1 Upstream fixes already included in the latest community updates to coolkey v1.1.0

     2 

     3 Adds header definitons for ADPU fixes.

     4 

     5 --- ORIGINAL/./src/libckyapplet/cky_applet.h	2016-06-24 16:09:45.867985533 -0400

     6 +++ ././src/libckyapplet/cky_applet.h	2016-06-24 12:37:33.151017365 -0400

     7 @@ -43,6 +43,8 @@

     8  #define CKYISO_MORE_MASK	    0xff00  /* More data mask */

     9  #define CKYISO_MORE		    0x6300  /* More data available */

    10  #define CKYISO_DATA_INVALID	    0x6984

    11 +#define CKYISO_CONDITION_NOT_SATISFIED 0x6985  /* AKA not logged in (CAC)*/

    12 +#define CKYISO_SECURITY_NOT_SATISFIED  0x6982  /* AKA not logged in (PIV)*/

    13  /* Applet Defined Return codes */

    14  #define CKYISO_NO_MEMORY_LEFT        0x9c01  /* There have been memory 

    15                                               * problems on the card */

    16 @@ -71,6 +73,16 @@

    17  #define CKYISO_INTERNAL_ERROR        0x9cff  /* Reserved for debugging, 

    18  					     * shouldn't happen */

    19  

    20 +#define CAC_INVALID_PARAMS	    0x6a83

    21 +#define CAC_TAG_FILE			1

    22 +#define CAC_VALUE_FILE			2

    23 +

    24 +

    25 +#define CAC_TAG_CARDURL			0xf3

    26 +#define CAC_TAG_CERTIFICATE		0x70

    27 +#define CAC_TAG_CERTINFO		0x71

    28 +#define CAC_TLV_APP_PKI			0x04

    29 +

    30  /*

    31   * Pin Constants as used by our applet

    32   */

    33 @@ -192,6 +204,14 @@

    34      CKYByte         size;

    35  } CKYAppletArgReadObject;

    36  

    37 +typedef struct _CKYAppletArgWriteObject {

    38 +    unsigned long objectID;

    39 +    CKYOffset     offset;

    40 +    CKYByte       size;

    41 +    CKYBuffer     *data;

    42 +

    43 +} CKYAppletArgWriteObject;

    44 +

    45  typedef struct _CKYAppletArgComputeCrypt {

    46      CKYByte   keyNumber;

    47      CKYByte   mode;

    48 @@ -201,6 +221,47 @@

    49      const CKYBuffer *sig;

    50  } CKYAppletArgComputeCrypt;

    51  

    52 +typedef struct _CKYAppletArgComputeECCSignature {

    53 +    CKYByte   keyNumber;

    54 +    CKYByte   location;

    55 +    const CKYBuffer *data;

    56 +    const CKYBuffer *sig;

    57 +} CKYAppletArgComputeECCSignature;

    58 +

    59 +typedef struct _CKYAppletArgComputeECCKeyAgreement {

    60 +    CKYByte keyNumber;

    61 +    CKYByte location;

    62 +    const CKYBuffer *publicValue;

    63 +    const CKYBuffer *secretKey;

    64 +} CKYAppletArgComputeECCKeyAgreement;

    65 +

    66 +

    67 +typedef struct _CACAppletArgReadFile {

    68 +    CKYByte   type;

    69 +    CKYByte   count;

    70 +    unsigned short offset;

    71 +} CACAppletArgReadFile;

    72 +

    73 +typedef struct _PIVAppletArgSignDecrypt {

    74 +     CKYByte	alg;   

    75 +     CKYByte	key;   

    76 +     CKYByte	chain;   

    77 +     CKYSize	len;   

    78 +     CKYBuffer  *buf;

    79 +} PIVAppletArgSignDecrypt;

    80 +

    81 +typedef struct _pivUnwrapState {

    82 +     CKYByte	tag;

    83 +     CKYByte	length;

    84 +     int	length_bytes;

    85 +} PIVUnwrapState;

    86 +

    87 +typedef struct _PIVAppletRespSignDecrypt {

    88 +     PIVUnwrapState tag_1;

    89 +     PIVUnwrapState tag_2;

    90 +     CKYBuffer  *buf;

    91 +} PIVAppletRespSignDecrypt;

    92 +

    93  /* fills in an APDU from a structure -- form of all the generic factories*/

    94  typedef CKYStatus (*CKYAppletFactory)(CKYAPDU *apdu, const void *param);

    95  /* fills in an a structure from a response -- form of all the fill structures*/

    96 @@ -250,6 +311,8 @@

    97  /* param == CKYByte * (pointer to pinNumber) */

    98  CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param);

    99  /* Future add WriteObject */

   100 +/* parm == CKYAppletArgWriteObject */

   101 +CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param);

   102  /* param == CKYAppletArgCreateObject */

   103  CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param);

   104  /* param == CKYAppletArgDeleteObject */

   105 @@ -310,7 +373,6 @@

   106  /* Single value fills: Byte, Short, & Long */

   107  /* param == CKYByte * */

   108  CKYStatus CKYAppletFill_Byte(const CKYBuffer *response, CKYSize size, void *param);

   109 -/* param == CKYByte * */

   110  CKYStatus CKYAppletFill_Short(const CKYBuffer *response, CKYSize size, void *param);

   111  CKYStatus CKYAppletFill_Long(const CKYBuffer *response, CKYSize size, void *param);

   112  

   113 @@ -336,7 +398,7 @@

   114   *   Sends the ADPU to the card through the connection conn.

   115   *   Checks that the response was valid (returning the responce code in apduRC.

   116   *   Formats the response data into fillArg with fillFunc

   117 - * nonce and apduRC can be NULL (no nonce is added, not status returned 

   118 + * nonce and apduRC can be NULL (no nonce is added, no status returned 

   119   * legal values for afArg are depened on afFunc.

   120   * legal values for fillArg are depened on fillFunc.

   121   */

   122 @@ -352,7 +414,7 @@

   123   *   into function calls, with input and output parameters.

   124   *   The application is still responsible for 

   125   *      1) creating a connection to the card, 

   126 - *      2) Getting a tranaction long,  then

   127 + *      2) Getting a transaction lock,  then

   128   *      3) selecting  the appropriate applet (or Card manager). 

   129   *   Except for those calls that have been noted, the appropriate applet 

   130   *   is the CoolKey applet.

   131 @@ -441,9 +503,17 @@

   132  /* Select the CAC card manager.  Can happen with either applet selected */

   133  CKYStatus CACApplet_SelectCardManager(CKYCardConnection *conn, 

   134  							CKYISOStatus *apduRC);

   135 -/* Can happen with either applet selected */

   136 -CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance,

   137 -			      CKYISOStatus *apduRC);

   138 +/* Select the CAC CC container. Can happen with either applet selected */

   139 +CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC);

   140 +/* Select an old CAC applet and fill in the cardAID */

   141 +CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid,

   142 +			      CKYByte instance, CKYISOStatus *apduRC);

   143 +/* read a TLV file */

   144 +CKYStatus CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type, 

   145 +			     CKYBuffer *buffer, CKYISOStatus *apduRC);

   146 +CKYStatus CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,

   147 +			     CKYISOStatus *apduRC);

   148 +

   149  /* must happen with PKI applet selected */

   150  CKYStatus CACApplet_SignDecrypt(CKYCardConnection *conn, const CKYBuffer *data,

   151  		CKYBuffer *result, CKYISOStatus *apduRC);

   152 @@ -457,9 +527,18 @@

   153  				   CKYISOStatus *apduRC);

   154  

   155  /*CKYStatus CACApplet_GetProperties(); */

   156 -CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin,

   157 -				   CKYISOStatus *apduRC);

   158 +CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin, 

   159 +				int local, CKYISOStatus *apduRC);

   160  

   161 +/* Select a PIV applet  */

   162 +CKYStatus PIVApplet_Select(CKYCardConnection *conn, CKYISOStatus *apduRC);

   163 +

   164 +CKYStatus PIVApplet_GetCertificate(CKYCardConnection *conn, CKYBuffer *cert,

   165 +				   int tag, CKYISOStatus *apduRC);

   166 +CKYStatus PIVApplet_SignDecrypt(CKYCardConnection *conn, CKYByte key,

   167 +				   unsigned int keySize, int derive,

   168 +                                   const CKYBuffer *data, CKYBuffer *result, 

   169 +                                   CKYISOStatus *apduRC);

   170  /*

   171   * There are 3 read commands:

   172   *  

   173 @@ -482,6 +561,17 @@

   174  CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn, 

   175  		unsigned long objectID, CKYOffset offset, CKYSize size,

   176  		 const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC);

   177 +/*

   178 + * There is 1 write command:

   179 + * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple

   180 + * apdu calls in order to write the full amount into the buffer. The buffer is

   181 + * overwritten.

   182 +*/

   183 +

   184 +CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,

   185 +        unsigned long objectID, CKYOffset offset, CKYSize size,

   186 +        const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC);

   187 +

   188  CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,

   189  		CKYAppletRespListObjects *lop, CKYISOStatus *apduRC);

   190  CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn, 

   191 @@ -509,6 +599,18 @@

   192  CKYStatus CKYApplet_GetBuiltinACL(CKYCardConnection *conn,

   193  	 	CKYAppletRespGetBuiltinACL *gba, CKYISOStatus *apduRC);

   194  

   195 +/** ECC commands

   196 + * *                                                  */

   197 +

   198 +CKYStatus CKYApplet_ComputeECCSignature(CKYCardConnection *conn, CKYByte keyNumber,

   199 +    const CKYBuffer *data, CKYBuffer *sig,

   200 +    CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC);

   201 +

   202 +CKYStatus

   203 +CKYApplet_ComputeECCKeyAgreement(CKYCardConnection *conn, CKYByte keyNumber,

   204 +    const CKYBuffer *publicValue, CKYBuffer *sharedSecret,

   205 +    CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC);

   206 +

   207  

   208  /*

   209   * deprecates 0.x functions