"Fossies" - the Fresh Open Source Software Archive

Member "opensc-0.22.0/src/pkcs15init/pkcs15-iasecc.c" (10 Aug 2021, 63914 Bytes) of package /linux/privat/opensc-0.22.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "pkcs15-iasecc.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 0.21.0_vs_0.22.0.

    1 /*
    2  * IAS/ECC specific operations for PKCS #15 initialization
    3  *
    4  * Copyright (C) 2002  Juha Yrjölä <juha.yrjola@iki.fi>
    5  * Copyright (C) 2010  Viktor Tarasov <vtarasov@opentrust.com>
    6  *            OpenTrust <www.opentrust.com>
    7  *
    8  * This library is free software; you can redistribute it and/or
    9  * modify it under the terms of the GNU Lesser General Public
   10  * License as published by the Free Software Foundation; either
   11  * version 2.1 of the License, or (at your option) any later version.
   12  *
   13  * This library is distributed in the hope that it will be useful,
   14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   16  * Lesser General Public License for more details.
   17  *
   18  * You should have received a copy of the GNU Lesser General Public
   19  * License along with this library; if not, write to the Free Software
   20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   21  */
   22 
   23 #ifdef HAVE_CONFIG_H
   24 #include <config.h>
   25 #endif
   26 
   27 #ifndef FIX_UNUSED
   28 #define FIX_UNUSED(X) (void) (X) /* avoid warnings for unused params */
   29 #endif
   30 
   31 #ifdef ENABLE_OPENSSL   /* empty file without openssl */
   32 
   33 #include <stdlib.h>
   34 #include <string.h>
   35 #include <sys/types.h>
   36 #include <ctype.h>
   37 #include <errno.h>
   38 #include <stdio.h>
   39 
   40 #include <openssl/bn.h>
   41 #include <openssl/evp.h>
   42 #include <openssl/pem.h>
   43 #include <openssl/err.h>
   44 #include <openssl/rand.h>
   45 #include <openssl/sha.h>
   46 #include <openssl/rsa.h>
   47 #include <openssl/x509.h>
   48 #include <openssl/pkcs12.h>
   49 
   50 #include "../libopensc/opensc.h"
   51 #include "../libopensc/cardctl.h"
   52 #include "../libopensc/log.h"
   53 #include "../libopensc/pkcs15.h"
   54 #include "../libopensc/cards.h"
   55 #include "../libopensc/iasecc.h"
   56 #include "../libopensc/iasecc-sdo.h"
   57 
   58 #include "pkcs15-init.h"
   59 #include "profile.h"
   60 
   61 #define IASECC_TITLE "IASECC"
   62 
   63 int iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_file *df);
   64 static int iasecc_md_gemalto_delete_prvkey(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *);
   65 
   66 static void
   67 iasecc_reference_to_pkcs15_id (unsigned int ref, struct sc_pkcs15_id *id)
   68 {
   69     int ii, sz;
   70 
   71     for (ii=0, sz = 0; (unsigned)ii < sizeof(unsigned int); ii++)
   72         if (ref >> 8*ii)
   73             sz++;
   74 
   75     for (ii=0; ii < sz; ii++)
   76         id->value[sz - ii - 1] = (ref >> 8*ii) & 0xFF;
   77 
   78     id->len = sz;
   79 }
   80 
   81 
   82 int
   83 iasecc_pkcs15_delete_file(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
   84         struct sc_file *df)
   85 {
   86     struct sc_context *ctx = p15card->card->ctx;
   87     struct sc_card *card = p15card->card;
   88     struct sc_path  path;
   89     unsigned long caps = card->caps;
   90     int rv = 0;
   91 
   92     LOG_FUNC_CALLED(ctx);
   93 
   94     sc_log(ctx, "iasecc_pkcs15_delete_file() id %04X\n", df->id);
   95 
   96     card->caps |= SC_CARD_CAP_USE_FCI_AC;
   97     rv = sc_pkcs15init_authenticate(profile, p15card, df, SC_AC_OP_DELETE);
   98     card->caps = caps;
   99 
  100     LOG_TEST_RET(ctx, rv, "Cannot authenticate SC_AC_OP_DELETE");
  101 
  102     memset(&path, 0, sizeof(path));
  103     path.type = SC_PATH_TYPE_FILE_ID;
  104     path.value[0] = df->id >> 8;
  105     path.value[1] = df->id & 0xFF;
  106     path.len = 2;
  107 
  108     rv = sc_delete_file(card, &path);
  109     LOG_FUNC_RETURN(ctx, rv);
  110 }
  111 
  112 
  113 /*
  114  * Erase the card
  115  *
  116  */
  117 static int
  118 iasecc_pkcs15_erase_card(struct sc_profile *profile, struct sc_pkcs15_card *p15card)
  119 {
  120     struct sc_context *ctx = p15card->card->ctx;
  121     struct sc_file  *file = NULL;
  122     struct sc_path  path;
  123     struct sc_pkcs15_df *df;
  124     int rv;
  125 
  126     LOG_FUNC_CALLED(ctx);
  127 
  128     if (p15card->app->ddo.aid.len)   {
  129         memset(&path, 0, sizeof(struct sc_path));
  130         path.type = SC_PATH_TYPE_DF_NAME;
  131         memcpy(path.value, p15card->app->ddo.aid.value, p15card->app->ddo.aid.len);
  132         path.len = p15card->app->ddo.aid.len;
  133 
  134         sc_log(ctx, "Select DDO AID: %s", sc_print_path(&path));
  135         rv = sc_select_file(p15card->card, &path, NULL);
  136         LOG_TEST_RET(ctx, rv, "Erase application error: cannot select DDO AID");
  137     }
  138 
  139     for (df = p15card->df_list; df; df = df->next)   {
  140         struct sc_pkcs15_object *objs[32];
  141         unsigned obj_type = 0;
  142         int ii;
  143 
  144         if (df->type == SC_PKCS15_PRKDF)
  145             obj_type = SC_PKCS15_TYPE_PRKEY;
  146         else if (df->type == SC_PKCS15_PUKDF)
  147             obj_type = SC_PKCS15_TYPE_PUBKEY;
  148         else if (df->type == SC_PKCS15_CDF)
  149             obj_type = SC_PKCS15_TYPE_CERT;
  150         else if (df->type == SC_PKCS15_DODF)
  151             obj_type = SC_PKCS15_TYPE_DATA_OBJECT;
  152         else
  153             continue;
  154 
  155         rv = sc_pkcs15_get_objects(p15card, obj_type, objs, 32);
  156         LOG_TEST_RET(ctx, rv, "Failed to get PKCS#15 objects to remove");
  157 
  158         for (ii=0; ii<rv; ii++)   {
  159             if (obj_type == SC_PKCS15_TYPE_CERT)   {
  160                 struct sc_path path = ((struct sc_pkcs15_cert_info *)(objs[ii]->data))->path;
  161                 rv = sc_delete_file(p15card->card, &path);
  162             }
  163             else if (obj_type == SC_PKCS15_TYPE_DATA_OBJECT)   {
  164                 struct sc_path path = ((struct sc_pkcs15_data_info *)(objs[ii]->data))->path;
  165                 rv = sc_delete_file(p15card->card, &path);
  166             }
  167 
  168             sc_pkcs15_remove_object(p15card, objs[ii]);
  169         }
  170 
  171         rv = sc_select_file(p15card->card, &df->path, &file);
  172         if (rv == SC_ERROR_FILE_NOT_FOUND)
  173             continue;
  174         LOG_TEST_RET(ctx, rv, "Cannot select object file");
  175 
  176         profile->dirty = 1;
  177 
  178         rv = sc_erase_binary(p15card->card, 0, file->size, 0);
  179         if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)   {
  180             rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
  181             LOG_TEST_RET(ctx, rv, "SC_AC_OP_UPDATE authentication failed");
  182 
  183             rv = sc_erase_binary(p15card->card, 0, file->size, 0);
  184         }
  185         LOG_TEST_RET(ctx, rv, "Binary erase error");
  186 
  187         sc_file_free(file);
  188     }
  189 
  190     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  191 }
  192 
  193 
  194 /*
  195  * Allocate a file
  196  */
  197 static int
  198 iasecc_pkcs15_new_file(struct sc_profile *profile, struct sc_card *card,
  199         unsigned int type, unsigned int num, struct sc_file **out)
  200 {
  201     struct sc_context *ctx = card->ctx;
  202     struct sc_file  *file = NULL;
  203     const char *_template = NULL;
  204     int rv;
  205 
  206     LOG_FUNC_CALLED(ctx);
  207     sc_log(ctx, "type %X; num %i\n", type, num);
  208     switch (type) {
  209         case SC_PKCS15_TYPE_PRKEY_RSA:
  210             _template = "private-key";
  211             break;
  212         case SC_PKCS15_TYPE_PUBKEY_RSA:
  213             _template = "public-key";
  214             break;
  215         case SC_PKCS15_TYPE_CERT:
  216             _template = "certificate";
  217             break;
  218         case SC_PKCS15_TYPE_DATA_OBJECT:
  219             _template = "public-data";
  220             break;
  221         default:
  222             LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Profile template not supported");
  223     }
  224 
  225     sc_log(ctx, "df_info path '%s'\n", sc_print_path(&profile->df_info->file->path));
  226     rv = sc_profile_get_file(profile, _template, &file);
  227     if (rv == SC_ERROR_FILE_NOT_FOUND)   {
  228         struct sc_pkcs15_id     id;
  229 
  230         id.len = 1;
  231         id.value[0] = num & 0xFF;
  232         rv = sc_profile_instantiate_template(profile, "key-domain", &profile->df_info->file->path,
  233                 _template, &id, &file);
  234     }
  235     LOG_TEST_RET(ctx, rv, "Error when getting file from template");
  236 
  237     sc_log(ctx, "path(type:%X;path:%s)\n", file->path.type, sc_print_path(&file->path));
  238 
  239     file->id = (file->id & 0xFF00) | (num & 0xFF);
  240     if (file->path.len == 0)   {
  241         file->path.type = SC_PATH_TYPE_FILE_ID;
  242         file->path.len = 2;
  243     }
  244     file->path.value[file->path.len - 2] = (file->id >> 8) & 0xFF;
  245     file->path.value[file->path.len - 1] = file->id & 0xFF;
  246     file->path.count = -1;
  247 
  248     sc_log(ctx,
  249            "file size %"SC_FORMAT_LEN_SIZE_T"u; ef type %i/%i; id %04X\n",
  250            file->size, file->type, file->ef_structure, file->id);
  251     sc_log(ctx, "path type %X; path '%s'", file->path.type, sc_print_path(&file->path));
  252 
  253     if (out)
  254         *out = file;
  255     else
  256         sc_file_free(file);
  257 
  258     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  259 }
  260 
  261 
  262 /*
  263  * Select a key reference
  264  */
  265 static int
  266 iasecc_pkcs15_select_key_reference(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
  267         struct sc_pkcs15_prkey_info *key_info)
  268 {
  269     struct sc_context *ctx = p15card->card->ctx;
  270     struct sc_card *card = p15card->card;
  271     struct sc_file  *file = NULL;
  272     int rv = 0, idx = key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL;
  273 
  274     LOG_FUNC_CALLED(ctx);
  275     sc_log(ctx, "'seed' key reference %i; path %s", key_info->key_reference & ~IASECC_OBJECT_REF_LOCAL,
  276             sc_print_path(&key_info->path));
  277 
  278     rv = sc_select_file(card, &key_info->path, &file);
  279     LOG_TEST_RET(ctx, rv, "Cannot select DF to select key reference in");
  280 
  281     /* 1 <= ObjReference <= 31 */
  282     if (idx < IASECC_OBJECT_REF_MIN)
  283         idx = IASECC_OBJECT_REF_MIN;
  284 
  285     /* Look for the suitable slot */
  286     if (idx <= IASECC_OBJECT_REF_MAX)   {
  287         struct iasecc_ctl_get_free_reference ctl_data;
  288 
  289         ctl_data.key_size = key_info->modulus_length;
  290         ctl_data.usage = key_info->usage;
  291         ctl_data.access = key_info->access_flags;
  292         ctl_data.index = idx;
  293 
  294         rv = sc_card_ctl(card, SC_CARDCTL_IASECC_GET_FREE_KEY_REFERENCE, &ctl_data);
  295         if (!rv)
  296             sc_log(ctx, "found allocated slot %i", idx);
  297         else if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND && idx <= IASECC_OBJECT_REF_MAX)
  298             sc_log(ctx, "found empty slot %i", idx);
  299         else
  300             LOG_TEST_RET(ctx, rv, "Cannot select key reference");
  301 
  302         idx = ctl_data.index;
  303     }
  304 
  305     /* All card objects but PINs are locals */
  306     key_info->key_reference = idx | IASECC_OBJECT_REF_LOCAL;
  307     sc_log(ctx, "selected key reference %i", key_info->key_reference);
  308 
  309     sc_file_free(file);
  310     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  311 }
  312 
  313 
  314 static int
  315 iasecc_sdo_get_data(struct sc_card *card, struct iasecc_sdo *sdo)
  316 {
  317     struct sc_context *ctx = card->ctx;
  318     int rv;
  319 
  320     LOG_FUNC_CALLED(ctx);
  321     rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_GET_DATA, sdo);
  322     LOG_TEST_RET(ctx, rv, "IasEcc: GET DATA error");
  323 
  324     LOG_FUNC_RETURN(ctx, rv);
  325 }
  326 
  327 
  328 static int
  329 iasecc_file_convert_acls(struct sc_context *ctx, struct sc_profile *profile, struct sc_file *file)
  330 {
  331     int ii;
  332 
  333     for (ii=0; ii<SC_MAX_AC_OPS;ii++)   {
  334         /* FIXME the acl object must not be modified, it is only defined in
  335          * sc_file_get_acl_entry. Accessing it here means we have a race
  336          * condition. */
  337         struct sc_acl_entry *acl = (struct sc_acl_entry *) sc_file_get_acl_entry(file, ii);
  338 
  339         if (acl)   {
  340             switch (acl->method)   {
  341             case SC_AC_IDA:
  342                 sc_log(ctx, "'IDA' not actually supported");
  343                 return SC_ERROR_NOT_SUPPORTED;
  344             case SC_AC_SCB:
  345                 if ((acl->key_ref & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_USER_AUTH)   {
  346                     acl->method = SC_AC_SEN;
  347                     acl->key_ref &= IASECC_SCB_METHOD_MASK_REF;
  348                 }
  349                 else if ((acl->key_ref & IASECC_SCB_METHOD_MASK) == IASECC_SCB_METHOD_SM)   {
  350                     acl->method = SC_AC_PRO;
  351                     acl->key_ref &= IASECC_SCB_METHOD_MASK_REF;
  352                 }
  353             }
  354         }
  355     }
  356 
  357     return 0;
  358 }
  359 
  360 static int
  361 iasecc_sdo_set_key_acls_from_profile(struct sc_profile *profile, struct sc_card *card,
  362         const char *template, struct iasecc_sdo *sdo)
  363 {
  364     struct sc_context *ctx = card->ctx;
  365     struct sc_file  *file = NULL;
  366     unsigned char ops_prvkey[7] = {
  367         SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
  368         SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
  369     };
  370     unsigned char ops_pubkey[7] = {
  371         0xFF, SC_AC_OP_EXTERNAL_AUTHENTICATE, 0xFF,
  372         SC_AC_OP_GENERATE, 0xFF, SC_AC_OP_UPDATE, SC_AC_OP_READ
  373     };
  374     unsigned char amb, scb[16], mask;
  375     int rv, ii, cntr;
  376 
  377     LOG_FUNC_CALLED(ctx);
  378 
  379     /* Get ACLs from profile template */
  380     rv = sc_profile_get_file(profile, template, &file);
  381     LOG_TEST_RET(ctx, rv, "IasEcc: cannot instantiate private key file");
  382 
  383     /* Convert PKCS15 ACLs to SE ACLs */
  384     rv = iasecc_file_convert_acls(ctx, profile, file);
  385     if (rv < 0)
  386         sc_file_free(file);
  387     LOG_TEST_RET(ctx, rv, "Cannot convert profile ACLs");
  388 
  389     memset(scb, 0, sizeof(scb));
  390     for (ii = 0, mask = 0x80, amb = 0x80, cntr = 0; ii < 7; ii++) {
  391         const sc_acl_entry_t *acl;
  392         unsigned char op = sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE ? ops_prvkey[ii] : ops_pubkey[ii];
  393 
  394         mask >>= 1;
  395 
  396         if (op == 0xFF)
  397             continue;
  398 
  399         acl = sc_file_get_acl_entry(file, op);
  400         sc_log(ctx, "ACL: 0x%X:0x%X", acl->method, acl->key_ref);
  401 
  402         if (acl->method == SC_AC_NEVER)   {
  403         }
  404         else if (acl->method == SC_AC_NONE)   {
  405             amb |= mask;
  406             scb[cntr++] = 0x00;
  407         }
  408         else if (acl->method == SC_AC_SEN || acl->method == SC_AC_PRO || acl->method == SC_AC_AUT)   {
  409             if ((acl->key_ref & 0xF) == 0 || (acl->key_ref & 0xF) == 0xF)   {
  410                 sc_file_free(file);
  411                 LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid SE reference");
  412             }
  413 
  414             amb |= mask;
  415 
  416             if (acl->method == SC_AC_SEN)
  417                 scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_USER_AUTH;
  418             else if (acl->method == SC_AC_PRO)
  419                 scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_SM;
  420             else
  421                 scb[cntr++] = acl->key_ref | IASECC_SCB_METHOD_EXT_AUTH;
  422         }
  423         else   {
  424             sc_file_free(file);
  425             LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Unknown SCB method");
  426         }
  427     }
  428 
  429     sc_file_free(file);
  430 
  431     /* Copy ACLs into the DOCP*/
  432     sdo->docp.acls_contact.tag = IASECC_DOCP_TAG_ACLS_CONTACT;
  433     sdo->docp.acls_contact.size = cntr + 1;
  434     sdo->docp.acls_contact.value = calloc(1, sdo->docp.acls_contact.size);
  435     if (!sdo->docp.acls_contact.value)
  436         return SC_ERROR_OUT_OF_MEMORY;
  437     *(sdo->docp.acls_contact.value + 0) = amb;
  438     memcpy(sdo->docp.acls_contact.value + 1, scb, cntr);
  439 
  440     sc_log(ctx, "AMB: %X, CNTR %i, %x %x %x %x %x %x %x",
  441            amb, cntr, scb[0], scb[1], scb[2], scb[3], scb[4], scb[5], scb[6]);
  442     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  443 }
  444 
  445 
  446 static int
  447 iasecc_sdo_allocate_prvkey(struct sc_profile *profile, struct sc_card *card,
  448         struct sc_pkcs15_prkey_info *key_info, struct iasecc_sdo **out)
  449 {
  450     struct sc_context *ctx = card->ctx;
  451     struct iasecc_sdo *sdo = NULL;
  452     size_t sz = key_info->modulus_length / 8;
  453     int rv;
  454 
  455     LOG_FUNC_CALLED(ctx);
  456 
  457     sdo = calloc(1, sizeof(struct iasecc_sdo));
  458     if (!sdo)
  459         LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate 'iasecc_sdo'");
  460 
  461     sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC;
  462     sdo->sdo_ref = key_info->key_reference & 0x3F;
  463     sdo->sdo_class = IASECC_SDO_CLASS_RSA_PRIVATE;
  464     sdo->usage = key_info->usage;
  465 
  466     sc_log(ctx, "sdo->sdo_class 0x%X; sdo->usage 0x%X", sdo->sdo_class, sdo->usage);
  467 
  468     rv = iasecc_sdo_get_data(card, sdo);
  469     if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)   {
  470         sdo->not_on_card = 1;
  471 
  472         rv = iasecc_sdo_set_key_acls_from_profile(profile, card, "private-key", sdo);
  473         LOG_TEST_RET(ctx, rv, "IasEcc: cannot set ACLs for SDO from the 'private-key'");
  474 
  475         /* FIXME: set here sdo->docp.name and sdo->docp.idata */
  476 
  477         sdo->docp.non_repudiation.value = calloc(1, 1);
  478         if (!sdo->docp.non_repudiation.value)
  479             LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  480         sdo->docp.non_repudiation.tag = IASECC_DOCP_TAG_NON_REPUDIATION;
  481         sdo->docp.non_repudiation.size = 1;
  482 
  483         sdo->data.prv_key.compulsory.value = calloc(1, 1);
  484         if (!sdo->data.prv_key.compulsory.value)
  485             LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  486         sdo->data.prv_key.compulsory.tag = IASECC_SDO_PRVKEY_TAG_COMPULSORY;
  487         sdo->data.prv_key.compulsory.size = 1;
  488 
  489         sdo->docp.size.value = calloc(1, 2);
  490         if (!sdo->docp.size.value)
  491             LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  492         sdo->docp.size.tag = IASECC_DOCP_TAG_SIZE;
  493         sdo->docp.size.size = 2;
  494         *(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF;
  495         *(sdo->docp.size.value + 1) = sz & 0xFF;
  496 /*
  497         FIXME: Manage CRT key types: IASECC_GEN_KEY_TYPE_*: X509_usage
  498         Optional PRIVATE KEY SDO attribute 'Algorithm to compulsorily use' can have one of the three values:
  499         0(any usage), B6(Sign), A4(Authentication), B8(Confidentiality).
  500         If present, this attribute has to be the same in the 'GENERATE KEY' template data.
  501 */
  502         if (!(key_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) && (key_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))
  503             sc_log(ctx, "Non fatal error: NON_REPUDIATION can be used only for the locally generated keys");
  504 
  505         if ((key_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL)
  506                 && (key_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN)
  507                 && (key_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))   {
  508             *(sdo->docp.non_repudiation.value + 0) = 1;
  509             *(sdo->data.prv_key.compulsory.value + 0) = IASECC_CRT_TAG_DST;
  510         }
  511 
  512         sc_log(ctx, "non_repudiation %i", *(sdo->docp.non_repudiation.value + 0));
  513         sc_log(ctx, "compulsory 0x%X", *(sdo->data.prv_key.compulsory.value + 0));
  514     }
  515     else   {
  516         LOG_TEST_RET(ctx, rv, "IasEcc: error while getting private key SDO data");
  517     }
  518 
  519     if (out)
  520         *out = sdo;
  521     else
  522         free(sdo);
  523 
  524     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  525 }
  526 
  527 
  528 static int
  529 iasecc_sdo_allocate_pubkey(struct sc_profile *profile, struct sc_card *card, struct sc_pkcs15_pubkey_info *key_info,
  530         struct iasecc_sdo **out)
  531 {
  532     struct sc_context *ctx = card->ctx;
  533     struct iasecc_sdo *sdo = NULL;
  534     size_t sz = key_info->modulus_length / 8;
  535     int rv;
  536 
  537     LOG_FUNC_CALLED(ctx);
  538     sdo = calloc(1, sizeof(struct iasecc_sdo));
  539     if (!sdo)
  540         return SC_ERROR_OUT_OF_MEMORY;
  541 
  542     sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC;
  543     sdo->sdo_ref = key_info->key_reference & 0x3F;
  544     sdo->sdo_class = IASECC_SDO_CLASS_RSA_PUBLIC;
  545 
  546     rv = iasecc_sdo_get_data(card, sdo);
  547     sc_log(ctx, "get Public Key SDO(class:%X) data returned %i", sdo->sdo_class, rv);
  548     if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)   {
  549         sdo->not_on_card = 1;
  550 
  551         rv = iasecc_sdo_set_key_acls_from_profile(profile, card, "public-key", sdo);
  552         LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() cannot set ACLs for SDO from the 'public-key'");
  553 
  554         sdo->docp.size.value = calloc(1, 2);
  555         if (!sdo->docp.size.value)
  556             LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  557         sdo->docp.size.size = 2;
  558         sdo->docp.size.tag = IASECC_DOCP_TAG_SIZE;
  559         *(sdo->docp.size.value + 0) = (sz >> 8) & 0xFF;
  560         *(sdo->docp.size.value + 1) = sz & 0xFF;
  561 
  562         if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR)   {
  563             /* TODO: Disabled for the tests of the Oberthur card */
  564         }
  565         else   {
  566             sdo->data.pub_key.cha.value = calloc(1, 2);
  567             if (!sdo->data.pub_key.cha.value)
  568                 LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  569             sdo->data.pub_key.cha.size = 2;
  570             sdo->data.pub_key.cha.tag = IASECC_SDO_PUBKEY_TAG_CHA;
  571         }
  572 
  573         sdo->data.pub_key.compulsory.value = calloc(1, 1);
  574         if (!sdo->data.pub_key.compulsory.value)
  575             LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  576         sdo->data.pub_key.compulsory.tag = IASECC_SDO_PUBKEY_TAG_COMPULSORY;
  577         sdo->data.pub_key.compulsory.size = 1;
  578     }
  579     else   {
  580         LOG_TEST_RET(ctx, rv, "iasecc_sdo_allocate_pubkey() error while getting public key SDO data");
  581     }
  582 
  583     if (out)
  584         *out = sdo;
  585     else
  586         free(sdo);
  587 
  588     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  589 }
  590 
  591 
  592 static int
  593 iasecc_sdo_convert_to_file(struct sc_card *card, struct iasecc_sdo *sdo, struct sc_file **out)
  594 {
  595     struct sc_context *ctx;
  596     struct sc_file *file;
  597     unsigned ii;
  598     int rv;
  599 
  600     if (!card || !sdo)
  601         return SC_ERROR_INVALID_ARGUMENTS;
  602 
  603     ctx = card->ctx;
  604     LOG_FUNC_CALLED(ctx);
  605 
  606     file = sc_file_new();
  607     if (!file)
  608         LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
  609 
  610     sc_log(ctx, "SDO class 0x%X", sdo->sdo_class);
  611 
  612     if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PRIVATE)   {
  613         unsigned char ops[] = {
  614             SC_AC_OP_PSO_COMPUTE_SIGNATURE, SC_AC_OP_INTERNAL_AUTHENTICATE, SC_AC_OP_PSO_DECRYPT,
  615             SC_AC_OP_GENERATE, SC_AC_OP_UPDATE, SC_AC_OP_READ
  616         };
  617 
  618         for (ii=0; ii<sizeof(ops)/sizeof(ops[0]);ii++)   {
  619             unsigned op_method, op_ref;
  620 
  621             rv = iasecc_sdo_convert_acl(card, sdo, ops[ii], &op_method, &op_ref);
  622             if (rv < 0)   {
  623                 sc_file_free(file);
  624                 LOG_TEST_RET(ctx, rv, "IasEcc: cannot convert ACL");
  625             }
  626 
  627             sc_log(ctx, "ii:%i, method:%X, ref:%X", ii, op_method, op_ref);
  628             sc_file_add_acl_entry(file, ops[ii], op_method, op_ref);
  629         }
  630     }
  631 
  632     if (out)
  633         *out = file;
  634     else
  635         sc_file_free(file);
  636 
  637     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  638 }
  639 
  640 
  641 static int
  642 iasecc_pkcs15_add_access_rule(struct sc_pkcs15_object *object, unsigned access_mode, struct sc_pkcs15_id *auth_id)
  643 {
  644     int ii;
  645 
  646     for (ii=0;ii<SC_PKCS15_MAX_ACCESS_RULES;ii++)   {
  647         if (!object->access_rules[ii].access_mode)   {
  648             object->access_rules[ii].access_mode = access_mode;
  649             if (auth_id)
  650                 object->access_rules[ii].auth_id = *auth_id;
  651             else
  652                 object->access_rules[ii].auth_id.len = 0;
  653             break;
  654         }
  655         else if (!auth_id && !object->access_rules[ii].auth_id.len)   {
  656             object->access_rules[ii].access_mode |= access_mode;
  657             break;
  658         }
  659         else if (auth_id && sc_pkcs15_compare_id(&object->access_rules[ii].auth_id, auth_id))   {
  660             object->access_rules[ii].access_mode |= access_mode;
  661             break;
  662         }
  663     }
  664 
  665     if (ii==SC_PKCS15_MAX_ACCESS_RULES)
  666         return SC_ERROR_TOO_MANY_OBJECTS;
  667 
  668     return SC_SUCCESS;
  669 }
  670 
  671 
  672 static int
  673 iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char scb,
  674         struct sc_pkcs15_id *auth_id)
  675 {
  676     struct sc_context *ctx = p15card->card->ctx;
  677     struct sc_pkcs15_object *pin_objs[32];
  678     int rv, ii, nn_pins, se_ref, pin_ref;
  679 
  680     LOG_FUNC_CALLED(ctx);
  681     if (!auth_id)
  682         LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
  683 
  684     memset(auth_id, 0, sizeof(struct sc_pkcs15_id));
  685 
  686     if (!(scb & IASECC_SCB_METHOD_USER_AUTH))
  687         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  688 
  689     rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, pin_objs, 32);
  690     LOG_TEST_RET(ctx, rv, "Error while getting AUTH objects");
  691     nn_pins = rv;
  692 
  693     se_ref = scb & 0x0F;
  694     rv = sc_card_ctl(p15card->card, SC_CARDCTL_GET_CHV_REFERENCE_IN_SE, (void *)(&se_ref));
  695     LOG_TEST_RET(ctx, rv, "Card CTL error: cannot get CHV reference from SE");
  696     pin_ref = rv;
  697     for (ii=0; ii<nn_pins; ii++)   {
  698         const struct sc_pkcs15_auth_info *auth_info = (const struct sc_pkcs15_auth_info *) pin_objs[ii]->data;
  699 
  700         if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
  701             continue;
  702 
  703         sc_log(ctx, "PIN refs %i/%i", pin_ref, auth_info->attrs.pin.reference);
  704         if (pin_ref == ((auth_info->attrs.pin.reference + 0x100) % 0x100))   {
  705             *auth_id = auth_info->auth_id;
  706             break;
  707         }
  708     }
  709     if (ii == nn_pins)
  710         LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_FOUND, "No AUTH object found");
  711 
  712     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  713 }
  714 
  715 
  716 static int
  717 iasecc_pkcs15_fix_file_access_rule(struct sc_pkcs15_card *p15card, struct sc_file *file,
  718         unsigned ac_op, unsigned rule_mode, struct sc_pkcs15_object *object)
  719 {
  720     struct sc_context *ctx = p15card->card->ctx;
  721     const struct sc_acl_entry *acl = NULL;
  722     struct sc_pkcs15_id id;
  723     unsigned ref;
  724     int rv;
  725 
  726     LOG_FUNC_CALLED(ctx);
  727     acl = sc_file_get_acl_entry(file, ac_op);
  728     sc_log(ctx, "Fix file access rule: AC_OP:%i, ACL(method:0x%X,ref:0x%X)", ac_op, acl->method, acl->key_ref);
  729     if (acl->method == SC_AC_NONE)   {
  730         sc_log(ctx, "rule-mode:0x%X, auth-ID:NONE", rule_mode);
  731         rv = iasecc_pkcs15_add_access_rule(object, rule_mode, NULL);
  732         LOG_TEST_RET(ctx, rv, "Fix file access rule error");
  733     }
  734     else   {
  735         if (acl->method == SC_AC_IDA)   {
  736             ref = acl->key_ref;
  737             iasecc_reference_to_pkcs15_id (ref, &id);
  738         }
  739         else if (acl->method == SC_AC_SCB)   {
  740             rv = iasecc_pkcs15_get_auth_id_from_se(p15card, acl->key_ref, &id);
  741             LOG_TEST_RET(ctx, rv, "Cannot get AUTH.ID from SE");
  742         }
  743         else if (acl->method == SC_AC_PRO)   {
  744             ref = IASECC_SCB_METHOD_SM * 0x100 + acl->key_ref;
  745             iasecc_reference_to_pkcs15_id (ref, &id);
  746         }
  747         else   {
  748             LOG_TEST_RET(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED, "Fix file access error");
  749         }
  750 
  751         sc_log(ctx, "rule-mode:0x%X, auth-ID:%s", rule_mode, sc_pkcs15_print_id(&id));
  752         rv = iasecc_pkcs15_add_access_rule(object, rule_mode, &id);
  753         LOG_TEST_RET(ctx, rv, "Fix file access rule error");
  754     }
  755 
  756     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  757 }
  758 
  759 
  760 static int
  761 iasecc_pkcs15_fix_file_access(struct sc_pkcs15_card *p15card, struct sc_file *file,
  762         struct sc_pkcs15_object *object)
  763 {
  764     struct sc_context *ctx = p15card->card->ctx;
  765     int rv;
  766 
  767     LOG_FUNC_CALLED(ctx);
  768     sc_log(ctx, "authID %s", sc_pkcs15_print_id(&object->auth_id));
  769 
  770     memset(object->access_rules, 0, sizeof(object->access_rules));
  771 
  772     rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_READ, SC_PKCS15_ACCESS_RULE_MODE_READ, object);
  773     LOG_TEST_RET(ctx, rv, "Fix file READ access error");
  774 
  775     rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, object);
  776     LOG_TEST_RET(ctx, rv, "Fix file READ access error");
  777 
  778     rv = iasecc_pkcs15_fix_file_access_rule(p15card, file, SC_AC_OP_DELETE, SC_PKCS15_ACCESS_RULE_MODE_DELETE, object);
  779     LOG_TEST_RET(ctx, rv, "Fix file READ access error");
  780 
  781     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
  782 }
  783 
  784 
  785 int
  786 iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object)
  787 {
  788     struct sc_context *ctx = p15card->card->ctx;
  789     struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *) object->data;
  790     struct sc_supported_algo_info *algo;
  791     int rv = SC_SUCCESS, ii;
  792 
  793     LOG_FUNC_CALLED(ctx);
  794     sc_log(ctx, "encode supported algos for object(%s,type:%X)", object->label, object->type);
  795     switch (object->type)   {
  796     case SC_PKCS15_TYPE_PRKEY_RSA:
  797         sc_log(ctx, "PrKey Usage:%X,Access:%X", prkey_info->usage, prkey_info->access_flags);
  798         if (prkey_info->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP))   {
  799             algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_DECIPHER, CKM_RSA_PKCS);
  800             rv = sc_pkcs15_add_supported_algo_ref(object, algo);
  801             LOG_TEST_RET(ctx, rv, "cannot add supported algorithm DECIPHER:CKM_RSA_PKCS");
  802         }
  803 
  804         if (prkey_info->usage & (SC_PKCS15_PRKEY_USAGE_SIGN |
  805                                  SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))   {
  806             if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)   {
  807                 algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS);
  808                 rv = sc_pkcs15_add_supported_algo_ref(object, algo);
  809                 LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_SHA1_RSA_PKCS");
  810 
  811                 algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA256_RSA_PKCS);
  812                 rv = sc_pkcs15_add_supported_algo_ref(object, algo);
  813                 LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_SHA256_RSA_PKCS");
  814             }
  815             else   {
  816                 algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_RSA_PKCS);
  817                 rv = sc_pkcs15_add_supported_algo_ref(object, algo);
  818                 LOG_TEST_RET(ctx, rv, "cannot add supported algorithm SIGN:CKM_RSA_PKCS");
  819             }
  820         }
  821 
  822         for (ii=0; ii<SC_MAX_SUPPORTED_ALGORITHMS && prkey_info->algo_refs[ii]; ii++)
  823             sc_log(ctx, "algoReference %i", prkey_info->algo_refs[ii]);
  824         break;
  825     default:
  826         rv = SC_ERROR_NOT_SUPPORTED;
  827         break;
  828     }
  829 
  830     LOG_FUNC_RETURN(ctx, rv);
  831 }
  832 
  833 
  834 /*
  835  * Store SDO key RSA
  836  */
  837 static int
  838 iasecc_sdo_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
  839         struct iasecc_sdo *sdo_prvkey, struct iasecc_sdo *sdo_pubkey,
  840         struct sc_pkcs15_prkey_rsa *rsa)
  841 {
  842     struct sc_context *ctx = p15card->card->ctx;
  843     struct sc_card *card = p15card->card;
  844     unsigned long caps = card->caps;
  845     struct iasecc_sdo_rsa_update update;
  846     struct sc_file  *dummy_file = NULL;
  847     int rv;
  848 
  849     LOG_FUNC_CALLED(ctx);
  850 
  851     if (!sdo_prvkey && !sdo_pubkey)
  852         LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "At least one SDO has to be supplied");
  853 
  854     rv = iasecc_sdo_convert_to_file(card, sdo_prvkey ? sdo_prvkey : sdo_pubkey, &dummy_file);
  855     LOG_TEST_RET(ctx, rv, "Cannot convert SDO PRIVATE KEY to file");
  856 
  857     card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
  858     rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
  859     card->caps = caps;
  860     sc_file_free(dummy_file);
  861 
  862     LOG_TEST_RET(ctx, rv, "SDO PRIVATE KEY UPDATE authentication failed");
  863 
  864     memset(&update, 0, sizeof(update));
  865 
  866     update.sdo_prv_key = sdo_prvkey;
  867     update.sdo_pub_key = sdo_pubkey;
  868     update.p15_rsa = rsa;
  869     update.magic = IASECC_SDO_MAGIC_UPDATE_RSA;
  870 
  871     rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_KEY_RSA_PUT_DATA, &update);
  872     LOG_TEST_RET(ctx, rv, "store IAS SDO PRIVATE KEY failed");
  873 
  874     LOG_FUNC_RETURN(ctx, rv);
  875 }
  876 
  877 
  878 static int
  879 iasecc_pkcs15_add_algorithm_reference(struct sc_pkcs15_card *p15card,
  880         struct sc_pkcs15_prkey_info *key_info, unsigned algo_ref)
  881 {
  882     int ii, jj;
  883 
  884     for (jj=0;jj<SC_MAX_SUPPORTED_ALGORITHMS && key_info->algo_refs[jj];jj++)
  885         ;
  886     if (jj == SC_MAX_SUPPORTED_ALGORITHMS)
  887         return SC_ERROR_TOO_MANY_OBJECTS;
  888 
  889     for (ii=0;ii<SC_MAX_SUPPORTED_ALGORITHMS;ii++)
  890         if (p15card->tokeninfo->supported_algos[ii].algo_ref == algo_ref)
  891             break;
  892     if (ii == SC_MAX_SUPPORTED_ALGORITHMS)
  893         return SC_ERROR_OBJECT_NOT_FOUND;
  894 
  895     key_info->algo_refs[jj] = p15card->tokeninfo->supported_algos[ii].reference;
  896     return SC_SUCCESS;
  897 }
  898 
  899 
  900 static int
  901 iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
  902                     struct sc_pkcs15_object *object,
  903                     struct iasecc_sdo *sdo_prvkey)
  904 {
  905     struct sc_card *card = p15card->card;
  906     struct sc_context *ctx = card->ctx;
  907     struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data;
  908     int rv = 0, ii;
  909     unsigned keys_access_modes[IASECC_MAX_SCBS] = {
  910         SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS, SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH, SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT,
  911         SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, 0x00, SC_PKCS15_ACCESS_RULE_MODE_UPDATE, SC_PKCS15_ACCESS_RULE_MODE_READ
  912     };
  913 
  914     LOG_FUNC_CALLED(ctx);
  915     if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
  916         LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "store IAS SDO PRIVATE KEY failed");
  917 
  918     if (object->type != SC_PKCS15_TYPE_PRKEY_RSA)
  919         LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported object type");
  920 
  921     key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
  922 
  923     sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
  924             sdo_prvkey->sdo_class, sdo_prvkey->sdo_ref, sdo_prvkey->usage);
  925     sc_log(ctx, "SDO ACLs(%"SC_FORMAT_LEN_SIZE_T"u):%s",
  926            sdo_prvkey->docp.acls_contact.size,
  927            sc_dump_hex(sdo_prvkey->docp.acls_contact.value,
  928                sdo_prvkey->docp.acls_contact.size));
  929     sc_log(ctx, "SDO AMB:%X, SCBS:%s", sdo_prvkey->docp.amb,
  930             sc_dump_hex(sdo_prvkey->docp.scbs, IASECC_MAX_SCBS));
  931 
  932     for (ii=0;ii<IASECC_MAX_SCBS;ii++)   {
  933         sc_log(ctx, "SBC(%i):%X", ii, sdo_prvkey->docp.scbs[ii]);
  934         if (sdo_prvkey->docp.scbs[ii] == 0xFF)   {
  935             continue;
  936         }
  937         else if (sdo_prvkey->docp.scbs[ii] == 0x00)   {
  938             rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], NULL);
  939             LOG_TEST_RET(ctx, rv, "Cannot add access rule");
  940         }
  941         else if (sdo_prvkey->docp.scbs[ii] & IASECC_SCB_METHOD_USER_AUTH)   {
  942             struct sc_pkcs15_id auth_id;
  943 
  944             rv = iasecc_pkcs15_get_auth_id_from_se(p15card, sdo_prvkey->docp.scbs[ii], &auth_id);
  945             LOG_TEST_RET(ctx, rv, "Cannot get AUTH.ID from SE");
  946 
  947             rv = iasecc_pkcs15_add_access_rule(object, keys_access_modes[ii], &auth_id);
  948             LOG_TEST_RET(ctx, rv, "Cannot add access rule");
  949 
  950             if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN || ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH
  951                     || ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER)   {
  952                 if (!sc_pkcs15_compare_id(&object->auth_id, &auth_id))   {
  953                     /* Sorry, this will silently overwrite the profile option.*/
  954                     sc_log(ctx, "Change object's authId for the one that really protects crypto operation.");
  955                     object->auth_id = auth_id;
  956                 }
  957 
  958                 rv = iasecc_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_EXECUTE, &auth_id);
  959                 LOG_TEST_RET(ctx, rv, "Cannot add 'EXECUTE' access rule");
  960             }
  961         }
  962 
  963         if (ii == IASECC_ACLS_RSAKEY_PSO_SIGN)   {
  964             rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
  965                     IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA1);
  966             LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA1 supported mechanism");
  967 
  968             rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
  969                     IASECC_ALGORITHM_RSA_PKCS | IASECC_ALGORITHM_SHA2);
  970             LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS SHA2 supported mechanism");
  971 
  972             if (sdo_prvkey->docp.non_repudiation.value && sdo_prvkey->docp.non_repudiation.value[0])   {
  973                 object->user_consent = 1;
  974             }
  975         }
  976         else if (ii == IASECC_ACLS_RSAKEY_INTERNAL_AUTH)   {
  977             rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info, IASECC_ALGORITHM_RSA_PKCS);
  978             LOG_TEST_RET(ctx, rv, "Cannot add RSA_PKCS supported mechanism");
  979 
  980         }
  981         else if (ii == IASECC_ACLS_RSAKEY_PSO_DECIPHER)   {
  982             rv = iasecc_pkcs15_add_algorithm_reference(p15card, key_info,
  983                     IASECC_ALGORITHM_RSA_PKCS_DECRYPT | IASECC_ALGORITHM_SHA1);
  984             LOG_TEST_RET(ctx, rv, "Cannot add decipher RSA_PKCS supported mechanism");
  985 
  986         }
  987     }
  988 
  989     LOG_FUNC_RETURN(ctx, rv);
  990 }
  991 
  992 
  993 static int
  994 iasecc_pkcs15_create_key_slot(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
  995         struct iasecc_sdo *sdo_prvkey, struct iasecc_sdo *sdo_pubkey,
  996         struct sc_pkcs15_prkey_info *key_info)
  997 {
  998     struct sc_context *ctx = p15card->card->ctx;
  999     struct sc_card *card = p15card->card;
 1000     struct sc_file  *file_p_pubkey = NULL, *file_p_prvkey = NULL, *parent = NULL;
 1001     unsigned long save_card_caps = p15card->card->caps;
 1002     int rv;
 1003 
 1004     LOG_FUNC_CALLED(ctx);
 1005 
 1006     rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, key_info->key_reference, &file_p_prvkey);
 1007     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot instantiate PRKEY_RSA file");
 1008 
 1009     rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, key_info->key_reference, &file_p_pubkey);
 1010     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot instantiate PUBKEY_RSA file");
 1011 
 1012     rv = iasecc_file_convert_acls(ctx, profile, file_p_prvkey);
 1013     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot convert ACLs of the private key file");
 1014 
 1015     rv = iasecc_file_convert_acls(ctx, profile, file_p_pubkey);
 1016     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot convert ACLs of the public key file");
 1017 
 1018     rv = sc_profile_get_parent(profile, "private-key", &parent);
 1019     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot get parent of private key file");
 1020 
 1021     rv = iasecc_file_convert_acls(ctx, profile, parent);
 1022     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot convert parent's ACLs");
 1023 
 1024     /* Oberthur's card do not returns FCP for selected application DF.
 1025      * That's why for the following authentication use the 'CREATE' ACL defined in the application profile. */
 1026     if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR)
 1027         p15card->card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
 1028     rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE);
 1029     p15card->card->caps  = save_card_caps;
 1030     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: SC_AC_OP_CREATE authentication failed");
 1031 
 1032     if (!sdo_prvkey->not_on_card)
 1033         sc_log(ctx, "create key slot: SDO private key already present");
 1034     else
 1035         rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_CREATE, sdo_prvkey);
 1036     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot create private key: ctl failed");
 1037 
 1038     if (!sdo_pubkey->not_on_card)
 1039         sc_log(ctx, "create key slot: SDO public key already present");
 1040     else
 1041         rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_CREATE, sdo_pubkey);
 1042     LOG_TEST_GOTO_ERR(ctx, rv, "create key slot: cannot create public key: ctl failed");
 1043 
 1044 err:
 1045     sc_file_free(file_p_prvkey);
 1046     sc_file_free(file_p_pubkey);
 1047     sc_file_free(parent);
 1048 
 1049     LOG_FUNC_RETURN(ctx, rv);
 1050 }
 1051 
 1052 static int
 1053 iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 1054                     struct sc_pkcs15_object *object)
 1055 {
 1056     struct sc_card *card = p15card->card;
 1057     struct sc_context *ctx = card->ctx;
 1058     struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data;
 1059     struct iasecc_sdo *sdo_prvkey = NULL, *sdo_pubkey = NULL;
 1060     size_t keybits = key_info->modulus_length;
 1061     unsigned char zeros[0x200];
 1062     int  rv;
 1063 
 1064     LOG_FUNC_CALLED(ctx);
 1065     sc_log(ctx,
 1066            "create private key(keybits:%"SC_FORMAT_LEN_SIZE_T"u,usage:%X,access:%X,ref:%X)",
 1067            keybits, key_info->usage, key_info->access_flags,
 1068            key_info->key_reference);
 1069     if (keybits < 1024 || keybits > 2048 || (keybits % 256))   {
 1070         sc_log(ctx, "Unsupported key size %"SC_FORMAT_LEN_SIZE_T"u",
 1071                keybits);
 1072         return SC_ERROR_INVALID_ARGUMENTS;
 1073     }
 1074 
 1075     memset(zeros, 0, sizeof(zeros));
 1076 
 1077     rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey);
 1078     LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed");
 1079     sc_log(ctx, "iasecc_pkcs15_create_key() sdo_pubkey->not_on_card %i", sdo_pubkey->not_on_card);
 1080 
 1081     rv = iasecc_sdo_allocate_prvkey(profile, card, key_info, &sdo_prvkey);
 1082     LOG_TEST_RET(ctx, rv, "IasEcc: init SDO private key failed");
 1083     sc_log(ctx, "iasecc_pkcs15_create_key() sdo_prvkey->not_on_card %i", sdo_prvkey->not_on_card);
 1084 
 1085     if (!sdo_prvkey->not_on_card && !sdo_pubkey->not_on_card)   {
 1086         sc_log(ctx, "Key ref %i already allocated", key_info->key_reference);
 1087     }
 1088     else   {
 1089         rv = iasecc_pkcs15_create_key_slot(profile, p15card, sdo_prvkey, sdo_pubkey, key_info);
 1090         LOG_TEST_RET(ctx, rv, "Cannot create key slot");
 1091     }
 1092 
 1093     rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
 1094     LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
 1095 
 1096     rv = iasecc_pkcs15_fix_private_key_attributes(profile, p15card, object, (struct iasecc_sdo *)object->content.value);
 1097     LOG_TEST_RET(ctx, rv, "Failed to fix private key PKCS#15 attributes");
 1098 
 1099     key_info->path.len = 0;
 1100 
 1101     iasecc_sdo_free(card, sdo_pubkey);
 1102 
 1103     LOG_FUNC_RETURN(ctx, rv);
 1104 }
 1105 
 1106 
 1107 /*
 1108  * RSA key generation
 1109  */
 1110 static int
 1111 iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
 1112         struct sc_pkcs15_object *object, struct sc_pkcs15_pubkey *pubkey)
 1113 {
 1114     struct sc_card *card = p15card->card;
 1115     struct sc_context *ctx = card->ctx;
 1116     struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data;
 1117     size_t keybits = key_info->modulus_length;
 1118     struct iasecc_sdo *sdo_prvkey = NULL;
 1119     struct iasecc_sdo *sdo_pubkey = NULL;
 1120     struct sc_file  *file = NULL;
 1121     unsigned char *tmp = NULL;
 1122     size_t tmp_len;
 1123     unsigned long caps;
 1124     int rv;
 1125 
 1126     LOG_FUNC_CALLED(ctx);
 1127     sc_log(ctx,
 1128            "generate key(bits:%"SC_FORMAT_LEN_SIZE_T"u,path:%s,AuthID:%s\n",
 1129            keybits, sc_print_path(&key_info->path),
 1130            sc_pkcs15_print_id(&object->auth_id));
 1131 
 1132     if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
 1133         LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data");
 1134 
 1135     sdo_prvkey = (struct iasecc_sdo *)object->content.value;
 1136     if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC)
 1137         LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey");
 1138 
 1139     if (keybits < 1024 || keybits > 2048 || (keybits%0x100))   {
 1140         sc_log(ctx, "Unsupported key size %"SC_FORMAT_LEN_SIZE_T"u\n",
 1141                keybits);
 1142         return SC_ERROR_INVALID_ARGUMENTS;
 1143     }
 1144 
 1145     /* TODO: Check if native IAS middleware accepts the meaningful path value. */
 1146     rv = sc_profile_get_parent(profile, "private-key", &file);
 1147     LOG_TEST_RET(ctx, rv, "IasEcc: cannot get private key parent file");
 1148 
 1149     rv = sc_select_file(card, &file->path, NULL);
 1150     LOG_TEST_RET(ctx, rv, "DF for private objects not defined");
 1151 
 1152     sc_file_free(file);
 1153 
 1154     rv = iasecc_sdo_convert_to_file(card, sdo_prvkey, &file);
 1155     LOG_TEST_RET(ctx, rv, "Cannot convert SDO PRIVKEY to file");
 1156 
 1157     caps = card->caps;
 1158     card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
 1159     rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_GENERATE);
 1160     card->caps = caps;
 1161     LOG_TEST_RET(ctx, rv, "SC_AC_OP_GENERATE authentication failed");
 1162 
 1163     key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_LOCAL;
 1164     key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE;
 1165     key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
 1166 
 1167     rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_GENERATE, sdo_prvkey);
 1168     LOG_TEST_RET(ctx, rv, "generate key failed");
 1169 
 1170     /* Quite dangerous -- cast of 'sc_pkcs15_prvkey_info' into 'sc_pkcs15_pubkey_info'. */
 1171     rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey);
 1172     LOG_TEST_RET(ctx, rv, "IasEcc: allocate SDO public key failed");
 1173 
 1174     pubkey->algorithm = SC_ALGORITHM_RSA;
 1175 
 1176     pubkey->u.rsa.modulus.len = sdo_pubkey->data.pub_key.n.size;
 1177     pubkey->u.rsa.modulus.data  = (unsigned char *) malloc(pubkey->u.rsa.modulus.len);
 1178     if (!pubkey->u.rsa.modulus.data)
 1179         LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
 1180     memcpy(pubkey->u.rsa.modulus.data, sdo_pubkey->data.pub_key.n.value, pubkey->u.rsa.modulus.len);
 1181 
 1182     pubkey->u.rsa.exponent.len = sdo_pubkey->data.pub_key.e.size;
 1183     pubkey->u.rsa.exponent.data = (unsigned char *) malloc(pubkey->u.rsa.exponent.len);
 1184     if (!pubkey->u.rsa.exponent.data)
 1185         LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
 1186     memcpy(pubkey->u.rsa.exponent.data, sdo_pubkey->data.pub_key.e.value, pubkey->u.rsa.exponent.len);
 1187 
 1188     rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &tmp, &tmp_len);
 1189     LOG_TEST_RET(ctx, rv, "encode public key failed");
 1190 
 1191     rv = iasecc_pkcs15_encode_supported_algos(p15card, object);
 1192     LOG_TEST_RET(ctx, rv, "encode private key access rules failed");
 1193 
 1194     /* SDO PrvKey data replaced by public part of generated key */
 1195     rv = sc_pkcs15_allocate_object_content(ctx, object, tmp, tmp_len);
 1196     LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content");
 1197 
 1198     iasecc_sdo_free(card, sdo_pubkey);
 1199 
 1200     free(tmp);
 1201     LOG_FUNC_RETURN(ctx, rv);
 1202 }
 1203 
 1204 
 1205 /*
 1206  * Store a private key
 1207  */
 1208 static int
 1209 iasecc_pkcs15_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 1210         struct sc_pkcs15_object *object, struct sc_pkcs15_prkey *prvkey)
 1211 {
 1212     struct sc_card *card = p15card->card;
 1213     struct sc_context *ctx = card->ctx;
 1214     struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *) object->data;
 1215     size_t keybits = key_info->modulus_length;
 1216     struct iasecc_sdo *sdo_prvkey;
 1217     struct iasecc_sdo *sdo_pubkey = NULL;
 1218     struct sc_pkcs15_prkey_rsa *rsa = &prvkey->u.rsa;
 1219     struct sc_file  *file = NULL;
 1220     int rv;
 1221 
 1222     LOG_FUNC_CALLED(ctx);
 1223     sc_log(ctx,
 1224            "Store IAS/ECC key(keybits:%"SC_FORMAT_LEN_SIZE_T"u,AuthID:%s,path:%s)",
 1225            keybits, sc_pkcs15_print_id(&object->auth_id),
 1226            sc_print_path(&key_info->path));
 1227 
 1228     if (!object->content.value || object->content.len != sizeof(struct iasecc_sdo))
 1229         LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid PrKey SDO data");
 1230     else if (keybits < 1024 || keybits > 2048 || (keybits%0x100))
 1231         LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported key size");
 1232 
 1233     sdo_prvkey = (struct iasecc_sdo *)object->content.value;
 1234     if (sdo_prvkey->magic != SC_CARDCTL_IASECC_SDO_MAGIC)
 1235         LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "'Magic' control failed for SDO PrvKey");
 1236 
 1237     sc_log(ctx,
 1238            "key compulsory attr(size:%"SC_FORMAT_LEN_SIZE_T"u,on_card:%i)",
 1239            sdo_prvkey->data.prv_key.compulsory.size,
 1240            sdo_prvkey->data.prv_key.compulsory.on_card);
 1241 
 1242     rv = sc_profile_get_parent(profile, "private-key", &file);
 1243     LOG_TEST_RET(ctx, rv, "cannot instantiate parent DF of the private key");
 1244 
 1245     rv = sc_select_file(card, &file->path, NULL);
 1246     LOG_TEST_RET(ctx, rv, "failed to select parent DF");
 1247 
 1248     sc_file_free(file);
 1249 
 1250     key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_LOCAL;
 1251 
 1252     rv = iasecc_sdo_allocate_pubkey(profile, card, (struct sc_pkcs15_pubkey_info *)key_info, &sdo_pubkey);
 1253     LOG_TEST_RET(ctx, rv, "private key store failed: cannot allocate 'SDO PUBLIC KEY'");
 1254 
 1255     rv = iasecc_sdo_store_key(profile, p15card, sdo_prvkey, sdo_pubkey, rsa);
 1256     LOG_TEST_RET(ctx, rv, "cannot store SDO PRIVATE/PUBLIC KEYs");
 1257 
 1258     /* sdo_prvkey is freed while object is freeing */
 1259     iasecc_sdo_free(card, sdo_pubkey);
 1260 
 1261     LOG_FUNC_RETURN(ctx, rv);
 1262 }
 1263 
 1264 
 1265 static int
 1266 iasecc_pkcs15_delete_sdo (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 1267         int sdo_class, int ref)
 1268 {
 1269     struct sc_context *ctx = p15card->card->ctx;
 1270     struct sc_card *card = p15card->card;
 1271     struct iasecc_sdo *sdo = NULL;
 1272     struct sc_pkcs15_prkey_rsa rsa;
 1273     struct sc_file  *dummy_file = NULL;
 1274     unsigned long save_card_caps = card->caps;
 1275     int rv;
 1276 
 1277     LOG_FUNC_CALLED(ctx);
 1278     sc_log(ctx, "iasecc_pkcs15_delete_sdo() class 0x%X; reference %i", sdo_class, ref);
 1279 
 1280     sdo = calloc(1, sizeof(struct iasecc_sdo));
 1281     if (!sdo)
 1282         return SC_ERROR_OUT_OF_MEMORY;
 1283 
 1284     sdo->magic = SC_CARDCTL_IASECC_SDO_MAGIC;
 1285     sdo->sdo_class = sdo_class;
 1286     sdo->sdo_ref = ref & 0x3F;
 1287 
 1288     rv = iasecc_sdo_get_data(card, sdo);
 1289     if (rv < 0)   {
 1290         if (rv == SC_ERROR_DATA_OBJECT_NOT_FOUND)
 1291             rv = SC_SUCCESS;
 1292 
 1293         iasecc_sdo_free(card, sdo);
 1294         LOG_FUNC_RETURN(ctx, rv);
 1295     }
 1296 
 1297     if (sdo->sdo_class == IASECC_SDO_CLASS_RSA_PUBLIC)   {
 1298         if (sdo->data.pub_key.cha.value)   {
 1299             free(sdo->data.pub_key.cha.value);
 1300             sdo->data.pub_key.cha.value = NULL;
 1301             sdo->data.pub_key.cha.size = 0;
 1302         }
 1303     }
 1304 
 1305     sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO class 0x%X, ref 0x%X", sdo->sdo_class, sdo->sdo_ref);
 1306     rv = iasecc_sdo_convert_to_file(card, sdo, &dummy_file);
 1307     if (rv < 0)   {
 1308         iasecc_sdo_free(card, sdo);
 1309         LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() Cannot convert SDO to file");
 1310     }
 1311 
 1312     card->caps &= ~SC_CARD_CAP_USE_FCI_AC;
 1313     rv = sc_pkcs15init_authenticate(profile, p15card, dummy_file, SC_AC_OP_UPDATE);
 1314     card->caps = save_card_caps;
 1315 
 1316     sc_file_free(dummy_file);
 1317 
 1318     if (rv < 0)   {
 1319         iasecc_sdo_free(card, sdo);
 1320         LOG_TEST_RET(ctx, rv, "iasecc_pkcs15_delete_sdo() UPDATE authentication failed for SDO");
 1321     }
 1322 
 1323     if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR)   {
 1324         /* Oberthur's card supports creation/deletion of the key slots ... */
 1325         rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_DELETE, sdo);
 1326     }
 1327     else  {
 1328         /* ... other cards not.
 1329          * Set to zero the key components . */
 1330         unsigned char zeros[0x200];
 1331         int size = *(sdo->docp.size.value + 0) * 0x100 + *(sdo->docp.size.value + 1);
 1332 
 1333         sc_log(ctx, "iasecc_pkcs15_delete_sdo() SDO size %i bytes", size);
 1334         memset(zeros, 0xA5, sizeof(zeros));
 1335         memset(&rsa, 0, sizeof(rsa));
 1336 
 1337         rsa.modulus.data = rsa.exponent.data = zeros;
 1338         rsa.modulus.len = size;
 1339         rsa.exponent.len = 3;
 1340 
 1341         rsa.p.data = rsa.q.data = rsa.iqmp.data = rsa.dmp1.data = rsa.dmq1.data = zeros;
 1342         rsa.p.len = rsa.q.len = rsa.iqmp.len = rsa.dmp1.len = rsa.dmq1.len = size/2;
 1343 
 1344         /* Don't know why, but, clean public key do not working with Gemalto card */
 1345         rv = iasecc_sdo_store_key(profile, p15card, sdo, NULL, &rsa);
 1346     }
 1347 
 1348     iasecc_sdo_free(card, sdo);
 1349     LOG_FUNC_RETURN(ctx, rv);
 1350 }
 1351 
 1352 
 1353 static int
 1354 iasecc_pkcs15_delete_object (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 1355         struct sc_pkcs15_object *object, const struct sc_path *path)
 1356 {
 1357     struct sc_context *ctx = p15card->card->ctx;
 1358     struct sc_file *file = NULL;
 1359     int rv, key_ref;
 1360 
 1361     LOG_FUNC_CALLED(ctx);
 1362 
 1363     switch(object->type & SC_PKCS15_TYPE_CLASS_MASK)   {
 1364     case SC_PKCS15_TYPE_PUBKEY:
 1365         key_ref = ((struct sc_pkcs15_pubkey_info *)object->data)->key_reference;
 1366         sc_log(ctx, "Ignore delete of SDO-PubKey(ref:%X) '%s', path %s", key_ref, object->label, sc_print_path(path));
 1367         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1368     case SC_PKCS15_TYPE_PRKEY:
 1369         sc_log(ctx, "delete PrivKey '%s', path %s", object->label, sc_print_path(path));
 1370         if (path->len || path->aid.len)   {
 1371             rv = sc_select_file(p15card->card, path, NULL);
 1372             LOG_TEST_RET(ctx, rv, "cannot select PrivKey path");
 1373         }
 1374 
 1375         key_ref = ((struct sc_pkcs15_prkey_info *)object->data)->key_reference;
 1376 
 1377         /* Delete both parts of the RSA key */
 1378         rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PRIVATE, key_ref);
 1379         LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PRIVATE SDO");
 1380 
 1381         rv = iasecc_pkcs15_delete_sdo (profile, p15card, IASECC_SDO_CLASS_RSA_PUBLIC, key_ref);
 1382         LOG_TEST_RET(ctx, rv, "Cannot delete RSA_PUBLIC SDO");
 1383 
 1384         if (profile->md_style == SC_PKCS15INIT_MD_STYLE_GEMALTO)   {
 1385             rv = iasecc_md_gemalto_delete_prvkey(p15card, profile, object);
 1386             LOG_TEST_RET(ctx, rv, "MD error: cannot delete private key");
 1387         }
 1388 
 1389         LOG_FUNC_RETURN(ctx, rv);
 1390     case SC_PKCS15_TYPE_CERT:
 1391         sc_log(ctx, "delete Certificate '%s', path %s", object->label, sc_print_path(path));
 1392         break;
 1393     case SC_PKCS15_TYPE_DATA_OBJECT:
 1394         sc_log(ctx, "delete DataObject '%s', path %s", object->label, sc_print_path(path));
 1395         break;
 1396     default:
 1397         LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
 1398     }
 1399 
 1400     file = sc_file_new();
 1401     file->type = SC_FILE_TYPE_WORKING_EF;
 1402     file->ef_structure = SC_FILE_EF_TRANSPARENT;
 1403     file->id = path->value[path->len-2] * 0x100 + path->value[path->len-1];
 1404     memcpy(&file->path, path, sizeof(file->path));
 1405 
 1406     rv = iasecc_pkcs15_delete_file(p15card, profile, file);
 1407 
 1408     sc_file_free(file);
 1409 
 1410     LOG_FUNC_RETURN(ctx, rv);
 1411 }
 1412 
 1413 
 1414 static int
 1415 iasecc_md_gemalto_set_default(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1416         struct sc_pkcs15_object *key_obj)
 1417 {
 1418     struct sc_context *ctx = p15card->card->ctx;
 1419     struct sc_pkcs15_object *data_obj = NULL;
 1420     struct sc_pkcs15init_dataargs data_args;
 1421     unsigned char guid[40];
 1422     size_t guid_len;
 1423     int rv;
 1424 
 1425     LOG_FUNC_CALLED(ctx);
 1426 
 1427     rv = sc_pkcs15_find_data_object_by_name(p15card, "CSP", "Default Key Container", &data_obj);
 1428     if (rv != SC_ERROR_OBJECT_NOT_FOUND)
 1429         LOG_TEST_RET(ctx, rv, "Find 'Default Key Container' data object error");
 1430 
 1431     memset(guid, 0, sizeof(guid));
 1432     guid_len = sizeof(guid);
 1433 
 1434     rv = sc_pkcs15_get_object_guid(p15card, key_obj, 1, guid, &guid_len);
 1435     LOG_TEST_RET(ctx, rv, "Cannot get private key GUID");
 1436 
 1437     if (!data_obj)   {
 1438         memset(&data_args, 0, sizeof(data_args));
 1439         sc_init_oid(&data_args.app_oid);
 1440         data_args.label = "Default Key Container";
 1441         data_args.app_label = "CSP";
 1442         data_args.der_encoded.value = guid;
 1443         data_args.der_encoded.len = guid_len;
 1444 
 1445         rv = sc_pkcs15init_store_data_object(p15card, profile, &data_args, NULL);
 1446         LOG_TEST_RET(ctx, rv, "Failed to store 'CSP'/'Default Key Container' data object");
 1447     }
 1448     else   {
 1449         struct sc_pkcs15_data_info *dinfo = (struct sc_pkcs15_data_info *)data_obj->data;
 1450         struct sc_file *file = NULL;
 1451 
 1452         sc_log(ctx, "update data object content in '%s'\n", sc_print_path(&dinfo->path));
 1453         rv = sc_select_file(p15card->card, &dinfo->path, &file);
 1454         LOG_TEST_RET(ctx, rv, "Cannot select data object file");
 1455 
 1456         rv = sc_pkcs15init_update_file(profile, p15card, file, guid, guid_len);
 1457         sc_file_free(file);
 1458         LOG_TEST_RET(ctx, rv, "Failed to update 'CSP'/'Default Key Container' data object");
 1459     }
 1460 
 1461     LOG_FUNC_RETURN(ctx, rv);
 1462 }
 1463 
 1464 
 1465 static int
 1466 iasecc_md_gemalto_unset_default(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1467         struct sc_pkcs15_object *key_obj)
 1468 {
 1469     struct sc_context *ctx = p15card->card->ctx;
 1470     struct sc_pkcs15_object *data_obj = NULL;
 1471     struct sc_pkcs15_data *dod = NULL;
 1472     struct sc_pkcs15_object *key_objs[32];
 1473     struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)key_obj->data;
 1474     unsigned char guid[40];
 1475     size_t guid_len;
 1476     int rv, ii, keys_num;
 1477 
 1478     LOG_FUNC_CALLED(ctx);
 1479 
 1480     memset(guid, 0, sizeof(guid));
 1481     guid_len = sizeof(guid);
 1482 
 1483     rv = sc_pkcs15_get_object_guid(p15card, key_obj, 1, guid, &guid_len);
 1484     LOG_TEST_RET(ctx, rv, "Cannot get private key GUID");
 1485 
 1486     rv = sc_pkcs15_find_data_object_by_name(p15card, "CSP", "Default Key Container", &data_obj);
 1487     if (rv == SC_ERROR_OBJECT_NOT_FOUND)
 1488         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1489 
 1490     rv = sc_pkcs15_read_data_object(p15card, (struct sc_pkcs15_data_info *)data_obj->data, &dod);
 1491     LOG_TEST_RET(ctx, rv, "Cannot read from 'CSP/'Default Key Container'");
 1492 
 1493     if (guid_len != dod->data_len || memcmp(guid, dod->data, guid_len)) {
 1494         sc_pkcs15_free_data_object(dod);
 1495         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1496     }
 1497     sc_pkcs15_free_data_object(dod);
 1498 
 1499     rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, key_objs, 32);
 1500     LOG_TEST_RET(ctx, rv, "Get private key PKCS#15 objects error");
 1501     keys_num = rv;
 1502 
 1503     if (keys_num)   {
 1504         for (ii=0; ii<keys_num; ii++)   {
 1505             struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *)key_objs[ii]->data;
 1506 
 1507             if (sc_pkcs15_compare_id(&key_info->id, &prkey_info->id))
 1508                 continue;
 1509 
 1510             /* TODO: keys with inappropriate key usages should also be ignored */
 1511             rv = iasecc_md_gemalto_set_default(p15card, profile, key_objs[ii]);
 1512             LOG_TEST_RET(ctx, rv, "Cannot set default container");
 1513             break;
 1514         }
 1515 
 1516         if (ii == keys_num)   {
 1517             /* No more default container */
 1518             rv = sc_pkcs15init_delete_object(p15card, profile, data_obj);
 1519             LOG_TEST_RET(ctx, rv, "Cannot delete 'CSP'/'Default Key Container' data object");
 1520         }
 1521     }
 1522 
 1523     LOG_FUNC_RETURN(ctx, rv);
 1524 }
 1525 
 1526 
 1527 static int
 1528 iasecc_md_gemalto_new_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *key_obj)
 1529 {
 1530     struct sc_context *ctx = p15card->card->ctx;
 1531     struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *)key_obj->data;
 1532     struct sc_pkcs15init_dataargs data_args;
 1533     unsigned char data[SC_PKCS15_MAX_ID_SIZE + 6];
 1534     unsigned char guid[40];
 1535     size_t offs, guid_len;
 1536     int rv;
 1537 
 1538     LOG_FUNC_CALLED(ctx);
 1539 
 1540     memset(guid, 0, sizeof(guid));
 1541     guid_len = sizeof(guid) - 1;
 1542 
 1543     rv = sc_pkcs15_get_object_guid(p15card, key_obj, 1, guid, &guid_len);
 1544     LOG_TEST_RET(ctx, rv, "Cannot get private key GUID");
 1545     sc_log(ctx, "New key GUID: '%s'", (char *)guid);
 1546 
 1547     offs = 0;
 1548     data[offs++] = 0x01;
 1549     data[offs++] = prkey_info->id.len;
 1550     memcpy(&data[offs], prkey_info->id.value, prkey_info->id.len);
 1551     offs += prkey_info->id.len;
 1552     data[offs++] = 0x02;
 1553     data[offs++] = 0x01;
 1554     data[offs++] = 0x01;
 1555 
 1556     memset(&data_args, 0, sizeof(data_args));
 1557     sc_init_oid(&data_args.app_oid);
 1558     data_args.label = (char *)guid;
 1559     data_args.app_label = "CSP";
 1560     data_args.der_encoded.value = data;
 1561     data_args.der_encoded.len = offs;
 1562 
 1563     rv = sc_pkcs15init_store_data_object(p15card, profile, &data_args, NULL);
 1564     LOG_TEST_RET(ctx, rv, "Failed to store 'CSP' data object");
 1565 
 1566     /* For a while default container is set for the first key.
 1567      * TODO: Key usage should be taken into consideration. */
 1568     if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 1)   {
 1569         rv = iasecc_md_gemalto_set_default(p15card, profile, key_obj);
 1570         LOG_TEST_RET(ctx, rv, "MD: cannot set default container");
 1571     }
 1572 
 1573     LOG_FUNC_RETURN(ctx, rv);
 1574 }
 1575 
 1576 
 1577 static int
 1578 iasecc_md_gemalto_delete_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1579         struct sc_pkcs15_object *key_obj)
 1580 {
 1581     struct sc_context *ctx = p15card->card->ctx;
 1582     struct sc_pkcs15_object *data_obj = NULL;
 1583     unsigned char guid[40];
 1584     size_t guid_len;
 1585     int rv;
 1586 
 1587     LOG_FUNC_CALLED(ctx);
 1588 
 1589     memset(guid, 0, sizeof(guid));
 1590     guid_len = sizeof(guid) - 1;
 1591 
 1592     rv = sc_pkcs15_get_object_guid(p15card, key_obj, 1, guid, &guid_len);
 1593     LOG_TEST_RET(ctx, rv, "Cannot get private key GUID");
 1594 
 1595     rv = sc_pkcs15_find_data_object_by_name(p15card, "CSP", (char *)guid, &data_obj);
 1596     if (rv == SC_ERROR_OBJECT_NOT_FOUND)
 1597         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1598     LOG_TEST_RET(ctx, rv, "Find 'CSP'/<key> data object error");
 1599 
 1600     rv = sc_pkcs15init_delete_object(p15card, profile, data_obj);
 1601     LOG_TEST_RET(ctx, rv, "Cannot delete 'CSP'/<key> data object");
 1602 
 1603     /* For a while default container is set for the first key.
 1604      * TODO: Key usage should be taken into consideration. */
 1605     if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 1)   {
 1606         rv = iasecc_md_gemalto_unset_default(p15card, profile, key_obj);
 1607         LOG_TEST_RET(ctx, rv, "MD: cannot set default container");
 1608     }
 1609 
 1610     LOG_FUNC_RETURN(ctx, rv);
 1611 }
 1612 
 1613 
 1614 static int
 1615 iasecc_store_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
 1616         struct sc_pkcs15_der *data, struct sc_path *path)
 1617 {
 1618     struct sc_context *ctx = p15card->card->ctx;
 1619     struct sc_pkcs15_prkey_info *prkey_info = (struct sc_pkcs15_prkey_info *)object->data;
 1620 
 1621     LOG_FUNC_CALLED(ctx);
 1622     sc_log(ctx, "Private Key id '%s'", sc_pkcs15_print_id(&prkey_info->id));
 1623     sc_log(ctx, "MD style '0x%X'", profile->md_style);
 1624 
 1625     if (profile->md_style == SC_PKCS15INIT_MD_STYLE_NONE)   {
 1626         LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1627     }
 1628     else if (profile->md_style == SC_PKCS15INIT_MD_STYLE_GEMALTO)   {
 1629         int rv = iasecc_md_gemalto_new_prvkey(p15card, profile, object);
 1630         LOG_TEST_RET(ctx, rv, "MD: cannot add new key");
 1631     }
 1632     else   {
 1633         LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported MD style");
 1634     }
 1635 
 1636     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1637 }
 1638 
 1639 
 1640 static int
 1641 iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile, struct sc_pkcs15_object *object,
 1642         struct sc_pkcs15_der *data, struct sc_path *path)
 1643 {
 1644     struct sc_context *ctx = p15card->card->ctx;
 1645     struct sc_pkcs15_pubkey_info *pubkey_info = (struct sc_pkcs15_pubkey_info *)object->data;
 1646     struct sc_pkcs15_prkey_info *prkey_info = NULL;
 1647     struct sc_pkcs15_object *prkey_object = NULL;
 1648     int rv;
 1649 
 1650     LOG_FUNC_CALLED(ctx);
 1651     sc_log(ctx, "Public Key id '%s'", sc_pkcs15_print_id(&pubkey_info->id));
 1652 
 1653     rv = sc_pkcs15_find_prkey_by_id(p15card, &pubkey_info->id, &prkey_object);
 1654     LOG_TEST_RET(ctx, rv, "Find related PrKey error");
 1655 
 1656     prkey_info = (struct sc_pkcs15_prkey_info *)prkey_object->data;
 1657 
 1658     pubkey_info->key_reference = prkey_info->key_reference;
 1659 
 1660     pubkey_info->access_flags = prkey_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL;
 1661     pubkey_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
 1662 
 1663     pubkey_info->native = 0;
 1664 
 1665     pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
 1666     pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER ? SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER : 0;
 1667     pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
 1668     pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ? SC_PKCS15_PRKEY_USAGE_ENCRYPT : 0;
 1669     pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP ? SC_PKCS15_PRKEY_USAGE_WRAP : 0;
 1670 
 1671     rv = iasecc_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL);
 1672     LOG_TEST_RET(ctx, rv, "Too many access rules");
 1673 
 1674     memcpy(&pubkey_info->algo_refs[0], &prkey_info->algo_refs[0], sizeof(pubkey_info->algo_refs));
 1675 
 1676     LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 1677 }
 1678 
 1679 
 1680 static int
 1681 iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1682         struct sc_pkcs15_object *object, struct sc_pkcs15_der *data,
 1683         struct sc_path *path)
 1684 {
 1685     struct sc_context *ctx = p15card->card->ctx;
 1686     struct sc_card *card = p15card->card;
 1687     struct sc_file *pfile = NULL;
 1688     struct sc_path parent_path;
 1689     int rv;
 1690 
 1691     LOG_FUNC_CALLED(ctx);
 1692     sc_log(ctx, "iasecc_store_cert() authID '%s'", sc_pkcs15_print_id(&object->auth_id));
 1693 
 1694     rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_CERT, 0, &pfile);
 1695     LOG_TEST_RET(ctx, rv, "IasEcc new CERT file error");
 1696 
 1697     parent_path = pfile->path;
 1698     if (parent_path.len >= 2)
 1699         parent_path.len -= 2;
 1700     if (!parent_path.len && !parent_path.aid.len)
 1701         sc_format_path("3F00", &parent_path);
 1702     rv = sc_select_file(card, &parent_path, NULL);
 1703     LOG_TEST_RET(ctx, rv, "cannot select parent of certificate to store");
 1704 
 1705     rv = iasecc_pkcs15_fix_file_access(p15card, pfile, object);
 1706     LOG_TEST_RET(ctx, rv, "encode file access rules failed");
 1707 
 1708     sc_file_free(pfile);
 1709 
 1710     /* NOT_IMPLEMENTED error code indicates to the upper call to execute the default 'store data' procedure */
 1711     LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_IMPLEMENTED);
 1712 }
 1713 
 1714 
 1715 static int
 1716 iasecc_store_data_object(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1717         struct sc_pkcs15_object *object,
 1718         struct sc_pkcs15_der *data, struct sc_path *path)
 1719 {
 1720 #define MAX_DATA_OBJS 32
 1721     struct sc_context *ctx = p15card->card->ctx;
 1722     struct sc_card *card = p15card->card;
 1723     struct sc_pkcs15_object *p15objects[MAX_DATA_OBJS];
 1724     struct sc_file *cfile = NULL, *file = NULL, *parent = NULL;
 1725     int rv, nn_objs, indx, ii;
 1726 
 1727     LOG_FUNC_CALLED(ctx);
 1728     sc_log(ctx, "iasecc_store_data_object() authID '%s'", sc_pkcs15_print_id(&object->auth_id));
 1729     nn_objs = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_DATA_OBJECT, p15objects, MAX_DATA_OBJS);
 1730     LOG_TEST_RET(ctx, nn_objs, "IasEcc get pkcs15 DATA objects error");
 1731 
 1732     for(indx = 1; indx < MAX_DATA_OBJS; indx++)   {
 1733         rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_DATA_OBJECT, indx, &file);
 1734         LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() pkcs15 new DATA file error");
 1735 
 1736         for (ii=0; ii<nn_objs; ii++)   {
 1737             struct sc_pkcs15_data_info *info = (struct sc_pkcs15_data_info *)p15objects[ii]->data;
 1738             int file_id = info->path.value[info->path.len - 2] * 0x100 + info->path.value[info->path.len - 1];
 1739 
 1740             sc_log(ctx, "iasecc_store_data_object() %i: file_id 0x%X, pfile->id 0x%X\n", ii, file_id, file->id);
 1741             if (file->id == file_id)
 1742                break;
 1743         }
 1744 
 1745         if (ii == nn_objs)
 1746             break;
 1747         sc_file_free(file);
 1748     }
 1749 
 1750     if (indx == MAX_DATA_OBJS)
 1751         LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "iasecc_store_data_object() too many DATA objects.");
 1752 
 1753     do  {
 1754         const struct sc_acl_entry *acl;
 1755 
 1756         memset(object->access_rules, 0, sizeof(object->access_rules));
 1757 
 1758         object->access_rules[0].access_mode = SC_PKCS15_ACCESS_RULE_MODE_READ;
 1759         acl = sc_file_get_acl_entry(file, SC_AC_OP_READ);
 1760         sc_log(ctx, "iasecc_store_data_object() READ method %i", acl->method);
 1761         if (acl->method == SC_AC_IDA)
 1762             iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[0].auth_id);
 1763 
 1764         object->access_rules[1].access_mode = SC_PKCS15_ACCESS_RULE_MODE_UPDATE;
 1765         acl = sc_file_get_acl_entry(file, SC_AC_OP_UPDATE);
 1766         sc_log(ctx, "iasecc_store_data_object() UPDATE method %i", acl->method);
 1767         if (acl->method == SC_AC_IDA)
 1768             iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[1].auth_id);
 1769 
 1770         object->access_rules[2].access_mode = SC_PKCS15_ACCESS_RULE_MODE_DELETE;
 1771         acl = sc_file_get_acl_entry(file, SC_AC_OP_DELETE);
 1772         sc_log(ctx, "iasecc_store_data_object() UPDATE method %i", acl->method);
 1773         if (acl->method == SC_AC_IDA)
 1774             iasecc_reference_to_pkcs15_id (acl->key_ref, &object->access_rules[2].auth_id);
 1775 
 1776     } while(0);
 1777 
 1778     rv = iasecc_file_convert_acls(ctx, profile, file);
 1779     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() cannot convert profile ACLs");
 1780 
 1781     rv = sc_profile_get_parent(profile, "public-data", &parent);
 1782     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() cannot get object parent");
 1783     sc_log(ctx, "iasecc_store_data_object() parent path '%s'\n", sc_print_path(&parent->path));
 1784 
 1785     rv = sc_select_file(card, &parent->path, NULL);
 1786     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() cannot select parent");
 1787 
 1788     rv = sc_select_file(card, &file->path, &cfile);
 1789     if (!rv)   {
 1790         rv = sc_pkcs15init_authenticate(profile, p15card, cfile, SC_AC_OP_DELETE);
 1791         LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() DELETE authentication failed");
 1792 
 1793         rv = iasecc_pkcs15_delete_file(p15card, profile, cfile);
 1794         LOG_TEST_RET(ctx, rv, "s_pkcs15init_store_data_object() delete pkcs15 file error");
 1795     }
 1796     else if (rv != SC_ERROR_FILE_NOT_FOUND)   {
 1797         LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() select file error");
 1798     }
 1799 
 1800     rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_CREATE);
 1801     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() parent CREATE authentication failed");
 1802 
 1803     file->size = data->len;
 1804     rv = sc_create_file(card, file);
 1805     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() cannot create DATA file");
 1806 
 1807     rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
 1808     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() data file UPDATE authentication failed");
 1809 
 1810     rv = sc_update_binary(card, 0, data->value, data->len, 0);
 1811     LOG_TEST_RET(ctx, rv, "iasecc_store_data_object() update DATA file failed");
 1812 
 1813     if (path)
 1814         *path = file->path;
 1815 
 1816     sc_file_free(parent);
 1817     sc_file_free(file);
 1818     sc_file_free(cfile);
 1819 
 1820     LOG_FUNC_RETURN(ctx, rv);
 1821 #undef MAX_DATA_OBJS
 1822 }
 1823 
 1824 
 1825 static int
 1826 iasecc_emu_store_data(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 1827         struct sc_pkcs15_object *object,
 1828         struct sc_pkcs15_der *data, struct sc_path *path)
 1829 
 1830 {
 1831     struct sc_context *ctx = p15card->card->ctx;
 1832     int rv = SC_ERROR_NOT_IMPLEMENTED;
 1833 
 1834     LOG_FUNC_CALLED(ctx);
 1835 
 1836     switch (object->type & SC_PKCS15_TYPE_CLASS_MASK) {
 1837     case SC_PKCS15_TYPE_PRKEY:
 1838         rv = iasecc_store_prvkey(p15card, profile, object, data, path);
 1839         break;
 1840     case SC_PKCS15_TYPE_PUBKEY:
 1841         rv = iasecc_store_pubkey(p15card, profile, object, data, path);
 1842         break;
 1843     case SC_PKCS15_TYPE_CERT:
 1844         rv = iasecc_store_cert(p15card, profile, object, data, path);
 1845         break;
 1846     case SC_PKCS15_TYPE_DATA_OBJECT:
 1847         rv = iasecc_store_data_object(p15card, profile, object, data, path);
 1848         break;
 1849     default:
 1850         rv = SC_ERROR_NOT_IMPLEMENTED;
 1851         break;
 1852     }
 1853 
 1854     LOG_FUNC_RETURN(ctx, rv);
 1855 }
 1856 
 1857 
 1858 static struct sc_pkcs15init_operations
 1859 sc_pkcs15init_iasecc_operations = {
 1860     iasecc_pkcs15_erase_card,
 1861     NULL,                   /* init_card  */
 1862     NULL,                   /* create_dir */
 1863     NULL,                   /* create_domain */
 1864     NULL,                   /* select_pin_reference */
 1865     NULL,                   /* create_pin */
 1866     iasecc_pkcs15_select_key_reference,
 1867     iasecc_pkcs15_create_key,
 1868     iasecc_pkcs15_store_key,
 1869     iasecc_pkcs15_generate_key,
 1870     NULL,                   /* encode private key */
 1871     NULL,                   /* encode public key */
 1872     NULL,                   /* finalize_card */
 1873     iasecc_pkcs15_delete_object,
 1874     NULL,                   /* pkcs15init emulation update_dir */
 1875     NULL,                   /* pkcs15init emulation update_any_df */
 1876     NULL,                   /* pkcs15init emulation update_tokeninfo */
 1877     NULL,                   /* pkcs15init emulation write_info */
 1878     iasecc_emu_store_data,
 1879     NULL,                   /* sanity_check */
 1880 };
 1881 
 1882 
 1883 struct sc_pkcs15init_operations *
 1884 sc_pkcs15init_get_iasecc_ops(void)
 1885 {
 1886     return &sc_pkcs15init_iasecc_operations;
 1887 }
 1888 
 1889 #else /* ENABLE_OPENSSL */
 1890 #include "../libopensc/log.h"
 1891 #include "pkcs15-init.h"
 1892 
 1893 int
 1894 iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *object)
 1895 {
 1896     struct sc_context *ctx = p15card->card->ctx;
 1897     FIX_UNUSED(object);
 1898 
 1899     LOG_FUNC_CALLED(ctx);
 1900     sc_log(ctx, "OpenSC was built without OpenSSL support: skipping");
 1901     LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_IMPLEMENTED);
 1902 }
 1903 
 1904 #endif /* ENABLE_OPENSSL */