Various small changes to OpenSC: msg#00211 encryption.opensc.devel

Hi,

here 3 patches with what should be fixes/improvements in OpenSC:

- acl_dupl.diff: don't add duplicate ACL entries, due to a card whose
accesss conditions don't map completely to OpenSC's.
E.g. the soon to be added SetCOS 4.4 card as a delete-file and a
delete-self AC that we mapped to OpenSC's SC_AC_OP_DELETE

- delete_file.diff: extend to an empty path, which indicates that the current
file should be deleted.

- p15_init.diff:
- Add sc_pkcs15init_auth_by_fci() for authentication based on the
card's real ACLs instead of the ones from the profile files.
- move the init_card() call after the code that sets the pin stuff
- typo fix

Any objections against adding them?

Cheers,
Stef

Index: src/libopensc/sc.c
===================================================================
RCS file: /pub/cvsroot/opensc/src/libopensc/sc.c,v
retrieving revision 1.84
diff -u -r1.84 sc.c
--- src/libopensc/sc.c 8 Mar 2005 20:59:35 -0000 1.84
+++ src/libopensc/sc.c 22 Mar 2005 19:33:23 -0000
@@ -251,6 +251,13 @@
file->acl[operation] = NULL;
}

+ /* If the entry is already present (e.g. due to the mapping)
+ * of the card's AC with OpenSC's), don't add it again. */
+ for (p = file->acl[operation]; p != NULL; p = p->next) {
+ if ((p->method == method) && (p->key_ref == key_ref))
+ return 0;
+ }
+
_new = (sc_acl_entry_t *) malloc(sizeof(sc_acl_entry_t));
if (_new == NULL)
return SC_ERROR_OUT_OF_MEMORY;
Index: src/libopensc/iso7816.c
===================================================================
RCS file: /pub/cvsroot/opensc/src/libopensc/iso7816.c,v
retrieving revision 1.63
diff -u -w -b -r1.63 iso7816.c
--- src/libopensc/iso7816.c 8 Mar 2005 20:59:35 -0000 1.63
+++ src/libopensc/iso7816.c 22 Mar 2005 19:32:21 -0000
@@ -598,15 +598,20 @@
sc_apdu_t apdu;

SC_FUNC_CALLED(card->ctx, 1);
- if (path->type != SC_PATH_TYPE_FILE_ID && path->len != 2) {
+ if (path->type != SC_PATH_TYPE_FILE_ID || (path->len != 0 && path->len
!= 2)) {
sc_error(card->ctx, "File type has to be
SC_PATH_TYPE_FILE_ID\n");
SC_FUNC_RETURN(card->ctx, 1, SC_ERROR_INVALID_ARGUMENTS);
}
+
+ if (path->len == 2) {
sbuf[0] = path->value[0];
sbuf[1] = path->value[1];
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xE4, 0x00, 0x00);
apdu.lc = 2;
apdu.datalen = 2;
+ }
+ else /* No file ID given: means currently selected file */
+ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0xE4, 0x00, 0x00);
apdu.data = sbuf;

r = sc_transmit_apdu(card, &apdu);
Index: src/pkcs15init/pkcs15-init.h
===================================================================
RCS file: /pub/cvsroot/opensc/src/pkcs15init/pkcs15-init.h,v
retrieving revision 1.43
diff -u -w -b -r1.43 pkcs15-init.h
--- src/pkcs15init/pkcs15-init.h 2 Feb 2005 10:21:10 -0000 1.43
+++ src/pkcs15init/pkcs15-init.h 22 Mar 2005 19:34:38 -0000
@@ -324,6 +324,8 @@
struct sc_card *, struct sc_file *, void *,
unsigned int);
extern int sc_pkcs15init_authenticate(struct sc_profile *,
struct sc_card *, struct sc_file *, int);
+extern int sc_pkcs15init_auth_by_fci(struct sc_profile *,
+ struct sc_card *, struct sc_file *, int);
extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_file *);
extern int sc_pkcs15init_fixup_acls(struct sc_profile *,
struct sc_file *,

Index: src/pkcs15init/pkcs15-lib.c
===================================================================
RCS file: /pub/cvsroot/opensc/src/pkcs15init/pkcs15-lib.c,v
retrieving revision 1.115
diff -u -w -b -r1.115 pkcs15-lib.c
--- src/pkcs15init/pkcs15-lib.c 9 Mar 2005 00:04:44 -0000 1.115
+++ src/pkcs15init/pkcs15-lib.c 22 Mar 2005 19:34:40 -0000
@@ -531,16 +532,9 @@

p15spec->card = card;

- sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &puk_info);
+ sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &pin_info);
sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &puk_info);

- /* Perform card-specific initialization */
- if (profile->ops->init_card
- && (r = profile->ops->init_card(profile, card)) < 0) {
- sc_profile_free(profile);
- return r;
- }
-
if (card->app_count >= SC_MAX_CARD_APPS) {
sc_error(card->ctx, "Too many applications on this card.");
return SC_ERROR_TOO_MANY_OBJECTS;
@@ -593,6 +587,13 @@
&pin_info);
}

+ /* Perform card-specific initialization */
+ if (profile->ops->init_card
+ && (r = profile->ops->init_card(profile, card)) < 0) {
+ sc_profile_free(profile);
+ return r;
+ }
+
/* Create the application DF and store the PINs */
if (profile->ops->create_dir) {
/* Create the directory */
@@ -2684,6 +2685,39 @@
return r;
}

+/*
+ * Allmost like sc_pkcs15init_authenticate(), except that we look
+ * for the real ACLs on the card instead of relying on the profile.
+ */
+int sc_pkcs15init_auth_by_fci(struct sc_profile *pro, sc_card_t *card,
+ sc_file_t *file, int op)
+{
+ const sc_acl_entry_t *acl;
+ sc_file_t *file_dupl;
+ int r = 0;
+
+ sc_debug(card->ctx, "sc_pkcs15init_auth_by_fci(), file=%s, op=%u\n",
+ sc_print_path(&file->path), op);
+
+ r = sc_select_file(card, &file->path, &file_dupl);
+ if (r >= 0) {
+ acl = sc_file_get_acl_entry(file_dupl, op);
+ for (; r == 0 && acl; acl = acl->next) {
+ if (acl->method == SC_AC_NEVER)
+ return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
+ if (acl->method == SC_AC_NONE)
+ break;
+ if (acl->method == SC_AC_UNKNOWN) {
+ sc_debug(card->ctx, "unknown acl method\n");
+ break;
+ }
+ r = do_verify_pin(pro, card, file, acl->method,
acl->key_ref);
+ }
+ sc_file_free(file_dupl);
+ }
+
+ return r;
+}
int
do_select_parent(struct sc_profile *pro, sc_card_t *card,
sc_file_t *file, sc_file_t **parent)
_______________________________________________
OpenSC-devel mailing list
OpenSC-devel@xxxxxxxxxx
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

Previous by Date:	Using a Windows initilized GPK card on Linux: 00211, Douglas E. Engert
Next by Date:	Re: Various small changes to OpenSC: 00211, Andreas Jellinghaus
Previous by Thread:	Using a Windows initilized GPK card on Linuxi: 00211, Douglas E. Engert
Next by Thread:	Re: Various small changes to OpenSC: 00211, Andreas Jellinghaus
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>