRITE, AC_NEVER, AC_ADMIN_AUTHORIZED,
1003 /* Card holder certificate is handled in special way, as its size is big */
1004 { GPG_DO_CH_CERTIFICATE, DO_VAR, AC_ALWAYS, AC_ADMIN_AUTHORIZED, NULL },
1008 #define NUM_DO_ENTRIES (int)(sizeof (gpg_do_table) \
1009 / sizeof (struct do_table_entry))
1012 * Reading data from Flash ROM, initialize DO_PTR, PW_ERR_COUNTERS, etc.
1015 gpg_data_scan (const uint8_t *p_start)
1019 const uint8_t *dsc_h14_p, *dsc_l10_p;
1020 int dsc_h14, dsc_l10;
1022 dsc_h14_p = dsc_l10_p = NULL;
1023 pw1_lifetime_p = NULL;
1024 pw_err_counter_p[PW_ERR_PW1] = NULL;
1025 pw_err_counter_p[PW_ERR_RC] = NULL;
1026 pw_err_counter_p[PW_ERR_PW3] = NULL;
1028 /* Traverse DO, counters, etc. in DATA pool */
1030 while (*p != NR_EMPTY)
1033 uint8_t second_byte = *p;
1035 if (nr == 0x00 && second_byte == 0x00)
1036 p++; /* Skip released word */
1041 /* It's Data Object */
1042 do_ptr[nr - NR_DO__FIRST__] = p;
1043 p += second_byte + 1; /* second_byte has length */
1045 if (((uint32_t)p & 1))
1048 else if (nr >= 0x80 && nr <= 0xbf)
1049 /* Encoded data of Digital Signature Counter: upper 14-bit */
1054 else if (nr >= 0xc0 && nr <= 0xc3)
1055 /* Encoded data of Digital Signature Counter: lower 10-bit */
1063 case NR_BOOL_PW1_LIFETIME:
1064 pw1_lifetime_p = p - 1;
1067 case NR_COUNTER_123:
1069 if (second_byte <= PW_ERR_PW3)
1070 pw_err_counter_p[second_byte] = p;
1077 flash_set_data_pool_last (p);
1080 if (do_ptr[NR_DO_PRVKEY_SIG - NR_DO__FIRST__] != NULL)
1082 if (do_ptr[NR_DO_PRVKEY_DEC - NR_DO__FIRST__] != NULL)
1084 if (do_ptr[NR_DO_PRVKEY_AUT - NR_DO__FIRST__] != NULL)
1087 data_objects_number_of_bytes = 0;
1088 for (i = NR_DO__FIRST__; i < NR_DO__LAST__; i++)
1089 if (do_ptr[i - NR_DO__FIRST__] != NULL)
1090 data_objects_number_of_bytes += *do_ptr[i - NR_DO__FIRST__];
1092 if (dsc_l10_p == NULL)
1095 dsc_l10 = ((*dsc_l10_p - 0xc0) << 8) | *(dsc_l10_p + 1);
1097 if (dsc_h14_p == NULL)
1101 dsc_h14 = ((*dsc_h14_p - 0x80) << 8) | *(dsc_h14_p + 1);
1102 if (dsc_l10_p == NULL)
1103 DEBUG_INFO ("something wrong in DSC\r\n"); /* weird??? */
1104 else if (dsc_l10_p < dsc_h14_p)
1105 /* Possibly, power off during writing dsc_l10 */
1109 digital_signature_counter = (dsc_h14 << 10) | dsc_l10;
1113 * Write all data to newly allocated Flash ROM page (from P_START),
1114 * updating PW1_LIFETIME_P, PW_ERR_COUNTER_P, and DO_PTR.
1115 * Called by flash_copying_gc.
1118 gpg_data_copy (const uint8_t *p_start)
1124 p = gpg_write_digital_signature_counter (p_start, digital_signature_counter);
1126 if (pw1_lifetime_p != NULL)
1128 flash_bool_write_internal (p, NR_BOOL_PW1_LIFETIME);
1133 for (i = 0; i < 3; i++)
1134 if ((v = flash_cnt123_get_value (pw_err_counter_p[i])) != 0)
1136 flash_cnt123_write_internal (p, i, v);
1137 pw_err_counter_p[i] = p + 2;
1141 data_objects_number_of_bytes = 0;
1142 for (i = NR_DO__FIRST__; i < NR_DO__LAST__; i++)
1143 if (do_ptr[i - NR_DO__FIRST__] != NULL)
1145 const uint8_t *do_data = do_ptr[i - NR_DO__FIRST__];
1146 int len = do_data[0];
1148 flash_do_write_internal (p, i, &do_data[1], len);
1149 do_ptr[i - NR_DO__FIRST__] = p + 1;
1150 p += 2 + ((len + 1) & ~1);
1151 data_objects_number_of_bytes += len;
1154 flash_set_data_pool_last (p);
1157 static const struct do_table_entry *
1158 get_do_entry (uint16_t tag)
1162 for (i = 0; i < NUM_DO_ENTRIES; i++)
1163 if (gpg_do_table[i].tag == tag)
1164 return &gpg_do_table[i];
1170 copy_do_1 (uint16_t tag, const uint8_t *do_data, int with_tag)
1178 if (do_data[0] >= 128)
1181 len = do_data[0] + 1;
1189 memcpy (res_p, do_data, len);
1194 copy_do (const struct do_table_entry *do_p, int with_tag)
1199 if (!ac_check_status (do_p->ac_read))
1202 switch (do_p->do_type)
1206 const uint8_t *do_data = (const uint8_t *)do_p->obj;
1207 if (do_data == NULL)
1210 copy_do_1 (do_p->tag, do_data, with_tag);
1215 const uint8_t *do_data = *(const uint8_t **)do_p->obj;
1216 if (do_data == NULL)
1219 copy_do_1 (do_p->tag, do_data, with_tag);
1225 const uint16_t *cmp_data = (const uint16_t *)do_p->obj;
1226 int num_components = cmp_data[0];
1227 uint8_t *len_p = NULL;
1231 copy_tag (do_p->tag);
1232 *res_p++ = 0x81; /* Assume it's less than 256 */
1234 *res_p++ = 0; /* for now */
1237 for (i = 0; i < num_components; i++)
1240 const struct do_table_entry *do0_p;
1242 tag0 = cmp_data[i+1];
1243 do0_p = get_do_entry (tag0);
1244 if (copy_do (do0_p, 1) < 0)
1249 *len_p = res_p - len_p - 1;
1254 int (*do_func)(uint16_t, int) = (int (*)(uint16_t, int))do_p->obj;
1256 return do_func (do_p->tag, with_tag);
1258 case DO_PROC_READWRITE:
1260 int (*rw_func)(uint16_t, int, uint8_t *, int, int)
1261 = (int (*)(uint16_t, int, uint8_t *, int, int))do_p->obj;
1263 return rw_func (do_p->tag, with_tag, NULL, 0, 0);
1273 * Process GET_DATA request on Data Object specified by TAG
1274 * Call write_res_adpu to fill data returned
1277 gpg_do_get_data (uint16_t tag, int with_tag)
1279 #if defined(CERTDO_SUPPORT)
1280 if (tag == GPG_DO_CH_CERTIFICATE)
1282 apdu.res_apdu_data = &ch_certificate_start;
1283 apdu.res_apdu_data_len = ((apdu.res_apdu_data[2] << 8) | apdu.res_apdu_data[3]);
1284 if (apdu.res_apdu_data_len == 0xffff)
1286 apdu.res_apdu_data_len = 0;
1290 /* Add length of (tag+len) */
1291 apdu.res_apdu_data_len += 4;
1296 const struct do_table_entry *do_p = get_do_entry (tag);
1305 if (copy_do (do_p, with_tag) < 0)
1306 /* Overwriting partially written result */
1307 GPG_SECURITY_FAILURE ();
1310 res_APDU_size = res_p - res_APDU;
1320 gpg_do_put_data (uint16_t tag, const uint8_t *data, int len)
1322 const struct do_table_entry *do_p = get_do_entry (tag);
1329 if (!ac_check_status (do_p->ac_write))
1331 GPG_SECURITY_FAILURE ();
1335 switch (do_p->do_type)
1340 GPG_SECURITY_FAILURE ();
1344 const uint8_t **do_data_p = (const uint8_t **)do_p->obj;
1347 flash_do_release (*do_data_p);
1353 GPG_MEMORY_FAILURE ();
1356 uint8_t nr = do_tag_to_nr (tag);
1359 GPG_MEMORY_FAILURE ();
1362 *do_data_p = flash_do_write (nr, data, len);
1366 GPG_MEMORY_FAILURE ();
1371 case DO_PROC_READWRITE:
1373 int (*rw_func)(uint16_t, int, const uint8_t *, int, int)
1374 = (int (*)(uint16_t, int, const uint8_t *, int, int))do_p->obj;
1376 if (rw_func (tag, 0, data, len, 1))
1384 int (*proc_func)(const uint8_t *, int)
1385 = (int (*)(const uint8_t *, int))do_p->obj;
1387 if (proc_func (data, len))
1400 gpg_do_public_key (uint8_t kk_byte)
1402 const uint8_t *do_data;
1403 const uint8_t *key_addr;
1405 DEBUG_INFO ("Public key\r\n");
1406 DEBUG_BYTE (kk_byte);
1408 if (kk_byte == 0xb6)
1409 do_data = do_ptr[NR_DO_PRVKEY_SIG - NR_DO__FIRST__];
1410 else if (kk_byte == 0xb8)
1411 do_data = do_ptr[NR_DO_PRVKEY_DEC - NR_DO__FIRST__];
1413 do_data = do_ptr[NR_DO_PRVKEY_AUT - NR_DO__FIRST__];
1415 if (do_data == NULL)
1417 DEBUG_INFO ("none.\r\n");
1422 key_addr = *(const uint8_t **)&do_data[1];
1427 *res_p++ = 0x7f; *res_p++ = 0x49;
1429 *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x09;
1432 /*TAG*/ /*LEN = 256 */
1433 *res_p++ = 0x81; *res_p++ = 0x82; *res_p++ = 0x01; *res_p++ = 0x00;
1434 /* 256-byte binary (big endian) */
1435 memcpy (res_p, key_addr + KEY_CONTENT_LEN, KEY_CONTENT_LEN);
1440 *res_p++ = 0x82; *res_p++ = 3;
1441 /* 3-byte E=0x10001 (big endian) */
1442 *res_p++ = 0x01; *res_p++ = 0x00; *res_p++ = 0x01;
1445 res_APDU_size = res_p - res_APDU;
1449 DEBUG_INFO ("done.\r\n");
1454 gpg_do_read_simple (uint8_t nr)
1456 const uint8_t *do_data;
1458 do_data = do_ptr[nr - NR_DO__FIRST__];
1459 if (do_data == NULL)
1466 gpg_do_write_simple (uint8_t nr, const uint8_t *data, int size)
1468 const uint8_t **do_data_p;
1470 do_data_p = (const uint8_t **)&do_ptr[nr - NR_DO__FIRST__];
1472 flash_do_release (*do_data_p);
1476 *do_data_p = flash_do_write (nr, data, size);
1477 if (*do_data_p == NULL)
1478 flash_warning ("DO WRITE ERROR");
1484 #ifdef KEYGEN_SUPPORT
1486 gpg_do_keygen (uint8_t kk_byte)
1488 enum kind_of_key kk;
1489 const uint8_t *keystring_admin;
1490 const uint8_t *p_q_modulus;
1492 const uint8_t *modulus;
1495 DEBUG_INFO ("Keygen\r\n");
1496 DEBUG_BYTE (kk_byte);
1498 if (kk_byte == 0xb6)
1499 kk = GPG_KEY_FOR_SIGNING;
1500 else if (kk_byte == 0xb8)
1501 kk = GPG_KEY_FOR_DECRYPTION;
1503 kk = GPG_KEY_FOR_AUTHENTICATION;
1505 if (admin_authorized == BY_ADMIN)
1506 keystring_admin = keystring_md_pw3;
1508 keystring_admin = NULL;
1510 chEvtSignal (main_thread, LED_WAIT_MODE);
1511 p_q_modulus = rsa_genkey ();
1512 chEvtSignal (main_thread, LED_STATUS_MODE);
1513 if (p_q_modulus == NULL)
1515 GPG_MEMORY_FAILURE ();
1520 modulus = p_q_modulus + KEY_CONTENT_LEN;
1522 r = gpg_do_write_prvkey (kk, p_q, KEY_CONTENT_LEN,
1523 keystring_admin, modulus);
1524 free ((uint8_t *)p_q_modulus);
1531 DEBUG_INFO ("Calling gpg_do_public_key...\r\n");
1533 if (kk == GPG_KEY_FOR_SIGNING)
1535 /* Authintication has been reset within gpg_do_write_prvkey. */
1536 /* But GnuPG expects it's ready for signing. */
1537 /* Thus, we call verify_pso_cds here. */
1538 const uint8_t *ks_pw1 = gpg_do_read_simple (NR_DO_KEYSTRING_PW1);
1549 pw = (const uint8_t *)OPENPGP_CARD_INITIAL_PW1;
1550 pw_len = strlen (OPENPGP_CARD_INITIAL_PW3);
1553 verify_pso_cds (pw, pw_len);
1556 gpg_do_public_key (kk_byte);
projects / gnuk / gnuk.git / blob