|
1 Upstream fixes already included in the latest community updates to coolkey v1.1.0 |
|
2 |
|
3 Adds header definitons for ADPU fixes. |
|
4 |
|
5 --- ORIGINAL/./src/libckyapplet/cky_applet.h 2016-06-24 16:09:45.867985533 -0400 |
|
6 +++ ././src/libckyapplet/cky_applet.h 2016-06-24 12:37:33.151017365 -0400 |
|
7 @@ -43,6 +43,8 @@ |
|
8 #define CKYISO_MORE_MASK 0xff00 /* More data mask */ |
|
9 #define CKYISO_MORE 0x6300 /* More data available */ |
|
10 #define CKYISO_DATA_INVALID 0x6984 |
|
11 +#define CKYISO_CONDITION_NOT_SATISFIED 0x6985 /* AKA not logged in (CAC)*/ |
|
12 +#define CKYISO_SECURITY_NOT_SATISFIED 0x6982 /* AKA not logged in (PIV)*/ |
|
13 /* Applet Defined Return codes */ |
|
14 #define CKYISO_NO_MEMORY_LEFT 0x9c01 /* There have been memory |
|
15 * problems on the card */ |
|
16 @@ -71,6 +73,16 @@ |
|
17 #define CKYISO_INTERNAL_ERROR 0x9cff /* Reserved for debugging, |
|
18 * shouldn't happen */ |
|
19 |
|
20 +#define CAC_INVALID_PARAMS 0x6a83 |
|
21 +#define CAC_TAG_FILE 1 |
|
22 +#define CAC_VALUE_FILE 2 |
|
23 + |
|
24 + |
|
25 +#define CAC_TAG_CARDURL 0xf3 |
|
26 +#define CAC_TAG_CERTIFICATE 0x70 |
|
27 +#define CAC_TAG_CERTINFO 0x71 |
|
28 +#define CAC_TLV_APP_PKI 0x04 |
|
29 + |
|
30 /* |
|
31 * Pin Constants as used by our applet |
|
32 */ |
|
33 @@ -192,6 +204,14 @@ |
|
34 CKYByte size; |
|
35 } CKYAppletArgReadObject; |
|
36 |
|
37 +typedef struct _CKYAppletArgWriteObject { |
|
38 + unsigned long objectID; |
|
39 + CKYOffset offset; |
|
40 + CKYByte size; |
|
41 + CKYBuffer *data; |
|
42 + |
|
43 +} CKYAppletArgWriteObject; |
|
44 + |
|
45 typedef struct _CKYAppletArgComputeCrypt { |
|
46 CKYByte keyNumber; |
|
47 CKYByte mode; |
|
48 @@ -201,6 +221,47 @@ |
|
49 const CKYBuffer *sig; |
|
50 } CKYAppletArgComputeCrypt; |
|
51 |
|
52 +typedef struct _CKYAppletArgComputeECCSignature { |
|
53 + CKYByte keyNumber; |
|
54 + CKYByte location; |
|
55 + const CKYBuffer *data; |
|
56 + const CKYBuffer *sig; |
|
57 +} CKYAppletArgComputeECCSignature; |
|
58 + |
|
59 +typedef struct _CKYAppletArgComputeECCKeyAgreement { |
|
60 + CKYByte keyNumber; |
|
61 + CKYByte location; |
|
62 + const CKYBuffer *publicValue; |
|
63 + const CKYBuffer *secretKey; |
|
64 +} CKYAppletArgComputeECCKeyAgreement; |
|
65 + |
|
66 + |
|
67 +typedef struct _CACAppletArgReadFile { |
|
68 + CKYByte type; |
|
69 + CKYByte count; |
|
70 + unsigned short offset; |
|
71 +} CACAppletArgReadFile; |
|
72 + |
|
73 +typedef struct _PIVAppletArgSignDecrypt { |
|
74 + CKYByte alg; |
|
75 + CKYByte key; |
|
76 + CKYByte chain; |
|
77 + CKYSize len; |
|
78 + CKYBuffer *buf; |
|
79 +} PIVAppletArgSignDecrypt; |
|
80 + |
|
81 +typedef struct _pivUnwrapState { |
|
82 + CKYByte tag; |
|
83 + CKYByte length; |
|
84 + int length_bytes; |
|
85 +} PIVUnwrapState; |
|
86 + |
|
87 +typedef struct _PIVAppletRespSignDecrypt { |
|
88 + PIVUnwrapState tag_1; |
|
89 + PIVUnwrapState tag_2; |
|
90 + CKYBuffer *buf; |
|
91 +} PIVAppletRespSignDecrypt; |
|
92 + |
|
93 /* fills in an APDU from a structure -- form of all the generic factories*/ |
|
94 typedef CKYStatus (*CKYAppletFactory)(CKYAPDU *apdu, const void *param); |
|
95 /* fills in an a structure from a response -- form of all the fill structures*/ |
|
96 @@ -250,6 +311,8 @@ |
|
97 /* param == CKYByte * (pointer to pinNumber) */ |
|
98 CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param); |
|
99 /* Future add WriteObject */ |
|
100 +/* parm == CKYAppletArgWriteObject */ |
|
101 +CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param); |
|
102 /* param == CKYAppletArgCreateObject */ |
|
103 CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param); |
|
104 /* param == CKYAppletArgDeleteObject */ |
|
105 @@ -310,7 +373,6 @@ |
|
106 /* Single value fills: Byte, Short, & Long */ |
|
107 /* param == CKYByte * */ |
|
108 CKYStatus CKYAppletFill_Byte(const CKYBuffer *response, CKYSize size, void *param); |
|
109 -/* param == CKYByte * */ |
|
110 CKYStatus CKYAppletFill_Short(const CKYBuffer *response, CKYSize size, void *param); |
|
111 CKYStatus CKYAppletFill_Long(const CKYBuffer *response, CKYSize size, void *param); |
|
112 |
|
113 @@ -336,7 +398,7 @@ |
|
114 * Sends the ADPU to the card through the connection conn. |
|
115 * Checks that the response was valid (returning the responce code in apduRC. |
|
116 * Formats the response data into fillArg with fillFunc |
|
117 - * nonce and apduRC can be NULL (no nonce is added, not status returned |
|
118 + * nonce and apduRC can be NULL (no nonce is added, no status returned |
|
119 * legal values for afArg are depened on afFunc. |
|
120 * legal values for fillArg are depened on fillFunc. |
|
121 */ |
|
122 @@ -352,7 +414,7 @@ |
|
123 * into function calls, with input and output parameters. |
|
124 * The application is still responsible for |
|
125 * 1) creating a connection to the card, |
|
126 - * 2) Getting a tranaction long, then |
|
127 + * 2) Getting a transaction lock, then |
|
128 * 3) selecting the appropriate applet (or Card manager). |
|
129 * Except for those calls that have been noted, the appropriate applet |
|
130 * is the CoolKey applet. |
|
131 @@ -441,9 +503,17 @@ |
|
132 /* Select the CAC card manager. Can happen with either applet selected */ |
|
133 CKYStatus CACApplet_SelectCardManager(CKYCardConnection *conn, |
|
134 CKYISOStatus *apduRC); |
|
135 -/* Can happen with either applet selected */ |
|
136 -CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance, |
|
137 - CKYISOStatus *apduRC); |
|
138 +/* Select the CAC CC container. Can happen with either applet selected */ |
|
139 +CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC); |
|
140 +/* Select an old CAC applet and fill in the cardAID */ |
|
141 +CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid, |
|
142 + CKYByte instance, CKYISOStatus *apduRC); |
|
143 +/* read a TLV file */ |
|
144 +CKYStatus CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type, |
|
145 + CKYBuffer *buffer, CKYISOStatus *apduRC); |
|
146 +CKYStatus CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef, |
|
147 + CKYISOStatus *apduRC); |
|
148 + |
|
149 /* must happen with PKI applet selected */ |
|
150 CKYStatus CACApplet_SignDecrypt(CKYCardConnection *conn, const CKYBuffer *data, |
|
151 CKYBuffer *result, CKYISOStatus *apduRC); |
|
152 @@ -457,9 +527,18 @@ |
|
153 CKYISOStatus *apduRC); |
|
154 |
|
155 /*CKYStatus CACApplet_GetProperties(); */ |
|
156 -CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin, |
|
157 - CKYISOStatus *apduRC); |
|
158 +CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin, |
|
159 + int local, CKYISOStatus *apduRC); |
|
160 |
|
161 +/* Select a PIV applet */ |
|
162 +CKYStatus PIVApplet_Select(CKYCardConnection *conn, CKYISOStatus *apduRC); |
|
163 + |
|
164 +CKYStatus PIVApplet_GetCertificate(CKYCardConnection *conn, CKYBuffer *cert, |
|
165 + int tag, CKYISOStatus *apduRC); |
|
166 +CKYStatus PIVApplet_SignDecrypt(CKYCardConnection *conn, CKYByte key, |
|
167 + unsigned int keySize, int derive, |
|
168 + const CKYBuffer *data, CKYBuffer *result, |
|
169 + CKYISOStatus *apduRC); |
|
170 /* |
|
171 * There are 3 read commands: |
|
172 * |
|
173 @@ -482,6 +561,17 @@ |
|
174 CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn, |
|
175 unsigned long objectID, CKYOffset offset, CKYSize size, |
|
176 const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC); |
|
177 +/* |
|
178 + * There is 1 write command: |
|
179 + * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple |
|
180 + * apdu calls in order to write the full amount into the buffer. The buffer is |
|
181 + * overwritten. |
|
182 +*/ |
|
183 + |
|
184 +CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn, |
|
185 + unsigned long objectID, CKYOffset offset, CKYSize size, |
|
186 + const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC); |
|
187 + |
|
188 CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq, |
|
189 CKYAppletRespListObjects *lop, CKYISOStatus *apduRC); |
|
190 CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn, |
|
191 @@ -509,6 +599,18 @@ |
|
192 CKYStatus CKYApplet_GetBuiltinACL(CKYCardConnection *conn, |
|
193 CKYAppletRespGetBuiltinACL *gba, CKYISOStatus *apduRC); |
|
194 |
|
195 +/** ECC commands |
|
196 + * * */ |
|
197 + |
|
198 +CKYStatus CKYApplet_ComputeECCSignature(CKYCardConnection *conn, CKYByte keyNumber, |
|
199 + const CKYBuffer *data, CKYBuffer *sig, |
|
200 + CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC); |
|
201 + |
|
202 +CKYStatus |
|
203 +CKYApplet_ComputeECCKeyAgreement(CKYCardConnection *conn, CKYByte keyNumber, |
|
204 + const CKYBuffer *publicValue, CKYBuffer *sharedSecret, |
|
205 + CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC); |
|
206 + |
|
207 |
|
208 /* |
|
209 * deprecates 0.x functions |