diff -r 50a81baffe58 -r 8f23248b161c components/coolkey/patches/11-cky_applet.h.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/coolkey/patches/11-cky_applet.h.patch Mon Aug 01 12:38:38 2016 -0700 @@ -0,0 +1,209 @@ +Upstream fixes already included in the latest community updates to coolkey v1.1.0 + +Adds header definitons for ADPU fixes. + +--- ORIGINAL/./src/libckyapplet/cky_applet.h 2016-06-24 16:09:45.867985533 -0400 ++++ ././src/libckyapplet/cky_applet.h 2016-06-24 12:37:33.151017365 -0400 +@@ -43,6 +43,8 @@ + #define CKYISO_MORE_MASK 0xff00 /* More data mask */ + #define CKYISO_MORE 0x6300 /* More data available */ + #define CKYISO_DATA_INVALID 0x6984 ++#define CKYISO_CONDITION_NOT_SATISFIED 0x6985 /* AKA not logged in (CAC)*/ ++#define CKYISO_SECURITY_NOT_SATISFIED 0x6982 /* AKA not logged in (PIV)*/ + /* Applet Defined Return codes */ + #define CKYISO_NO_MEMORY_LEFT 0x9c01 /* There have been memory + * problems on the card */ +@@ -71,6 +73,16 @@ + #define CKYISO_INTERNAL_ERROR 0x9cff /* Reserved for debugging, + * shouldn't happen */ + ++#define CAC_INVALID_PARAMS 0x6a83 ++#define CAC_TAG_FILE 1 ++#define CAC_VALUE_FILE 2 ++ ++ ++#define CAC_TAG_CARDURL 0xf3 ++#define CAC_TAG_CERTIFICATE 0x70 ++#define CAC_TAG_CERTINFO 0x71 ++#define CAC_TLV_APP_PKI 0x04 ++ + /* + * Pin Constants as used by our applet + */ +@@ -192,6 +204,14 @@ + CKYByte size; + } CKYAppletArgReadObject; + ++typedef struct _CKYAppletArgWriteObject { ++ unsigned long objectID; ++ CKYOffset offset; ++ CKYByte size; ++ CKYBuffer *data; ++ ++} CKYAppletArgWriteObject; ++ + typedef struct _CKYAppletArgComputeCrypt { + CKYByte keyNumber; + CKYByte mode; +@@ -201,6 +221,47 @@ + const CKYBuffer *sig; + } CKYAppletArgComputeCrypt; + ++typedef struct _CKYAppletArgComputeECCSignature { ++ CKYByte keyNumber; ++ CKYByte location; ++ const CKYBuffer *data; ++ const CKYBuffer *sig; ++} CKYAppletArgComputeECCSignature; ++ ++typedef struct _CKYAppletArgComputeECCKeyAgreement { ++ CKYByte keyNumber; ++ CKYByte location; ++ const CKYBuffer *publicValue; ++ const CKYBuffer *secretKey; ++} CKYAppletArgComputeECCKeyAgreement; ++ ++ ++typedef struct _CACAppletArgReadFile { ++ CKYByte type; ++ CKYByte count; ++ unsigned short offset; ++} CACAppletArgReadFile; ++ ++typedef struct _PIVAppletArgSignDecrypt { ++ CKYByte alg; ++ CKYByte key; ++ CKYByte chain; ++ CKYSize len; ++ CKYBuffer *buf; ++} PIVAppletArgSignDecrypt; ++ ++typedef struct _pivUnwrapState { ++ CKYByte tag; ++ CKYByte length; ++ int length_bytes; ++} PIVUnwrapState; ++ ++typedef struct _PIVAppletRespSignDecrypt { ++ PIVUnwrapState tag_1; ++ PIVUnwrapState tag_2; ++ CKYBuffer *buf; ++} PIVAppletRespSignDecrypt; ++ + /* fills in an APDU from a structure -- form of all the generic factories*/ + typedef CKYStatus (*CKYAppletFactory)(CKYAPDU *apdu, const void *param); + /* fills in an a structure from a response -- form of all the fill structures*/ +@@ -250,6 +311,8 @@ + /* param == CKYByte * (pointer to pinNumber) */ + CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param); + /* Future add WriteObject */ ++/* parm == CKYAppletArgWriteObject */ ++CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param); + /* param == CKYAppletArgCreateObject */ + CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param); + /* param == CKYAppletArgDeleteObject */ +@@ -310,7 +373,6 @@ + /* Single value fills: Byte, Short, & Long */ + /* param == CKYByte * */ + CKYStatus CKYAppletFill_Byte(const CKYBuffer *response, CKYSize size, void *param); +-/* param == CKYByte * */ + CKYStatus CKYAppletFill_Short(const CKYBuffer *response, CKYSize size, void *param); + CKYStatus CKYAppletFill_Long(const CKYBuffer *response, CKYSize size, void *param); + +@@ -336,7 +398,7 @@ + * Sends the ADPU to the card through the connection conn. + * Checks that the response was valid (returning the responce code in apduRC. + * Formats the response data into fillArg with fillFunc +- * nonce and apduRC can be NULL (no nonce is added, not status returned ++ * nonce and apduRC can be NULL (no nonce is added, no status returned + * legal values for afArg are depened on afFunc. + * legal values for fillArg are depened on fillFunc. + */ +@@ -352,7 +414,7 @@ + * into function calls, with input and output parameters. + * The application is still responsible for + * 1) creating a connection to the card, +- * 2) Getting a tranaction long, then ++ * 2) Getting a transaction lock, then + * 3) selecting the appropriate applet (or Card manager). + * Except for those calls that have been noted, the appropriate applet + * is the CoolKey applet. +@@ -441,9 +503,17 @@ + /* Select the CAC card manager. Can happen with either applet selected */ + CKYStatus CACApplet_SelectCardManager(CKYCardConnection *conn, + CKYISOStatus *apduRC); +-/* Can happen with either applet selected */ +-CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance, +- CKYISOStatus *apduRC); ++/* Select the CAC CC container. Can happen with either applet selected */ ++CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC); ++/* Select an old CAC applet and fill in the cardAID */ ++CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid, ++ CKYByte instance, CKYISOStatus *apduRC); ++/* read a TLV file */ ++CKYStatus CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type, ++ CKYBuffer *buffer, CKYISOStatus *apduRC); ++CKYStatus CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef, ++ CKYISOStatus *apduRC); ++ + /* must happen with PKI applet selected */ + CKYStatus CACApplet_SignDecrypt(CKYCardConnection *conn, const CKYBuffer *data, + CKYBuffer *result, CKYISOStatus *apduRC); +@@ -457,9 +527,18 @@ + CKYISOStatus *apduRC); + + /*CKYStatus CACApplet_GetProperties(); */ +-CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin, +- CKYISOStatus *apduRC); ++CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin, ++ int local, CKYISOStatus *apduRC); + ++/* Select a PIV applet */ ++CKYStatus PIVApplet_Select(CKYCardConnection *conn, CKYISOStatus *apduRC); ++ ++CKYStatus PIVApplet_GetCertificate(CKYCardConnection *conn, CKYBuffer *cert, ++ int tag, CKYISOStatus *apduRC); ++CKYStatus PIVApplet_SignDecrypt(CKYCardConnection *conn, CKYByte key, ++ unsigned int keySize, int derive, ++ const CKYBuffer *data, CKYBuffer *result, ++ CKYISOStatus *apduRC); + /* + * There are 3 read commands: + * +@@ -482,6 +561,17 @@ + CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn, + unsigned long objectID, CKYOffset offset, CKYSize size, + const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC); ++/* ++ * There is 1 write command: ++ * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple ++ * apdu calls in order to write the full amount into the buffer. The buffer is ++ * overwritten. ++*/ ++ ++CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn, ++ unsigned long objectID, CKYOffset offset, CKYSize size, ++ const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC); ++ + CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq, + CKYAppletRespListObjects *lop, CKYISOStatus *apduRC); + CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn, +@@ -509,6 +599,18 @@ + CKYStatus CKYApplet_GetBuiltinACL(CKYCardConnection *conn, + CKYAppletRespGetBuiltinACL *gba, CKYISOStatus *apduRC); + ++/** ECC commands ++ * * */ ++ ++CKYStatus CKYApplet_ComputeECCSignature(CKYCardConnection *conn, CKYByte keyNumber, ++ const CKYBuffer *data, CKYBuffer *sig, ++ CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC); ++ ++CKYStatus ++CKYApplet_ComputeECCKeyAgreement(CKYCardConnection *conn, CKYByte keyNumber, ++ const CKYBuffer *publicValue, CKYBuffer *sharedSecret, ++ CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC); ++ + + /* + * deprecates 0.x functions