[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH] libcacard: move it to a standalone project
|
From: |
marcandre . lureau |
|
Subject: |
[Qemu-devel] [RFC PATCH] libcacard: move it to a standalone project |
|
Date: |
Sun, 30 Aug 2015 13:29:35 +0200 |
From: Marc-André Lureau <address@hidden>
As previously discussed in the thread "libcacard: use the library?",
make libcacard a standalone library and use it if --enable-smartcard.
I made the following repo out of a qemu filter-branch and added autofoo
build-sys: https://github.com/elmarco/libcacard. Since the original qemu
git tags are there, I think the first release version should be v2.5,
but there is no need to follow the same versions as qemu later on.
libcacard could use the same infrastructure as the qemu project (mailing
list, git server, reviews etc). I have some experience with libcacard,
and I would be willing to maintain it, however I don't expect to do
more development with it in the near future.
Signed-off-by: Marc-André Lureau <address@hidden>
---
.gitignore | 1 -
Makefile | 3 -
Makefile.objs | 15 -
configure | 51 +-
docs/libcacard.txt | 483 ----------------
hw/usb/Makefile.objs | 3 +-
hw/usb/ccid-card-passthru.c | 2 +-
libcacard/Makefile | 45 --
libcacard/cac.c | 414 --------------
libcacard/cac.h | 31 --
libcacard/card_7816.c | 757 -------------------------
libcacard/card_7816.h | 62 ---
libcacard/card_7816t.h | 165 ------
libcacard/event.c | 103 ----
libcacard/eventt.h | 29 -
libcacard/libcacard.pc.in | 13 -
libcacard/libcacard.syms | 77 ---
libcacard/link_test.c | 22 -
libcacard/vcard.c | 325 -----------
libcacard/vcard.h | 86 ---
libcacard/vcard_emul.h | 66 ---
libcacard/vcard_emul_nss.c | 1274 -------------------------------------------
libcacard/vcard_emul_type.c | 57 --
libcacard/vcard_emul_type.h | 32 --
libcacard/vcardt.c | 40 --
libcacard/vcardt.h | 59 --
libcacard/vcardt_internal.h | 6 -
libcacard/vevent.h | 27 -
libcacard/vreader.c | 578 --------------------
libcacard/vreader.h | 55 --
libcacard/vreadert.h | 24 -
libcacard/vscard_common.h | 178 ------
libcacard/vscclient.c | 785 --------------------------
33 files changed, 19 insertions(+), 5849 deletions(-)
delete mode 100644 docs/libcacard.txt
delete mode 100644 libcacard/Makefile
delete mode 100644 libcacard/cac.c
delete mode 100644 libcacard/cac.h
delete mode 100644 libcacard/card_7816.c
delete mode 100644 libcacard/card_7816.h
delete mode 100644 libcacard/card_7816t.h
delete mode 100644 libcacard/event.c
delete mode 100644 libcacard/eventt.h
delete mode 100644 libcacard/libcacard.pc.in
delete mode 100644 libcacard/libcacard.syms
delete mode 100644 libcacard/link_test.c
delete mode 100644 libcacard/vcard.c
delete mode 100644 libcacard/vcard.h
delete mode 100644 libcacard/vcard_emul.h
delete mode 100644 libcacard/vcard_emul_nss.c
delete mode 100644 libcacard/vcard_emul_type.c
delete mode 100644 libcacard/vcard_emul_type.h
delete mode 100644 libcacard/vcardt.c
delete mode 100644 libcacard/vcardt.h
delete mode 100644 libcacard/vcardt_internal.h
delete mode 100644 libcacard/vevent.h
delete mode 100644 libcacard/vreader.c
delete mode 100644 libcacard/vreader.h
delete mode 100644 libcacard/vreadert.h
delete mode 100644 libcacard/vscard_common.h
delete mode 100644 libcacard/vscclient.c
diff --git a/.gitignore b/.gitignore
index 61bc492..5fd8c0f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,7 +19,6 @@
/trace/generated-ust.c
/ui/shader/texture-blit-frag.h
/ui/shader/texture-blit-vert.h
-/libcacard/trace/generated-tracers.c
*-timestamp
/*-softmmu
/*-darwin-user
diff --git a/Makefile b/Makefile
index 340d9c8..10d3de6 100644
--- a/Makefile
+++ b/Makefile
@@ -157,9 +157,6 @@ dummy := $(call unnest-vars,, \
ifneq ($(wildcard config-host.mak),)
include $(SRC_PATH)/tests/Makefile
endif
-ifeq ($(CONFIG_SMARTCARD_NSS),y)
-include $(SRC_PATH)/libcacard/Makefile
-endif
all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all modules
diff --git a/Makefile.objs b/Makefile.objs
index f094eff..9dab163 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -21,19 +21,6 @@ block-obj-y += coroutine-$(CONFIG_COROUTINE_BACKEND).o
block-obj-m = block/
-
-######################################################################
-# smartcard
-
-libcacard-y += libcacard/cac.o libcacard/event.o
-libcacard-y += libcacard/vcard.o libcacard/vreader.o
-libcacard-y += libcacard/vcard_emul_nss.o
-libcacard-y += libcacard/vcard_emul_type.o
-libcacard-y += libcacard/card_7816.o
-libcacard-y += libcacard/vcardt.o
-libcacard/vcard_emul_nss.o-cflags := $(NSS_CFLAGS)
-libcacard/vcard_emul_nss.o-libs := $(NSS_LIBS)
-
######################################################################
# Target independent part of system emulation. The long term path is to
# suppress *all* target specific code in case of system emulation, i.e. a
@@ -75,8 +62,6 @@ common-obj-y += backends/
common-obj-$(CONFIG_SECCOMP) += qemu-seccomp.o
-common-obj-$(CONFIG_SMARTCARD_NSS) += $(libcacard-y)
-
common-obj-$(CONFIG_FDT) += device_tree.o
######################################################################
diff --git a/configure b/configure
index 9d24d59..6a485c9 100755
--- a/configure
+++ b/configure
@@ -303,7 +303,7 @@ trace_backends="nop"
trace_file="trace"
spice=""
rbd=""
-smartcard_nss=""
+smartcard=""
libusb=""
usb_redir=""
opengl=""
@@ -1040,9 +1040,9 @@ for opt do
;;
--enable-xfsctl) xfs="yes"
;;
- --disable-smartcard-nss) smartcard_nss="no"
+ --disable-smartcard) smartcard="no"
;;
- --enable-smartcard-nss) smartcard_nss="yes"
+ --enable-smartcard) smartcard="yes"
;;
--disable-libusb) libusb="no"
;;
@@ -1351,7 +1351,7 @@ disabled with --disable-FEATURE, default is enabled if
available:
rbd rados block device (rbd)
libiscsi iscsi support
libnfs nfs support
- smartcard-nss smartcard nss support
+ smartcard smartcard support (libcacard)
libusb libusb (for usb passthrough)
usb-redir usb network redirection support
lzo support of lzo compression library
@@ -3766,34 +3766,19 @@ EOF
fi
fi
-# check for libcacard for smartcard support
+# check for smartcard support
smartcard_cflags=""
-# TODO - what's the minimal nss version we support?
-if test "$smartcard_nss" != "no"; then
- cat > $TMPC << EOF
-#include <pk11pub.h>
-int main(void) { PK11_FreeSlot(0); return 0; }
-EOF
- # FIXME: do not include $glib_* in here
- nss_libs="$($pkg_config --libs nss 2>/dev/null) $glib_libs"
- nss_cflags="$($pkg_config --cflags nss 2>/dev/null) $glib_cflags"
- test_cflags="$nss_cflags"
- # The header files in nss < 3.13.3 have a bug which causes them to
- # emit a warning. If we're going to compile QEMU with -Werror, then
- # test that the headers don't have this bug. Otherwise we would pass
- # the configure test but fail to compile QEMU later.
- if test "$werror" = "yes"; then
- test_cflags="-Werror $test_cflags"
- fi
- if test -n "$libtool" &&
- $pkg_config --atleast-version=3.12.8 nss && \
- compile_prog "$test_cflags" "$nss_libs"; then
- smartcard_nss="yes"
+if test "$smartcard" != "no"; then
+ if $pkg_config libcacard; then
+ libcacard_cflags=$($pkg_config --cflags libcacard)
+ libcacard_libs=$($pkg_config --libs libcacard)
+ QEMU_CFLAGS="$QEMU_CFLAGS $libcacard_cflags"
+ libs_softmmu="$libs_softmmu $libcacard_libs"
else
- if test "$smartcard_nss" = "yes"; then
- feature_not_found "nss" "Install nss devel >= 3.12.8"
+ if test "$libcacard" = "yes"; then
+ feature_not_found "libcacard" "Install libcacard devel"
fi
- smartcard_nss="no"
+ libcacard="no"
fi
fi
@@ -4568,7 +4553,7 @@ echo "spice support $spice"
fi
echo "rbd support $rbd"
echo "xfsctl support $xfs"
-echo "nss used $smartcard_nss"
+echo "smartcard support $smartcard"
echo "libusb $libusb"
echo "usb net redir $usb_redir"
echo "OpenGL support $opengl"
@@ -4942,10 +4927,8 @@ if test "$spice" = "yes" ; then
echo "CONFIG_SPICE=y" >> $config_host_mak
fi
-if test "$smartcard_nss" = "yes" ; then
- echo "CONFIG_SMARTCARD_NSS=y" >> $config_host_mak
- echo "NSS_LIBS=$nss_libs" >> $config_host_mak
- echo "NSS_CFLAGS=$nss_cflags" >> $config_host_mak
+if test "$smartcard" = "yes" ; then
+ echo "CONFIG_SMARTCARD=y" >> $config_host_mak
fi
if test "$libusb" = "yes" ; then
diff --git a/docs/libcacard.txt b/docs/libcacard.txt
deleted file mode 100644
index 8db421d..0000000
--- a/docs/libcacard.txt
+++ /dev/null
@@ -1,483 +0,0 @@
-This file documents the CAC (Common Access Card) library in the libcacard
-subdirectory.
-
-Virtual Smart Card Emulator
-
-This emulator is designed to provide emulation of actual smart cards to a
-virtual card reader running in a guest virtual machine. The emulated smart
-cards can be representations of real smart cards, where the necessary functions
-such as signing, card removal/insertion, etc. are mapped to real, physical
-cards which are shared with the client machine the emulator is running on, or
-the cards could be pure software constructs.
-
-The emulator is structured to allow multiple replaceable or additional pieces,
-so it can be easily modified for future requirements. The primary envisioned
-modifications are:
-
-1) The socket connection to the virtual card reader (presumably a CCID reader,
-but other ISO-7816 compatible readers could be used). The code that handles
-this is in vscclient.c.
-
-2) The virtual card low level emulation. This is currently supplied by using
-NSS. This emulation could be replaced by implementations based on other
-security libraries, including but not limitted to openssl+pkcs#11 library,
-raw pkcs#11, Microsoft CAPI, direct opensc calls, etc. The code that handles
-this is in vcard_emul_nss.c.
-
-3) Emulation for new types of cards. The current implementation emulates the
-original DoD CAC standard with separate pki containers. This emulator lives in
-cac.c. More than one card type emulator could be included. Other cards could
-be emulated as well, including PIV, newer versions of CAC, PKCS #15, etc.
-
---------------------
-Replacing the Socket Based Virtual Reader Interface.
-
-The current implementation contains a replaceable module vscclient.c. The
-current vscclient.c implements a sockets interface to the virtual ccid reader
-on the guest. CCID commands that are pertinent to emulation are passed
-across the socket, and their responses are passed back along that same socket.
-The protocol that vscclient uses is defined in vscard_common.h and connects
-to a qemu ccid usb device. Since this socket runs as a client, vscclient.c
-implements a program with a main entry. It also handles argument parsing for
-the emulator.
-
-An application that wants to use the virtual reader can replace vscclient.c
-with its own implementation that connects to its own CCID reader. The calls
-that the CCID reader can call are:
-
- VReaderList * vreader_get_reader_list();
-
- This function returns a list of virtual readers. These readers may map to
- physical devices, or simulated devices depending on vcard the back end. Each
- reader in the list should represent a reader to the virtual machine. Virtual
- USB address mapping is left to the CCID reader front end. This call can be
- made any time to get an updated list. The returned list is a copy of the
- internal list that can be referenced by the caller without locking. This copy
- must be freed by the caller with vreader_list_delete when it is no longer
- needed.
-
- VReaderListEntry *vreader_list_get_first(VReaderList *);
-
- This function gets the first entry on the reader list. Along with
- vreader_list_get_next(), vreader_list_get_first() can be used to walk the
- reader list returned from vreader_get_reader_list(). VReaderListEntries are
- part of the list themselves and do not need to be freed separately from the
- list. If there are no entries on the list, it will return NULL.
-
- VReaderListEntry *vreader_list_get_next(VReaderListEntry *);
-
- This function gets the next entry in the list. If there are no more entries
- it will return NULL.
-
- VReader * vreader_list_get_reader(VReaderListEntry *)
-
- This function returns the reader stored in the reader List entry. Caller gets
- a new reference to a reader. The caller must free its reference when it is
- finished with vreader_free().
-
- void vreader_free(VReader *reader);
-
- This function frees a reference to a reader. Readers are reference counted
- and are automatically deleted when the last reference is freed.
-
- void vreader_list_delete(VReaderList *list);
-
- This function frees the list, all the elements on the list, and all the
- reader references held by the list.
-
- VReaderStatus vreader_power_on(VReader *reader, char *atr, int *len);
-
- This function simulates a card power on. A virtual card does not care about
- the actual voltage and other physical parameters, but it does care that the
- card is actually on or off. Cycling the card causes the card to reset. If
- the caller provides enough space, vreader_power_on will return the ATR of
- the virtual card. The amount of space provided in atr should be indicated
- in *len. The function modifies *len to be the actual length of of the
- returned ATR.
-
- VReaderStatus vreader_power_off(VReader *reader);
-
- This function simulates a power off of a virtual card.
-
- VReaderStatus vreader_xfer_bytes(VReader *reader, unsigne char *send_buf,
- int send_buf_len,
- unsigned char *receive_buf,
- int receive_buf_len);
-
- This function sends a raw apdu to a card and returns the card's response.
- The CCID front end should return the response back. Most of the emulation
- is driven from these APDUs.
-
- VReaderStatus vreader_card_is_present(VReader *reader);
-
- This function returns whether or not the reader has a card inserted. The
- vreader_power_on, vreader_power_off, and vreader_xfer_bytes will return
- VREADER_NO_CARD.
-
- const char *vreader_get_name(VReader *reader);
-
- This function returns the name of the reader. The name comes from the card
- emulator level and is usually related to the name of the physical reader.
-
- VReaderID vreader_get_id(VReader *reader);
-
- This function returns the id of a reader. All readers start out with an id
- of -1. The application can set the id with vreader_set_id.
-
- VReaderStatus vreader_get_id(VReader *reader, VReaderID id);
-
- This function sets the reader id. The application is responsible for making
- sure that the id is unique for all readers it is actively using.
-
- VReader *vreader_find_reader_by_id(VReaderID id);
-
- This function returns the reader which matches the id. If two readers match,
- only one is returned. The function returns NULL if the id is -1.
-
- Event *vevent_wait_next_vevent();
-
- This function blocks waiting for reader and card insertion events. There
- will be one event for each card insertion, each card removal, each reader
- insertion and each reader removal. At start up, events are created for all
- the initial readers found, as well as all the cards that are inserted.
-
- Event *vevent_get_next_vevent();
-
- This function returns a pending event if it exists, otherwise it returns
- NULL. It does not block.
-
-----------------
-Card Type Emulator: Adding a New Virtual Card Type
-
-The ISO 7816 card spec describes 2 types of cards:
- 1) File system cards, where the smartcard is managed by reading and writing
-data to files in a file system. There is currently only boiler plate
-implemented for file system cards.
- 2) VM cards, where the card has loadable applets which perform the card
-functions. The current implementation supports VM cards.
-
-In the case of VM cards, the difference between various types of cards is
-really what applets have been installed in that card. This structure is
-mirrored in card type emulators. The 7816 emulator already handles the basic
-ISO 7186 commands. Card type emulators simply need to add the virtual applets
-which emulate the real card applets. Card type emulators have exactly one
-public entry point:
-
- VCARDStatus xxx_card_init(VCard *card, const char *flags,
- const unsigned char *cert[],
- int cert_len[],
- VCardKey *key[],
- int cert_count);
-
- The parameters for this are:
- card - the virtual card structure which will represent this card.
- flags - option flags that may be specific to this card type.
- cert - array of binary certificates.
- cert_len - array of lengths of each of the certificates specified in cert.
- key - array of opaque key structures representing the private keys on
- the card.
- cert_count - number of entries in cert, cert_len, and key arrays.
-
- Any cert, cert_len, or key with the same index are matching sets. That is
- cert[0] is cert_len[0] long and has the corresponding private key of key[0].
-
-The card type emulator is expected to own the VCardKeys, but it should copy
-any raw cert data it wants to save. It can create new applets and add them to
-the card using the following functions:
-
- VCardApplet *vcard_new_applet(VCardProcessAPDU apdu_func,
- VCardResetApplet reset_func,
- const unsigned char *aid,
- int aid_len);
-
- This function creates a new applet. Applet structures store the following
- information:
- 1) the AID of the applet (set by aid and aid_len).
- 2) a function to handle APDUs for this applet. (set by apdu_func, more on
- this below).
- 3) a function to reset the applet state when the applet is selected.
- (set by reset_func, more on this below).
- 3) applet private data, a data pointer used by the card type emulator to
- store any data or state it needs to complete requests. (set by a
- separate call).
- 4) applet private data free, a function used to free the applet private
- data when the applet itself is destroyed.
- The created applet can be added to the card with vcard_add_applet below.
-
- void vcard_set_applet_private(VCardApplet *applet,
- VCardAppletPrivate *private,
- VCardAppletPrivateFree private_free);
- This function sets the private data and the corresponding free function.
- VCardAppletPrivate is an opaque data structure to the rest of the emulator.
- The card type emulator can define it any way it wants by defining
- struct VCardAppletPrivateStruct {};. If there is already a private data
- structure on the applet, the old one is freed before the new one is set up.
- passing two NULL clear any existing private data.
-
- VCardStatus vcard_add_applet(VCard *card, VCardApplet *applet);
-
- Add an applet onto the list of applets attached to the card. Once an applet
- has been added, it can be selected by its AID, and then commands will be
- routed to it VCardProcessAPDU function. This function adopts the applet that
- is passed into it. Note: 2 applets with the same AID should not be added to
- the same card. It is permissible to add more than one applet. Multiple
applets
- may have the same VCardPRocessAPDU entry point.
-
-The certs and keys should be attached to private data associated with one or
-more appropriate applets for that card. Control will come to the card type
-emulators once one of its applets are selected through the VCardProcessAPDU
-function it specified when it created the applet.
-
-The signature of VCardResetApplet is:
- VCardStatus (*VCardResetApplet) (VCard *card, int channel);
- This function will reset the any internal applet state that needs to be
- cleared after a select applet call. It should return VCARD_DONE;
-
-The signature of VCardProcessAPDU is:
- VCardStatus (*VCardProcessAPDU)(VCard *card, VCardAPDU *apdu,
- VCardResponse **response);
- This function examines the APDU and determines whether it should process
- the apdu directly, reject the apdu as invalid, or pass the apdu on to
- the basic 7816 emulator for processing.
- If the 7816 emulator should process the apdu, then the VCardProcessAPDU
- should return VCARD_NEXT.
- If there is an error, then VCardProcessAPDU should return an error
- response using vcard_make_response and the appropriate 7816 error code
- (see card_7816t.h) or vcard_make_response with a card type specific error
- code. It should then return VCARD_DONE.
- If the apdu can be processed correctly, VCardProcessAPDU should do so,
- set the response value appropriately for that APDU, and return VCARD_DONE.
- VCardProcessAPDU should always set the response if it returns VCARD_DONE.
- It should always either return VCARD_DONE or VCARD_NEXT.
-
-Parsing the APDU --
-
-Prior to processing calling the card type emulator's VCardProcessAPDU
function, the emulator has already decoded the APDU header and set several
fields:
-
- apdu->a_data - The raw apdu data bytes.
- apdu->a_len - The len of the raw apdu data.
- apdu->a_body - The start of any post header parameter data.
- apdu->a_Lc - The parameter length value.
- apdu->a_Le - The expected length of any returned data.
- apdu->a_cla - The raw apdu class.
- apdu->a_channel - The channel (decoded from the class).
- apdu->a_secure_messaging_type - The decoded secure messaging type
- (from class).
- apdu->a_type - The decode class type.
- apdu->a_gen_type - the generic class type (7816, PROPRIETARY, RFU, PTS).
- apdu->a_ins - The instruction byte.
- apdu->a_p1 - Parameter 1.
- apdu->a_p2 - Parameter 2.
-
-Creating a Response --
-
-The expected result of any APDU call is a response. The card type emulator must
-set *response with an appropriate VCardResponse value if it returns VCARD_DONE.
-Responses could be as simple as returning a 2 byte status word response, to as
-complex as returning a block of data along with a 2 byte response. Which is
-returned will depend on the semantics of the APDU. The following functions will
-create card responses.
-
- VCardResponse *vcard_make_response(VCard7816Status status);
-
- This is the most basic function to get a response. This function will
- return a response the consists solely one 2 byte status code. If that
status
- code is defined in card_7816t.h, then this function is guaranteed to
- return a response with that status. If a cart type specific status code
- is passed and vcard_make_response fails to allocate the appropriate memory
- for that response, then vcard_make_response will return a VCardResponse
- of VCARD7816_STATUS_EXC_ERROR_MEMORY. In any case, this function is
- guaranteed to return a valid VCardResponse.
-
- VCardResponse *vcard_response_new(unsigned char *buf, int len,
- VCard7816Status status);
-
- This function is similar to vcard_make_response except it includes some
- returned data with the response. It could also fail to allocate enough
- memory, in which case it will return NULL.
-
- VCardResponse *vcard_response_new_status_bytes(unsigned char sw1,
- unsigned char sw2);
-
- Sometimes in 7816 the response bytes are treated as two separate bytes with
- split meanings. This function allows you to create a response based on
- two separate bytes. This function could fail, in which case it will return
- NULL.
-
- VCardResponse *vcard_response_new_bytes(unsigned char *buf, int len,
- unsigned char sw1,
- unsigned char sw2);
-
- This function is the same as vcard_response_new except you may specify
- the status as two separate bytes like vcard_response_new_status_bytes.
-
-
-Implementing functionality ---
-
-The following helper functions access information about the current card
-and applet.
-
- VCARDAppletPrivate *vcard_get_current_applet_private(VCard *card,
- int channel);
-
- This function returns any private data set by the card type emulator on
- the currently selected applet. The card type emulator keeps track of the
- current applet state in this data structure. Any certs and keys associated
- with a particular applet is also stored here.
-
- int vcard_emul_get_login_count(VCard *card);
-
- This function returns the the number of remaining login attempts for this
- card. If the card emulator does not know, or the card does not have a
- way of giving this information, this function returns -1.
-
-
- VCard7816Status vcard_emul_login(VCard *card, unsigned char *pin,
- int pin_len);
-
- This function logs into the card and returns the standard 7816 status
- word depending on the success or failure of the call.
-
- void vcard_emul_delete_key(VCardKey *key);
-
- This function frees the VCardKey passed in to xxxx_card_init. The card
- type emulator is responsible for freeing this key when it no longer needs
- it.
-
- VCard7816Status vcard_emul_rsa_op(VCard *card, VCardKey *key,
- unsigned char *buffer,
- int buffer_size);
-
- This function does a raw rsa op on the buffer with the given key.
-
-The sample card type emulator is found in cac.c. It implements the cac specific
-applets. Only those applets needed by the coolkey pkcs#11 driver on the guest
-have been implemented. To support the full range CAC middleware, a complete CAC
-card according to the CAC specs should be implemented here.
-
-------------------------------
-Virtual Card Emulator
-
-This code accesses both real smart cards and simulated smart cards through
-services provided on the client. The current implementation uses NSS, which
-already knows how to talk to various PKCS #11 modules on the client, and is
-portable to most operating systems. A particular emulator can have only one
-virtual card implementation at a time.
-
-The virtual card emulator consists of a series of virtual card services. In
-addition to the services describe above (services starting with
-vcard_emul_xxxx), the virtual card emulator also provides the following
-functions:
-
- VCardEmulError vcard_emul_init(cont VCardEmulOptions *options);
-
- The options structure is built by another function in the virtual card
- interface where a string of virtual card emulator specific strings are
- mapped to the options. The actual structure is defined by the virtual card
- emulator and is used to determine the configuration of soft cards, or to
- determine which physical cards to present to the guest.
-
- The vcard_emul_init function will build up sets of readers, create any
- threads that are needed to watch for changes in the reader state. If readers
- have cards present in them, they are also initialized.
-
- Readers are created with the function.
-
- VReader *vreader_new(VReaderEmul *reader_emul,
- VReaderEmulFree reader_emul_free);
-
- The freeFunc is used to free the VReaderEmul * when the reader is
- destroyed. The VReaderEmul structure is an opaque structure to the
- rest of the code, but defined by the virtual card emulator, which can
- use it to store any reader specific state.
-
- Once the reader has been created, it can be added to the front end with the
- call:
-
- VReaderStatus vreader_add_reader(VReader *reader);
-
- This function will automatically generate the appropriate new reader
- events and add the reader to the list.
-
- To create a new card, the virtual card emulator will call a similar
- function.
-
- VCard *vcard_new(VCardEmul *card_emul,
- VCardEmulFree card_emul_free);
-
- Like vreader_new, this function takes a virtual card emulator specific
- structure which it uses to keep track of the card state.
-
- Once the card is created, it is attached to a card type emulator with the
- following function:
-
- VCardStatus vcard_init(VCard *vcard, VCardEmulType type,
- const char *flags,
- unsigned char *const *certs,
- int *cert_len,
- VCardKey *key[],
- int cert_count);
-
- The vcard is the value returned from vcard_new. The type is the
- card type emulator that this card should presented to the guest as.
- The flags are card type emulator specific options. The certs,
- cert_len, and keys are all arrays of length cert_count. These are the
- the same of the parameters xxxx_card_init() accepts.
-
- Finally the card is associated with its reader by the call:
-
- VReaderStatus vreader_insert_card(VReader *vreader, VCard *vcard);
-
- This function, like vreader_add_reader, will take care of any event
- notification for the card insert.
-
-
- VCardEmulError vcard_emul_force_card_remove(VReader *vreader);
-
- Force a card that is present to appear to be removed to the guest, even if
- that card is a physical card and is present.
-
-
- VCardEmulError vcard_emul_force_card_insert(VReader *reader);
-
- Force a card that has been removed by vcard_emul_force_card_remove to be
- reinserted from the point of view of the guest. This will only work if the
- card is physically present (which is always true fro a soft card).
-
- void vcard_emul_get_atr(Vcard *card, unsigned char *atr, int *atr_len);
-
- Return the virtual ATR for the card. By convention this should be the value
- VCARD_ATR_PREFIX(size) followed by several ascii bytes related to this
- particular emulator. For instance the NSS emulator returns
- {VCARD_ATR_PREFIX(3), 'N', 'S', 'S' }. Do ot return more data then *atr_len;
-
- void vcard_emul_reset(VCard *card, VCardPower power)
-
- Set the state of 'card' to the current power level and reset its internal
- state (logout, etc).
-
--------------------------------------------------------
-List of files and their function:
-README - This file
-card_7816.c - emulate basic 7816 functionality. Parse APDUs.
-card_7816.h - apdu and response services definitions.
-card_7816t.h - 7816 specific structures, types and definitions.
-event.c - event handling code.
-event.h - event handling services definitions.
-eventt.h - event handling structures and types
-vcard.c - handle common virtual card services like creation, destruction, and
- applet management.
-vcard.h - common virtual card services function definitions.
-vcardt.h - comon virtual card types
-vreader.c - common virtual reader services.
-vreader.h - common virtual reader services definitions.
-vreadert.h - comon virtual reader types.
-vcard_emul_type.c - manage the card type emulators.
-vcard_emul_type.h - definitions for card type emulators.
-cac.c - card type emulator for CAC cards
-vcard_emul.h - virtual card emulator service definitions.
-vcard_emul_nss.c - virtual card emulator implementation for nss.
-vscclient.c - socket connection to guest qemu usb driver.
-vscard_common.h - common header with the guest qemu usb driver.
-mutex.h - header file for machine independent mutexes.
-link_test.c - static test to make sure all the symbols are properly defined.
diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs
index 7443e38..f0b9588 100644
--- a/hw/usb/Makefile.objs
+++ b/hw/usb/Makefile.objs
@@ -24,8 +24,7 @@ common-obj-$(CONFIG_USB_BLUETOOTH) += dev-bluetooth.o
ifeq ($(CONFIG_USB_SMARTCARD),y)
common-obj-y += dev-smartcard-reader.o
common-obj-y += ccid-card-passthru.o
-common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
-ccid-card-emulated.o-cflags := -I$(SRC_PATH)/libcacard
+common-obj-$(CONFIG_SMARTCARD) += ccid-card-emulated.o
endif
ifeq ($(CONFIG_POSIX),y)
diff --git a/hw/usb/ccid-card-passthru.c b/hw/usb/ccid-card-passthru.c
index 85a4fc3..9f49c05 100644
--- a/hw/usb/ccid-card-passthru.c
+++ b/hw/usb/ccid-card-passthru.c
@@ -12,7 +12,7 @@
#include "qemu/error-report.h"
#include "qemu/sockets.h"
#include "ccid.h"
-#include "libcacard/vscard_common.h"
+#include "cacard/vscard_common.h"
#define DPRINTF(card, lvl, fmt, ...) \
do { \
diff --git a/libcacard/Makefile b/libcacard/Makefile
deleted file mode 100644
index b5eddff..0000000
--- a/libcacard/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
-libcacard_includedir=$(includedir)/cacard
-
-TOOLS += vscclient$(EXESUF)
-
-# objects linked into a shared library, built with libtool with -fPIC if
required
-libcacard-obj-y = $(libcacard-y)
-libcacard-lobj-y=$(patsubst %.o,%.lo,$(libcacard-obj-y))
-
-# libtool will build the .o files, too
-$(libcacard-obj-y): | $(libcacard-lobj-y)
-
-all: libcacard.la libcacard.pc
-
-vscclient$(EXESUF): libcacard/vscclient.o libcacard.la
- $(call LINK,$^)
-
-#########################################################################
-# Rules for building libcacard standalone library
-
-libcacard.la: LDFLAGS += -rpath $(libdir) -no-undefined \
- -export-symbols $(SRC_PATH)/libcacard/libcacard.syms
-# Prevent libcacard.so linking against the entire world of 3rd party libs
-libcacard.la: LIBS =
-libcacard.la: $(libcacard-lobj-y)
- $(call LINK,$^)
-
-libcacard.pc: $(SRC_PATH)/libcacard/libcacard.pc.in
- $(call quiet-command,sed -e 's|@LIBDIR@|$(libdir)|' \
- -e 's|@INCLUDEDIR@|$(libcacard_includedir)|' \
- -e 's|@VERSION@|$(shell cat $(SRC_PATH)/VERSION)|' \
- -e 's|@PREFIX@|$(prefix)|' $< > libcacard.pc,\
- " GEN $@")
-
-.PHONY: install-libcacard
-
-install: install-libcacard
-install-libcacard: libcacard.pc libcacard.la
- $(INSTALL_DIR) "$(DESTDIR)$(libdir)"
- $(INSTALL_DIR) "$(DESTDIR)$(libdir)/pkgconfig"
- $(INSTALL_DIR) "$(DESTDIR)$(libcacard_includedir)"
- $(INSTALL_LIB) libcacard.la "$(DESTDIR)$(libdir)"
- $(INSTALL_DATA) libcacard.pc "$(DESTDIR)$(libdir)/pkgconfig"
- for inc in $(SRC_PATH)/libcacard/*.h; do \
- $(INSTALL_DATA) $$inc "$(DESTDIR)$(libcacard_includedir)"; \
- done
diff --git a/libcacard/cac.c b/libcacard/cac.c
deleted file mode 100644
index bc84534..0000000
--- a/libcacard/cac.c
+++ /dev/null
@@ -1,414 +0,0 @@
-/*
- * implement the applets for the CAC card.
- *
- * This code is licensed under the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include "glib-compat.h"
-
-#include <string.h>
-#include <stdbool.h>
-
-#include "cac.h"
-#include "vcard.h"
-#include "vcard_emul.h"
-#include "card_7816.h"
-
-/* private data for PKI applets */
-typedef struct CACPKIAppletDataStruct {
- unsigned char *cert;
- int cert_len;
- unsigned char *cert_buffer;
- int cert_buffer_len;
- unsigned char *sign_buffer;
- int sign_buffer_len;
- VCardKey *key;
-} CACPKIAppletData;
-
-/*
- * CAC applet private data
- */
-struct VCardAppletPrivateStruct {
- union {
- CACPKIAppletData pki_data;
- void *reserved;
- } u;
-};
-
-/*
- * handle all the APDU's that are common to all CAC applets
- */
-static VCardStatus
-cac_common_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response)
-{
- int ef;
- VCardStatus ret = VCARD_FAIL;
-
- switch (apdu->a_ins) {
- case VCARD7816_INS_SELECT_FILE:
- if (apdu->a_p1 != 0x02) {
- /* let the 7816 code handle applet switches */
- ret = VCARD_NEXT;
- break;
- }
- /* handle file id setting */
- if (apdu->a_Lc != 2) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_DATA_INVALID);
- ret = VCARD_DONE;
- break;
- }
- /* CAC 1.0 only supports ef = 0 */
- ef = apdu->a_body[0] | (apdu->a_body[1] << 8);
- if (ef != 0) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_FILE_NOT_FOUND);
- ret = VCARD_DONE;
- break;
- }
- *response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
- ret = VCARD_DONE;
- break;
- case VCARD7816_INS_GET_RESPONSE:
- case VCARD7816_INS_VERIFY:
- /* let the 7816 code handle these */
- ret = VCARD_NEXT;
- break;
- case CAC_GET_PROPERTIES:
- case CAC_GET_ACR:
- /* skip these for now, this will probably be needed */
- *response =
vcard_make_response(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
- ret = VCARD_DONE;
- break;
- default:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- ret = VCARD_DONE;
- break;
- }
- return ret;
-}
-
-/*
- * reset the inter call state between applet selects
- */
-static VCardStatus
-cac_applet_pki_reset(VCard *card, int channel)
-{
- VCardAppletPrivate *applet_private;
- CACPKIAppletData *pki_applet;
- applet_private = vcard_get_current_applet_private(card, channel);
- assert(applet_private);
- pki_applet = &(applet_private->u.pki_data);
-
- pki_applet->cert_buffer = NULL;
- g_free(pki_applet->sign_buffer);
- pki_applet->sign_buffer = NULL;
- pki_applet->cert_buffer_len = 0;
- pki_applet->sign_buffer_len = 0;
- return VCARD_DONE;
-}
-
-static VCardStatus
-cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- CACPKIAppletData *pki_applet;
- VCardAppletPrivate *applet_private;
- int size, next;
- unsigned char *sign_buffer;
- bool retain_sign_buffer = FALSE;
- vcard_7816_status_t status;
- VCardStatus ret = VCARD_FAIL;
-
- applet_private = vcard_get_current_applet_private(card, apdu->a_channel);
- assert(applet_private);
- pki_applet = &(applet_private->u.pki_data);
-
- switch (apdu->a_ins) {
- case CAC_UPDATE_BUFFER:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
- ret = VCARD_DONE;
- break;
- case CAC_GET_CERTIFICATE:
- if ((apdu->a_p2 != 0) || (apdu->a_p1 != 0)) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
- break;
- }
- assert(pki_applet->cert != NULL);
- size = apdu->a_Le;
- if (pki_applet->cert_buffer == NULL) {
- pki_applet->cert_buffer = pki_applet->cert;
- pki_applet->cert_buffer_len = pki_applet->cert_len;
- }
- size = MIN(size, pki_applet->cert_buffer_len);
- next = MIN(255, pki_applet->cert_buffer_len - size);
- *response = vcard_response_new_bytes(
- card, pki_applet->cert_buffer, size,
- apdu->a_Le, next ?
- VCARD7816_SW1_WARNING_CHANGE :
- VCARD7816_SW1_SUCCESS,
- next);
- pki_applet->cert_buffer += size;
- pki_applet->cert_buffer_len -= size;
- if ((*response == NULL) || (next == 0)) {
- pki_applet->cert_buffer = NULL;
- }
- if (*response == NULL) {
- *response = vcard_make_response(
- VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- }
- ret = VCARD_DONE;
- break;
- case CAC_SIGN_DECRYPT:
- if (apdu->a_p2 != 0) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
- break;
- }
- size = apdu->a_Lc;
-
- sign_buffer = g_realloc(pki_applet->sign_buffer,
- pki_applet->sign_buffer_len + size);
- memcpy(sign_buffer+pki_applet->sign_buffer_len, apdu->a_body, size);
- size += pki_applet->sign_buffer_len;
- switch (apdu->a_p1) {
- case 0x80:
- /* p1 == 0x80 means we haven't yet sent the whole buffer, wait for
- * the rest */
- pki_applet->sign_buffer = sign_buffer;
- pki_applet->sign_buffer_len = size;
- *response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
- retain_sign_buffer = TRUE;
- break;
- case 0x00:
- /* we now have the whole buffer, do the operation, result will be
- * in the sign_buffer */
- status = vcard_emul_rsa_op(card, pki_applet->key,
- sign_buffer, size);
- if (status != VCARD7816_STATUS_SUCCESS) {
- *response = vcard_make_response(status);
- break;
- }
- *response = vcard_response_new(card, sign_buffer, size, apdu->a_Le,
- VCARD7816_STATUS_SUCCESS);
- if (*response == NULL) {
- *response = vcard_make_response(
- VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- }
- break;
- default:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
- break;
- }
- if (!retain_sign_buffer) {
- g_free(sign_buffer);
- pki_applet->sign_buffer = NULL;
- pki_applet->sign_buffer_len = 0;
- }
- ret = VCARD_DONE;
- break;
- case CAC_READ_BUFFER:
- /* new CAC call, go ahead and use the old version for now */
- /* TODO: implement */
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- ret = VCARD_DONE;
- break;
- default:
- ret = cac_common_process_apdu(card, apdu, response);
- break;
- }
- return ret;
-}
-
-
-static VCardStatus
-cac_applet_id_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- VCardStatus ret = VCARD_FAIL;
-
- switch (apdu->a_ins) {
- case CAC_UPDATE_BUFFER:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
- ret = VCARD_DONE;
- break;
- case CAC_READ_BUFFER:
- /* new CAC call, go ahead and use the old version for now */
- /* TODO: implement */
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- ret = VCARD_DONE;
- break;
- default:
- ret = cac_common_process_apdu(card, apdu, response);
- break;
- }
- return ret;
-}
-
-
-/*
- * TODO: if we ever want to support general CAC middleware, we will need to
- * implement the various containers.
- */
-static VCardStatus
-cac_applet_container_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- VCardStatus ret = VCARD_FAIL;
-
- switch (apdu->a_ins) {
- case CAC_READ_BUFFER:
- case CAC_UPDATE_BUFFER:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- ret = VCARD_DONE;
- break;
- default:
- ret = cac_common_process_apdu(card, apdu, response);
- break;
- }
- return ret;
-}
-
-/*
- * utilities for creating and destroying the private applet data
- */
-static void
-cac_delete_pki_applet_private(VCardAppletPrivate *applet_private)
-{
- CACPKIAppletData *pki_applet_data;
-
- if (applet_private == NULL) {
- return;
- }
- pki_applet_data = &(applet_private->u.pki_data);
- g_free(pki_applet_data->cert);
- g_free(pki_applet_data->sign_buffer);
- if (pki_applet_data->key != NULL) {
- vcard_emul_delete_key(pki_applet_data->key);
- }
- g_free(applet_private);
-}
-
-static VCardAppletPrivate *
-cac_new_pki_applet_private(const unsigned char *cert,
- int cert_len, VCardKey *key)
-{
- CACPKIAppletData *pki_applet_data;
- VCardAppletPrivate *applet_private;
-
- applet_private = g_new0(VCardAppletPrivate, 1);
- pki_applet_data = &(applet_private->u.pki_data);
- pki_applet_data->cert = (unsigned char *)g_malloc(cert_len+1);
- /*
- * if we want to support compression, then we simply change the 0 to a 1
- * and compress the cert data with libz
- */
- pki_applet_data->cert[0] = 0; /* not compressed */
- memcpy(&pki_applet_data->cert[1], cert, cert_len);
- pki_applet_data->cert_len = cert_len+1;
-
- pki_applet_data->key = key;
- return applet_private;
-}
-
-
-/*
- * create a new cac applet which links to a given cert
- */
-static VCardApplet *
-cac_new_pki_applet(int i, const unsigned char *cert,
- int cert_len, VCardKey *key)
-{
- VCardAppletPrivate *applet_private;
- VCardApplet *applet;
- unsigned char pki_aid[] = { 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 };
- int pki_aid_len = sizeof(pki_aid);
-
- pki_aid[pki_aid_len-1] = i;
-
- applet_private = cac_new_pki_applet_private(cert, cert_len, key);
- if (applet_private == NULL) {
- goto failure;
- }
- applet = vcard_new_applet(cac_applet_pki_process_apdu,
cac_applet_pki_reset,
- pki_aid, pki_aid_len);
- if (applet == NULL) {
- goto failure;
- }
- vcard_set_applet_private(applet, applet_private,
- cac_delete_pki_applet_private);
- applet_private = NULL;
-
- return applet;
-
-failure:
- if (applet_private != NULL) {
- cac_delete_pki_applet_private(applet_private);
- }
- return NULL;
-}
-
-
-static unsigned char cac_default_container_aid[] = {
- 0xa0, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00 };
-static unsigned char cac_id_aid[] = {
- 0xa0, 0x00, 0x00, 0x00, 0x79, 0x03, 0x00 };
-/*
- * Initialize the cac card. This is the only public function in this file. All
- * the rest are connected through function pointers.
- */
-VCardStatus
-cac_card_init(VReader *reader, VCard *card,
- const char *params,
- unsigned char * const *cert,
- int cert_len[],
- VCardKey *key[] /* adopt the keys*/,
- int cert_count)
-{
- int i;
- VCardApplet *applet;
-
- /* CAC Cards are VM Cards */
- vcard_set_type(card, VCARD_VM);
-
- /* create one PKI applet for each cert */
- for (i = 0; i < cert_count; i++) {
- applet = cac_new_pki_applet(i, cert[i], cert_len[i], key[i]);
- if (applet == NULL) {
- goto failure;
- }
- vcard_add_applet(card, applet);
- }
-
- /* create a default blank container applet */
- applet = vcard_new_applet(cac_applet_container_process_apdu,
- NULL, cac_default_container_aid,
- sizeof(cac_default_container_aid));
- if (applet == NULL) {
- goto failure;
- }
- vcard_add_applet(card, applet);
-
- /* create a default blank container applet */
- applet = vcard_new_applet(cac_applet_id_process_apdu,
- NULL, cac_id_aid,
- sizeof(cac_id_aid));
- if (applet == NULL) {
- goto failure;
- }
- vcard_add_applet(card, applet);
- return VCARD_DONE;
-
-failure:
- return VCARD_FAIL;
-}
-
diff --git a/libcacard/cac.h b/libcacard/cac.h
deleted file mode 100644
index d24a2a8..0000000
--- a/libcacard/cac.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * defines the entry point for the cac card. Only used by cac.c anc
- * vcard_emul_type.c
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef CAC_H
-#define CAC_H 1
-#include "vcard.h"
-#include "vreader.h"
-
-#define CAC_GET_PROPERTIES 0x56
-#define CAC_GET_ACR 0x4c
-#define CAC_READ_BUFFER 0x52
-#define CAC_UPDATE_BUFFER 0x58
-#define CAC_SIGN_DECRYPT 0x42
-#define CAC_GET_CERTIFICATE 0x36
-
-/*
- * Initialize the cac card. This is the only public function in this file. All
- * the rest are connected through function pointers.
- */
-VCardStatus cac_card_init(VReader *reader, VCard *card, const char *params,
- unsigned char * const *cert, int cert_len[],
- VCardKey *key[] /* adopt the keys*/,
- int cert_count);
-
-/* not yet implemented */
-VCardStatus cac_is_cac_card(VReader *reader);
-#endif
diff --git a/libcacard/card_7816.c b/libcacard/card_7816.c
deleted file mode 100644
index 22fd334..0000000
--- a/libcacard/card_7816.c
+++ /dev/null
@@ -1,757 +0,0 @@
-/*
- * Implement the 7816 portion of the card spec
- *
- * This code is licensed under the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include "glib-compat.h"
-
-#include <string.h>
-
-#include "vcard.h"
-#include "vcard_emul.h"
-#include "card_7816.h"
-
-/*
- * set the status bytes based on the status word
- */
-static void
-vcard_response_set_status(VCardResponse *response, vcard_7816_status_t status)
-{
- unsigned char sw1, sw2;
- response->b_status = status; /* make sure the status and swX
representations
- * are consistent */
- sw1 = (status >> 8) & 0xff;
- sw2 = status & 0xff;
- response->b_sw1 = sw1;
- response->b_sw2 = sw2;
- response->b_data[response->b_len] = sw1;
- response->b_data[response->b_len+1] = sw2;
-}
-
-/*
- * set the status bytes in a response buffer
- */
-static void
-vcard_response_set_status_bytes(VCardResponse *response,
- unsigned char sw1, unsigned char sw2)
-{
- response->b_status = sw1 << 8 | sw2;
- response->b_sw1 = sw1;
- response->b_sw2 = sw2;
- response->b_data[response->b_len] = sw1;
- response->b_data[response->b_len+1] = sw2;
-}
-
-/*
- * allocate a VCardResponse structure, plus space for the data buffer, and
- * set up everything but the resonse bytes.
- */
-VCardResponse *
-vcard_response_new_data(unsigned char *buf, int len)
-{
- VCardResponse *new_response;
-
- new_response = g_new(VCardResponse, 1);
- new_response->b_data = g_malloc(len + 2);
- memcpy(new_response->b_data, buf, len);
- new_response->b_total_len = len+2;
- new_response->b_len = len;
- new_response->b_type = VCARD_MALLOC;
- return new_response;
-}
-
-static VCardResponse *
-vcard_init_buffer_response(VCard *card, unsigned char *buf, int len)
-{
- VCardResponse *response;
- VCardBufferResponse *buffer_response;
-
- buffer_response = vcard_get_buffer_response(card);
- if (buffer_response) {
- vcard_set_buffer_response(card, NULL);
- vcard_buffer_response_delete(buffer_response);
- }
- buffer_response = vcard_buffer_response_new(buf, len);
- if (buffer_response == NULL) {
- return NULL;
- }
- response = vcard_response_new_status_bytes(VCARD7816_SW1_RESPONSE_BYTES,
- len > 255 ? 0 : len);
- if (response == NULL) {
- return NULL;
- }
- vcard_set_buffer_response(card, buffer_response);
- return response;
-}
-
-/*
- * general buffer to hold results from APDU calls
- */
-VCardResponse *
-vcard_response_new(VCard *card, unsigned char *buf,
- int len, int Le, vcard_7816_status_t status)
-{
- VCardResponse *new_response;
-
- if (len > Le) {
- return vcard_init_buffer_response(card, buf, len);
- }
- new_response = vcard_response_new_data(buf, len);
- if (new_response == NULL) {
- return NULL;
- }
- vcard_response_set_status(new_response, status);
- return new_response;
-}
-
-/*
- * general buffer to hold results from APDU calls
- */
-VCardResponse *
-vcard_response_new_bytes(VCard *card, unsigned char *buf, int len, int Le,
- unsigned char sw1, unsigned char sw2)
-{
- VCardResponse *new_response;
-
- if (len > Le) {
- return vcard_init_buffer_response(card, buf, len);
- }
- new_response = vcard_response_new_data(buf, len);
- if (new_response == NULL) {
- return NULL;
- }
- vcard_response_set_status_bytes(new_response, sw1, sw2);
- return new_response;
-}
-
-/*
- * get a new Response buffer that only has a status.
- */
-static VCardResponse *
-vcard_response_new_status(vcard_7816_status_t status)
-{
- VCardResponse *new_response;
-
- new_response = g_new(VCardResponse, 1);
- new_response->b_data = &new_response->b_sw1;
- new_response->b_len = 0;
- new_response->b_total_len = 2;
- new_response->b_type = VCARD_MALLOC_STRUCT;
- vcard_response_set_status(new_response, status);
- return new_response;
-}
-
-/*
- * same as above, but specify the status as separate bytes
- */
-VCardResponse *
-vcard_response_new_status_bytes(unsigned char sw1, unsigned char sw2)
-{
- VCardResponse *new_response;
-
- new_response = g_new(VCardResponse, 1);
- new_response->b_data = &new_response->b_sw1;
- new_response->b_len = 0;
- new_response->b_total_len = 2;
- new_response->b_type = VCARD_MALLOC_STRUCT;
- vcard_response_set_status_bytes(new_response, sw1, sw2);
- return new_response;
-}
-
-
-/*
- * free the response buffer. The Buffer has a type to handle the buffer
- * allocated in other ways than through malloc.
- */
-void
-vcard_response_delete(VCardResponse *response)
-{
- if (response == NULL) {
- return;
- }
- switch (response->b_type) {
- case VCARD_MALLOC:
- /* everything was malloc'ed */
- g_free(response->b_data);
- g_free(response);
- break;
- case VCARD_MALLOC_DATA:
- /* only the data buffer was malloc'ed */
- g_free(response->b_data);
- break;
- case VCARD_MALLOC_STRUCT:
- /* only the structure was malloc'ed */
- g_free(response);
- break;
- case VCARD_STATIC:
- break;
- }
-}
-
-/*
- * decode the class bit and set our generic type field, channel, and
- * secure messaging values.
- */
-static vcard_7816_status_t
-vcard_apdu_set_class(VCardAPDU *apdu) {
- apdu->a_channel = 0;
- apdu->a_secure_messaging = 0;
- apdu->a_type = apdu->a_cla & 0xf0;
- apdu->a_gen_type = VCARD_7816_ISO;
-
- /* parse the class tables 8 & 9 of the 7816-4 Part 4 spec */
- switch (apdu->a_type) {
- /* we only support the basic types */
- case 0x00:
- case 0x80:
- case 0x90:
- case 0xa0:
- apdu->a_channel = apdu->a_cla & 3;
- apdu->a_secure_messaging = apdu->a_cla & 0xe;
- break;
- case 0xb0:
- case 0xc0:
- break;
-
- case 0x10:
- case 0x20:
- case 0x30:
- case 0x40:
- case 0x50:
- case 0x60:
- case 0x70:
- /* Reserved for future use */
- apdu->a_gen_type = VCARD_7816_RFU;
- break;
- case 0xd0:
- case 0xe0:
- case 0xf0:
- default:
- apdu->a_gen_type =
- (apdu->a_cla == 0xff) ? VCARD_7816_PTS : VCARD_7816_PROPRIETARY;
- break;
- }
- return VCARD7816_STATUS_SUCCESS;
-}
-
-/*
- * set the Le and Lc fields according to table 5 of the
- * 7816-4 part 4 spec
- */
-static vcard_7816_status_t
-vcard_apdu_set_length(VCardAPDU *apdu)
-{
- int L, Le;
-
- /* process according to table 5 of the 7816-4 Part 4 spec.
- * variable names match the variables in the spec */
- L = apdu->a_len-4; /* fixed APDU header */
- apdu->a_Lc = 0;
- apdu->a_Le = 0;
- apdu->a_body = NULL;
- switch (L) {
- case 0:
- /* 1 minimal apdu */
- return VCARD7816_STATUS_SUCCESS;
- case 1:
- /* 2S only return values apdu */
- /* zero maps to 256 here */
- apdu->a_Le = apdu->a_header->ah_Le ?
- apdu->a_header->ah_Le : 256;
- return VCARD7816_STATUS_SUCCESS;
- default:
- /* if the ah_Le byte is zero and we have more than
- * 1 byte in the header, then we must be using extended Le and Lc.
- * process the extended now. */
- if (apdu->a_header->ah_Le == 0) {
- if (L < 3) {
- /* coding error, need at least 3 bytes */
- return VCARD7816_STATUS_ERROR_WRONG_LENGTH;
- }
- /* calculate the first extended value. Could be either Le or Lc */
- Le = (apdu->a_header->ah_body[0] << 8)
- || apdu->a_header->ah_body[1];
- if (L == 3) {
- /* 2E extended, return data only */
- /* zero maps to 65536 */
- apdu->a_Le = Le ? Le : 65536;
- return VCARD7816_STATUS_SUCCESS;
- }
- if (Le == 0) {
- /* reserved for future use, probably for next time we need
- * to extend the lengths */
- return VCARD7816_STATUS_ERROR_WRONG_LENGTH;
- }
- /* we know that the first extended value is Lc now */
- apdu->a_Lc = Le;
- apdu->a_body = &apdu->a_header->ah_body[2];
- if (L == Le+3) {
- /* 3E extended, only body parameters */
- return VCARD7816_STATUS_SUCCESS;
- }
- if (L == Le+5) {
- /* 4E extended, parameters and return data */
- Le = (apdu->a_data[apdu->a_len-2] << 8)
- || apdu->a_data[apdu->a_len-1];
- apdu->a_Le = Le ? Le : 65536;
- return VCARD7816_STATUS_SUCCESS;
- }
- return VCARD7816_STATUS_ERROR_WRONG_LENGTH;
- }
- /* not extended */
- apdu->a_Lc = apdu->a_header->ah_Le;
- apdu->a_body = &apdu->a_header->ah_body[0];
- if (L == apdu->a_Lc + 1) {
- /* 3S only body parameters */
- return VCARD7816_STATUS_SUCCESS;
- }
- if (L == apdu->a_Lc + 2) {
- /* 4S parameters and return data */
- Le = apdu->a_data[apdu->a_len-1];
- apdu->a_Le = Le ? Le : 256;
- return VCARD7816_STATUS_SUCCESS;
- }
- break;
- }
- return VCARD7816_STATUS_ERROR_WRONG_LENGTH;
-}
-
-/*
- * create a new APDU from a raw set of bytes. This will decode all the
- * above fields. users of VCARDAPDU's can then depend on the already decoded
- * values.
- */
-VCardAPDU *
-vcard_apdu_new(unsigned char *raw_apdu, int len, vcard_7816_status_t *status)
-{
- VCardAPDU *new_apdu;
-
- *status = VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE;
- if (len < 4) {
- *status = VCARD7816_STATUS_ERROR_WRONG_LENGTH;
- return NULL;
- }
-
- new_apdu = g_new(VCardAPDU, 1);
- new_apdu->a_data = g_memdup(raw_apdu, len);
- new_apdu->a_len = len;
- *status = vcard_apdu_set_class(new_apdu);
- if (*status != VCARD7816_STATUS_SUCCESS) {
- g_free(new_apdu);
- return NULL;
- }
- *status = vcard_apdu_set_length(new_apdu);
- if (*status != VCARD7816_STATUS_SUCCESS) {
- g_free(new_apdu);
- new_apdu = NULL;
- }
- return new_apdu;
-}
-
-void
-vcard_apdu_delete(VCardAPDU *apdu)
-{
- if (apdu == NULL) {
- return;
- }
- g_free(apdu->a_data);
- g_free(apdu);
-}
-
-
-/*
- * declare response buffers for all the 7816 defined error codes
- */
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_SUCCESS)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_RET_CORUPT)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_CHANGE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_WARNING_FILE_FILLED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR_CHANGE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_LENGTH)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(
- VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_INVALID)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_NO_EF)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_PARAMETERS)
-VCARD_RESPONSE_NEW_STATIC_STATUS(
- VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_FILE_NOT_FOUND)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_DATA_NOT_FOUND)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_INS_CODE_INVALID)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_CLA_INVALID)
-VCARD_RESPONSE_NEW_STATIC_STATUS(VCARD7816_STATUS_ERROR_GENERAL)
-
-/*
- * return a single response code. This function cannot fail. It will always
- * return a response.
- */
-VCardResponse *
-vcard_make_response(vcard_7816_status_t status)
-{
- VCardResponse *response;
-
- switch (status) {
- /* known 7816 response codes */
- case VCARD7816_STATUS_SUCCESS:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_SUCCESS);
- case VCARD7816_STATUS_WARNING:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING);
- case VCARD7816_STATUS_WARNING_RET_CORUPT:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_RET_CORUPT);
- case VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE);
- case VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED);
- case VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID);
- case VCARD7816_STATUS_WARNING_CHANGE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_CHANGE);
- case VCARD7816_STATUS_WARNING_FILE_FILLED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_WARNING_FILE_FILLED);
- case VCARD7816_STATUS_EXC_ERROR:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_EXC_ERROR);
- case VCARD7816_STATUS_EXC_ERROR_CHANGE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_EXC_ERROR_CHANGE);
- case VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- case VCARD7816_STATUS_ERROR_WRONG_LENGTH:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_WRONG_LENGTH);
- case VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED);
- case VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED);
- case VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED);
- case VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- case VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE);
- case VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED);
- case VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED);
- case VCARD7816_STATUS_ERROR_DATA_INVALID:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_DATA_INVALID);
- case VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
- case VCARD7816_STATUS_ERROR_DATA_NO_EF:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_DATA_NO_EF);
- case VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING);
- case VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT);
- case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_WRONG_PARAMETERS);
- case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA);
- case VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED);
- case VCARD7816_STATUS_ERROR_FILE_NOT_FOUND:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_FILE_NOT_FOUND);
- case VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND);
- case VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE);
- case VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT);
- case VCARD7816_STATUS_ERROR_P1_P2_INCORRECT:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
- case VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT);
- case VCARD7816_STATUS_ERROR_DATA_NOT_FOUND:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_DATA_NOT_FOUND);
- case VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2);
- case VCARD7816_STATUS_ERROR_INS_CODE_INVALID:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_INS_CODE_INVALID);
- case VCARD7816_STATUS_ERROR_CLA_INVALID:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_CLA_INVALID);
- case VCARD7816_STATUS_ERROR_GENERAL:
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_ERROR_GENERAL);
- default:
- /* we don't know this status code, create a response buffer to
- * hold it */
- response = vcard_response_new_status(status);
- if (response == NULL) {
- /* couldn't allocate the buffer, return memmory error */
- return VCARD_RESPONSE_GET_STATIC(
- VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- }
- return response;
- }
-}
-
-/*
- * Add File card support here if you need it.
- */
-static VCardStatus
-vcard7816_file_system_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- /* TODO: if we want to support a virtual file system card, we do it here.
- * It would probably be a pkcs #15 card type */
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- return VCARD_DONE;
-}
-
-/*
- * VM card (including java cards)
- */
-static VCardStatus
-vcard7816_vm_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- int bytes_to_copy, next_byte_count, count;
- VCardApplet *current_applet;
- VCardBufferResponse *buffer_response;
- vcard_7816_status_t status;
-
- /* parse the class first */
- if (apdu->a_gen_type != VCARD_7816_ISO) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- return VCARD_DONE;
- }
-
- /* use a switch so that if we need to support secure channel stuff later,
- * we know where to put it */
- switch (apdu->a_secure_messaging) {
- case 0x0: /* no SM */
- break;
- case 0x4: /* proprietary SM */
- case 0x8: /* header not authenticated */
- case 0xc: /* header authenticated */
- default:
- /* for now, don't try to support secure channel stuff in the
- * virtual card. */
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED);
- return VCARD_DONE;
- }
-
- /* now parse the instruction */
- switch (apdu->a_ins) {
- case VCARD7816_INS_MANAGE_CHANNEL: /* secure channel op */
- case VCARD7816_INS_EXTERNAL_AUTHENTICATE: /* secure channel op */
- case VCARD7816_INS_GET_CHALLENGE: /* secure channel op */
- case VCARD7816_INS_INTERNAL_AUTHENTICATE: /* secure channel op */
- case VCARD7816_INS_ERASE_BINARY: /* applet control op */
- case VCARD7816_INS_READ_BINARY: /* applet control op */
- case VCARD7816_INS_WRITE_BINARY: /* applet control op */
- case VCARD7816_INS_UPDATE_BINARY: /* applet control op */
- case VCARD7816_INS_READ_RECORD: /* file op */
- case VCARD7816_INS_WRITE_RECORD: /* file op */
- case VCARD7816_INS_UPDATE_RECORD: /* file op */
- case VCARD7816_INS_APPEND_RECORD: /* file op */
- case VCARD7816_INS_ENVELOPE:
- case VCARD7816_INS_PUT_DATA:
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- break;
-
- case VCARD7816_INS_SELECT_FILE:
- if (apdu->a_p1 != 0x04) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED);
- break;
- }
-
- /* side effect, deselect the current applet if no applet has been found
- * */
- current_applet = vcard_find_applet(card, apdu->a_body, apdu->a_Lc);
- vcard_select_applet(card, apdu->a_channel, current_applet);
- if (current_applet) {
- unsigned char *aid;
- int aid_len;
- aid = vcard_applet_get_aid(current_applet, &aid_len);
- *response = vcard_response_new(card, aid, aid_len, apdu->a_Le,
- VCARD7816_STATUS_SUCCESS);
- } else {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_FILE_NOT_FOUND);
- }
- break;
-
- case VCARD7816_INS_VERIFY:
- if ((apdu->a_p1 != 0x00) || (apdu->a_p2 != 0x00)) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_WRONG_PARAMETERS);
- } else {
- if (apdu->a_Lc == 0) {
- /* handle pin count if possible */
- count = vcard_emul_get_login_count(card);
- if (count < 0) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_DATA_NOT_FOUND);
- } else {
- if (count > 0xf) {
- count = 0xf;
- }
- *response = vcard_response_new_status_bytes(
- VCARD7816_SW1_WARNING_CHANGE,
- 0xc0 | count);
- if (*response == NULL) {
- *response = vcard_make_response(
- VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- }
- }
- } else {
- status = vcard_emul_login(card, apdu->a_body, apdu->a_Lc);
- *response = vcard_make_response(status);
- }
- }
- break;
-
- case VCARD7816_INS_GET_RESPONSE:
- buffer_response = vcard_get_buffer_response(card);
- if (!buffer_response) {
- *response = vcard_make_response(
- VCARD7816_STATUS_ERROR_DATA_NOT_FOUND);
- /* handle error */
- break;
- }
- bytes_to_copy = MIN(buffer_response->len, apdu->a_Le);
- next_byte_count = MIN(256, buffer_response->len - bytes_to_copy);
- *response = vcard_response_new_bytes(
- card, buffer_response->current, bytes_to_copy,
- apdu->a_Le,
- next_byte_count ?
- VCARD7816_SW1_RESPONSE_BYTES : VCARD7816_SW1_SUCCESS,
- next_byte_count);
- buffer_response->current += bytes_to_copy;
- buffer_response->len -= bytes_to_copy;
- if (*response == NULL || (next_byte_count == 0)) {
- vcard_set_buffer_response(card, NULL);
- vcard_buffer_response_delete(buffer_response);
- }
- if (*response == NULL) {
- *response =
- vcard_make_response(VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
- }
- break;
-
- case VCARD7816_INS_GET_DATA:
- *response =
- vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- break;
-
- default:
- *response =
- vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- break;
- }
-
- /* response should have been set somewhere */
- assert(*response != NULL);
- return VCARD_DONE;
-}
-
-
-/*
- * APDU processing starts here. This routes the card processing stuff to the
- * right location.
- */
-VCardStatus
-vcard_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response)
-{
- VCardStatus status;
- VCardBufferResponse *buffer_response;
-
- /* first handle any PTS commands, which aren't really APDU's */
- if (apdu->a_type == VCARD_7816_PTS) {
- /* the PTS responses aren't really responses either */
- *response = vcard_response_new_data(apdu->a_data, apdu->a_len);
- /* PTS responses have no status bytes */
- (*response)->b_total_len = (*response)->b_len;
- return VCARD_DONE;
- }
- buffer_response = vcard_get_buffer_response(card);
- if (buffer_response && apdu->a_ins != VCARD7816_INS_GET_RESPONSE) {
- /* clear out buffer_response, return an error */
- vcard_set_buffer_response(card, NULL);
- vcard_buffer_response_delete(buffer_response);
- *response = vcard_make_response(VCARD7816_STATUS_EXC_ERROR);
- return VCARD_DONE;
- }
-
- status = vcard_process_applet_apdu(card, apdu, response);
- if (status != VCARD_NEXT) {
- return status;
- }
- switch (vcard_get_type(card)) {
- case VCARD_FILE_SYSTEM:
- return vcard7816_file_system_process_apdu(card, apdu, response);
- case VCARD_VM:
- return vcard7816_vm_process_apdu(card, apdu, response);
- case VCARD_DIRECT:
- /* if we are type direct, then the applet should handle everything */
- assert(!"VCARD_DIRECT: applet failure");
- break;
- }
- *response =
- vcard_make_response(VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
- return VCARD_DONE;
-}
diff --git a/libcacard/card_7816.h b/libcacard/card_7816.h
deleted file mode 100644
index 4a01993..0000000
--- a/libcacard/card_7816.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Implement the 7816 portion of the card spec
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef CARD_7816_H
-#define CARD_7816_H 1
-
-#include "card_7816t.h"
-#include "vcardt.h"
-
-/*
- * constructors for VCardResponse's
- */
-/* response from a return buffer and a status */
-VCardResponse *vcard_response_new(VCard *card, unsigned char *buf, int len,
- int Le, vcard_7816_status_t status);
-/* response from a return buffer and status bytes */
-VCardResponse *vcard_response_new_bytes(VCard *card, unsigned char *buf,
- int len, int Le,
- unsigned char sw1, unsigned char sw2);
-/* response from just status bytes */
-VCardResponse *vcard_response_new_status_bytes(unsigned char sw1,
- unsigned char sw2);
-/* response from just status: NOTE this cannot fail, it will always return a
- * valid response, if it can't allocate memory, the response will be
- * VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE */
-VCardResponse *vcard_make_response(vcard_7816_status_t status);
-
-/* create a raw response (status has already been encoded */
-VCardResponse *vcard_response_new_data(unsigned char *buf, int len);
-
-
-
-
-/*
- * destructor for VCardResponse.
- * Can be called with a NULL response
- */
-void vcard_response_delete(VCardResponse *response);
-
-/*
- * constructor for VCardAPDU
- */
-VCardAPDU *vcard_apdu_new(unsigned char *raw_apdu, int len,
- unsigned short *status);
-
-/*
- * destructor for VCardAPDU
- * Can be called with a NULL apdu
- */
-void vcard_apdu_delete(VCardAPDU *apdu);
-
-/*
- * APDU processing starts here. This routes the card processing stuff to the
- * right location. Always returns a valid response.
- */
-VCardStatus vcard_process_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response);
-
-#endif
diff --git a/libcacard/card_7816t.h b/libcacard/card_7816t.h
deleted file mode 100644
index 8eef0ce..0000000
--- a/libcacard/card_7816t.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Implement the 7816 portion of the card spec
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef CARD_7816T_H
-#define CARD_7816T_H 1
-
-typedef unsigned short vcard_7816_status_t;
-
-struct VCardResponseStruct {
- unsigned char *b_data;
- vcard_7816_status_t b_status;
- unsigned char b_sw1;
- unsigned char b_sw2;
- int b_len;
- int b_total_len;
- enum VCardResponseBufferType {
- VCARD_MALLOC,
- VCARD_MALLOC_DATA,
- VCARD_MALLOC_STRUCT,
- VCARD_STATIC
- } b_type;
-};
-
-#define VCARD_RESPONSE_NEW_STATIC_STATUS(stat) \
-static const VCardResponse VCardResponse##stat = \
- {(unsigned char *)&VCardResponse##stat.b_sw1, (stat), ((stat) >> 8), \
- ((stat) & 0xff), 0, 2, VCARD_STATIC};
-
-#define VCARD_RESPONSE_NEW_STATIC_STATUS_BYTES(sw1, sw2) \
-static const VCardResponse VCARDResponse##sw1 = \
- {(unsigned char *)&VCardResponse##name.b_sw1, ((sw1) << 8 | (sw2)), \
- (sw1), (sw2), 0, 2, VCARD_STATIC};
-
-/* cast away the const, callers need may need to 'free' the
- * result, and const implies that they don't */
-#define VCARD_RESPONSE_GET_STATIC(name) \
- ((VCardResponse *)(&VCardResponse##name))
-
-typedef enum {
- VCARD_7816_ISO,
- VCARD_7816_RFU,
- VCARD_7816_PTS,
- VCARD_7816_PROPRIETARY
-} VCardAPDUType;
-
-
-/*
- * 7816 header. All APDU's have this header.
- * They must be laid out in this order.
- */
-struct VCardAPDUHeader {
- unsigned char ah_cla;
- unsigned char ah_ins;
- unsigned char ah_p1;
- unsigned char ah_p2;
- unsigned char ah_Le;
- unsigned char ah_body[1]; /* indefinate length */
-};
-
-/*
- * 7816 APDU structure. The raw bytes are stored in the union and can be
- * accessed directly through u.data (which is aliased as a_data).
- *
- * Names of the fields match the 7816 documentation.
- */
-struct VCardAPDUStruct {
- int a_len; /* length of the whole buffer, including header
*/
- int a_Lc; /* 7816 Lc (parameter length) value */
- int a_Le; /* 7816 Le (expected result length) value */
- unsigned char *a_body; /* pointer to the parameter */
- int a_channel; /* decoded channel */
- int a_secure_messaging; /* decoded secure messaging type */
- int a_type; /* decoded type from cla (top nibble of class) */
- VCardAPDUType a_gen_type; /* generic type (7816, PROPRIETARY, RFU, etc) */
- union {
- struct VCardAPDUHeader *header;
- unsigned char *data;
- } u;
-/* give the subfields a unified look */
-#define a_header u.header
-#define a_data u.data
-#define a_cla a_header->ah_cla /* class */
-#define a_ins a_header->ah_ins /* instruction */
-#define a_p1 a_header->ah_p1 /* parameter 1 */
-#define a_p2 a_header->ah_p2 /* parameter 2 */
-};
-
-/* 7816 status codes */
-#define VCARD7816_STATUS_SUCCESS 0x9000
-#define VCARD7816_STATUS_WARNING 0x6200
-#define VCARD7816_STATUS_WARNING_RET_CORUPT 0x6281
-#define VCARD7816_STATUS_WARNING_BUF_END_BEFORE_LE 0x6282
-#define VCARD7816_STATUS_WARNING_INVALID_FILE_SELECTED 0x6283
-#define VCARD7816_STATUS_WARNING_FCI_FORMAT_INVALID 0x6284
-#define VCARD7816_STATUS_WARNING_CHANGE 0x6300
-#define VCARD7816_STATUS_WARNING_FILE_FILLED 0x6381
-#define VCARD7816_STATUS_EXC_ERROR 0x6400
-#define VCARD7816_STATUS_EXC_ERROR_CHANGE 0x6500
-#define VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE 0x6581
-#define VCARD7816_STATUS_ERROR_WRONG_LENGTH 0x6700
-#define VCARD7816_STATUS_ERROR_CLA_NOT_SUPPORTED 0x6800
-#define VCARD7816_STATUS_ERROR_CHANNEL_NOT_SUPPORTED 0x6881
-#define VCARD7816_STATUS_ERROR_SECURE_NOT_SUPPORTED 0x6882
-#define VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED 0x6900
-#define VCARD7816_STATUS_ERROR_COMMAND_INCOMPATIBLE_WITH_FILE 0x6981
-#define VCARD7816_STATUS_ERROR_SECURITY_NOT_SATISFIED 0x6982
-#define VCARD7816_STATUS_ERROR_AUTHENTICATION_BLOCKED 0x6983
-#define VCARD7816_STATUS_ERROR_DATA_INVALID 0x6984
-#define VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED 0x6985
-#define VCARD7816_STATUS_ERROR_DATA_NO_EF 0x6986
-#define VCARD7816_STATUS_ERROR_SM_OBJECT_MISSING 0x6987
-#define VCARD7816_STATUS_ERROR_SM_OBJECT_INCORRECT 0x6988
-#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS 0x6a00
-#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_IN_DATA 0x6a80
-#define VCARD7816_STATUS_ERROR_FUNCTION_NOT_SUPPORTED 0x6a81
-#define VCARD7816_STATUS_ERROR_FILE_NOT_FOUND 0x6a82
-#define VCARD7816_STATUS_ERROR_RECORD_NOT_FOUND 0x6a83
-#define VCARD7816_STATUS_ERROR_NO_SPACE_FOR_FILE 0x6a84
-#define VCARD7816_STATUS_ERROR_LC_TLV_INCONSISTENT 0x6a85
-#define VCARD7816_STATUS_ERROR_P1_P2_INCORRECT 0x6a86
-#define VCARD7816_STATUS_ERROR_LC_P1_P2_INCONSISTENT 0x6a87
-#define VCARD7816_STATUS_ERROR_DATA_NOT_FOUND 0x6a88
-#define VCARD7816_STATUS_ERROR_WRONG_PARAMETERS_2 0x6b00
-#define VCARD7816_STATUS_ERROR_INS_CODE_INVALID 0x6d00
-#define VCARD7816_STATUS_ERROR_CLA_INVALID 0x6e00
-#define VCARD7816_STATUS_ERROR_GENERAL 0x6f00
-/* 7816 sw1 codes */
-#define VCARD7816_SW1_SUCCESS 0x90
-#define VCARD7816_SW1_RESPONSE_BYTES 0x61
-#define VCARD7816_SW1_WARNING 0x62
-#define VCARD7816_SW1_WARNING_CHANGE 0x63
-#define VCARD7816_SW1_EXC_ERROR 0x64
-#define VCARD7816_SW1_EXC_ERROR_CHANGE 0x65
-#define VCARD7816_SW1_ERROR_WRONG_LENGTH 0x67
-#define VCARD7816_SW1_CLA_ERROR 0x68
-#define VCARD7816_SW1_COMMAND_ERROR 0x69
-#define VCARD7816_SW1_P1_P2_ERROR 0x6a
-#define VCARD7816_SW1_LE_ERROR 0x6c
-#define VCARD7816_SW1_INS_ERROR 0x6d
-#define VCARD7816_SW1_CLA_NOT_SUPPORTED 0x6e
-
-/* 7816 Instructions */
-#define VCARD7816_INS_MANAGE_CHANNEL 0x70
-#define VCARD7816_INS_EXTERNAL_AUTHENTICATE 0x82
-#define VCARD7816_INS_GET_CHALLENGE 0x84
-#define VCARD7816_INS_INTERNAL_AUTHENTICATE 0x88
-#define VCARD7816_INS_ERASE_BINARY 0x0e
-#define VCARD7816_INS_READ_BINARY 0xb0
-#define VCARD7816_INS_WRITE_BINARY 0xd0
-#define VCARD7816_INS_UPDATE_BINARY 0xd6
-#define VCARD7816_INS_READ_RECORD 0xb2
-#define VCARD7816_INS_WRITE_RECORD 0xd2
-#define VCARD7816_INS_UPDATE_RECORD 0xdc
-#define VCARD7816_INS_APPEND_RECORD 0xe2
-#define VCARD7816_INS_ENVELOPE 0xc2
-#define VCARD7816_INS_PUT_DATA 0xda
-#define VCARD7816_INS_GET_DATA 0xca
-#define VCARD7816_INS_SELECT_FILE 0xa4
-#define VCARD7816_INS_VERIFY 0x20
-#define VCARD7816_INS_GET_RESPONSE 0xc0
-
-#endif
diff --git a/libcacard/event.c b/libcacard/event.c
deleted file mode 100644
index 63f4057..0000000
--- a/libcacard/event.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * event queue implementation.
- *
- * This code is licensed under the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include "glib-compat.h"
-
-#include "vcard.h"
-#include "vreader.h"
-#include "vevent.h"
-
-VEvent *
-vevent_new(VEventType type, VReader *reader, VCard *card)
-{
- VEvent *new_vevent;
-
- new_vevent = g_new(VEvent, 1);
- new_vevent->next = NULL;
- new_vevent->type = type;
- new_vevent->reader = vreader_reference(reader);
- new_vevent->card = vcard_reference(card);
-
- return new_vevent;
-}
-
-void
-vevent_delete(VEvent *vevent)
-{
- if (vevent == NULL) {
- return;
- }
- vreader_free(vevent->reader);
- vcard_free(vevent->card);
- g_free(vevent);
-}
-
-/*
- * VEvent queue management
- */
-
-static VEvent *vevent_queue_head;
-static VEvent *vevent_queue_tail;
-static CompatGMutex vevent_queue_lock;
-static CompatGCond vevent_queue_condition;
-
-void vevent_queue_init(void)
-{
- vevent_queue_head = vevent_queue_tail = NULL;
-}
-
-void
-vevent_queue_vevent(VEvent *vevent)
-{
- vevent->next = NULL;
- g_mutex_lock(&vevent_queue_lock);
- if (vevent_queue_head) {
- assert(vevent_queue_tail);
- vevent_queue_tail->next = vevent;
- } else {
- vevent_queue_head = vevent;
- }
- vevent_queue_tail = vevent;
- g_cond_signal(&vevent_queue_condition);
- g_mutex_unlock(&vevent_queue_lock);
-}
-
-/* must have lock */
-static VEvent *
-vevent_dequeue_vevent(void)
-{
- VEvent *vevent = NULL;
- if (vevent_queue_head) {
- vevent = vevent_queue_head;
- vevent_queue_head = vevent->next;
- vevent->next = NULL;
- }
- return vevent;
-}
-
-VEvent *vevent_wait_next_vevent(void)
-{
- VEvent *vevent;
-
- g_mutex_lock(&vevent_queue_lock);
- while ((vevent = vevent_dequeue_vevent()) == NULL) {
- g_cond_wait(&vevent_queue_condition, &vevent_queue_lock);
- }
- g_mutex_unlock(&vevent_queue_lock);
- return vevent;
-}
-
-VEvent *vevent_get_next_vevent(void)
-{
- VEvent *vevent;
-
- g_mutex_lock(&vevent_queue_lock);
- vevent = vevent_dequeue_vevent();
- g_mutex_unlock(&vevent_queue_lock);
- return vevent;
-}
-
diff --git a/libcacard/eventt.h b/libcacard/eventt.h
deleted file mode 100644
index 0dc7bd4..0000000
--- a/libcacard/eventt.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef EVENTT_H
-#define EVENTT_H 1
-#include "vreadert.h"
-#include "vcardt.h"
-
-typedef struct VEventStruct VEvent;
-
-typedef enum {
- VEVENT_READER_INSERT,
- VEVENT_READER_REMOVE,
- VEVENT_CARD_INSERT,
- VEVENT_CARD_REMOVE,
- VEVENT_LAST,
-} VEventType;
-
-struct VEventStruct {
- VEvent *next;
- VEventType type;
- VReader *reader;
- VCard *card;
-};
-#endif
-
-
diff --git a/libcacard/libcacard.pc.in b/libcacard/libcacard.pc.in
deleted file mode 100644
index 4b60023..0000000
--- a/libcacard/libcacard.pc.in
+++ /dev/null
@@ -1,13 +0,0 @@
address@hidden@
-exec_prefix=${prefix}
address@hidden@
address@hidden@
-
-Name: cacard
-Description: CA Card library
-Version: @VERSION@
-
-Requires.private: nss glib-2.0
-Libs: -L${libdir} -lcacard
-Libs.private:
-Cflags: -I${includedir}
diff --git a/libcacard/libcacard.syms b/libcacard/libcacard.syms
deleted file mode 100644
index 1697515..0000000
--- a/libcacard/libcacard.syms
+++ /dev/null
@@ -1,77 +0,0 @@
-cac_card_init
-cac_is_cac_card
-vcard_add_applet
-vcard_apdu_delete
-vcard_apdu_new
-vcard_applet_get_aid
-vcard_buffer_response_delete
-vcard_buffer_response_new
-vcard_delete_applet
-vcard_emul_delete_key
-vcard_emul_force_card_insert
-vcard_emul_force_card_remove
-vcard_emul_get_atr
-vcard_emul_get_login_count
-vcard_emul_init
-vcard_emul_login
-vcard_emul_options
-vcard_emul_replay_insertion_events
-vcard_emul_reset
-vcard_emul_rsa_op
-vcard_emul_type_from_string
-vcard_emul_type_select
-vcard_emul_usage
-vcard_find_applet
-vcard_free
-vcard_get_atr
-vcard_get_buffer_response
-vcard_get_current_applet_private
-vcard_get_private
-vcard_get_type
-vcard_init
-vcard_make_response
-vcard_new
-vcard_new_applet
-vcard_process_apdu
-vcard_process_applet_apdu
-vcard_reference
-vcard_reset
-vcard_response_delete
-vcard_response_new
-vcard_response_new_bytes
-vcard_response_new_data
-vcard_response_new_status_bytes
-vcard_select_applet
-vcard_set_applet_private
-vcard_set_atr_func
-vcard_set_buffer_response
-vcard_set_type
-vevent_delete
-vevent_get_next_vevent
-vevent_new
-vevent_queue_init
-vevent_queue_vevent
-vevent_wait_next_vevent
-vreader_add_reader
-vreader_card_is_present
-vreader_free
-vreader_get_id
-vreader_get_name
-vreader_get_private
-vreader_get_reader_by_id
-vreader_get_reader_by_name
-vreader_get_reader_list
-vreader_init
-vreader_insert_card
-vreader_list_delete
-vreader_list_get_first
-vreader_list_get_next
-vreader_list_get_reader
-vreader_new
-vreader_power_off
-vreader_power_on
-vreader_queue_card_event
-vreader_reference
-vreader_remove_reader
-vreader_set_id
-vreader_xfr_bytes
diff --git a/libcacard/link_test.c b/libcacard/link_test.c
deleted file mode 100644
index 6f67a23..0000000
--- a/libcacard/link_test.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include <stdio.h>
-#include "vcard.h"
-
-VCardStatus cac_card_init(const char *flags, VCard *card,
- const unsigned char *cert[],
- int cert_len[], VCardKey *key[] /* adopt the keys*/,
- int cert_count);
-/*
- * this will crash... just test the linkage right now
- */
-
-main(int argc, char **argv)
-{
- VCard *card; /* no constructor yet */
- cac_card_init("", card, NULL, 0, NULL, 0);
-}
-
diff --git a/libcacard/vcard.c b/libcacard/vcard.c
deleted file mode 100644
index 1a87208..0000000
--- a/libcacard/vcard.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * implement the Java card standard.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include "glib-compat.h"
-
-#include <string.h>
-
-#include "vcard.h"
-#include "vcard_emul.h"
-#include "card_7816t.h"
-
-struct VCardAppletStruct {
- VCardApplet *next;
- VCardProcessAPDU process_apdu;
- VCardResetApplet reset_applet;
- unsigned char *aid;
- int aid_len;
- void *applet_private;
- VCardAppletPrivateFree applet_private_free;
-};
-
-struct VCardStruct {
- int reference_count;
- VCardApplet *applet_list;
- VCardApplet *current_applet[MAX_CHANNEL];
- VCardBufferResponse *vcard_buffer_response;
- VCardType type;
- VCardEmul *vcard_private;
- VCardEmulFree vcard_private_free;
- VCardGetAtr vcard_get_atr;
-};
-
-VCardBufferResponse *
-vcard_buffer_response_new(unsigned char *buffer, int size)
-{
- VCardBufferResponse *new_buffer;
-
- new_buffer = g_new(VCardBufferResponse, 1);
- new_buffer->buffer = (unsigned char *)g_memdup(buffer, size);
- new_buffer->buffer_len = size;
- new_buffer->current = new_buffer->buffer;
- new_buffer->len = size;
- return new_buffer;
-}
-
-void
-vcard_buffer_response_delete(VCardBufferResponse *buffer_response)
-{
- if (buffer_response == NULL) {
- return;
- }
- g_free(buffer_response->buffer);
- g_free(buffer_response);
-}
-
-
-/*
- * clean up state after a reset
- */
-void
-vcard_reset(VCard *card, VCardPower power)
-{
- int i;
- VCardApplet *applet = NULL;
-
- if (card->type == VCARD_DIRECT) {
- /* select the last applet */
- VCardApplet *current_applet = NULL;
- for (current_applet = card->applet_list; current_applet;
- current_applet = current_applet->next) {
- applet = current_applet;
- }
- }
- for (i = 0; i < MAX_CHANNEL; i++) {
- card->current_applet[i] = applet;
- }
- if (card->vcard_buffer_response) {
- vcard_buffer_response_delete(card->vcard_buffer_response);
- card->vcard_buffer_response = NULL;
- }
- vcard_emul_reset(card, power);
- if (applet) {
- applet->reset_applet(card, 0);
- }
-}
-
-/* applet utilities */
-
-/*
- * applet utilities
- */
-/* constructor */
-VCardApplet *
-vcard_new_applet(VCardProcessAPDU applet_process_function,
- VCardResetApplet applet_reset_function,
- unsigned char *aid, int aid_len)
-{
- VCardApplet *applet;
-
- applet = g_new0(VCardApplet, 1);
- applet->process_apdu = applet_process_function;
- applet->reset_applet = applet_reset_function;
-
- applet->aid = g_memdup(aid, aid_len);
- applet->aid_len = aid_len;
- return applet;
-}
-
-/* destructor */
-void
-vcard_delete_applet(VCardApplet *applet)
-{
- if (applet == NULL) {
- return;
- }
- if (applet->applet_private_free) {
- applet->applet_private_free(applet->applet_private);
- }
- g_free(applet->aid);
- g_free(applet);
-}
-
-/* accessor */
-void
-vcard_set_applet_private(VCardApplet *applet, VCardAppletPrivate *private,
- VCardAppletPrivateFree private_free)
-{
- if (applet->applet_private_free) {
- applet->applet_private_free(applet->applet_private);
- }
- applet->applet_private = private;
- applet->applet_private_free = private_free;
-}
-
-VCard *
-vcard_new(VCardEmul *private, VCardEmulFree private_free)
-{
- VCard *new_card;
-
- new_card = g_new0(VCard, 1);
- new_card->type = VCARD_VM;
- new_card->vcard_private = private;
- new_card->vcard_private_free = private_free;
- new_card->reference_count = 1;
- return new_card;
-}
-
-VCard *
-vcard_reference(VCard *vcard)
-{
- if (vcard == NULL) {
- return NULL;
- }
- vcard->reference_count++;
- return vcard;
-}
-
-void
-vcard_free(VCard *vcard)
-{
- VCardApplet *current_applet;
- VCardApplet *next_applet;
-
- if (vcard == NULL) {
- return;
- }
- vcard->reference_count--;
- if (vcard->reference_count != 0) {
- return;
- }
- if (vcard->vcard_private_free) {
- (*vcard->vcard_private_free)(vcard->vcard_private);
- }
- for (current_applet = vcard->applet_list; current_applet;
- current_applet = next_applet) {
- next_applet = current_applet->next;
- vcard_delete_applet(current_applet);
- }
- vcard_buffer_response_delete(vcard->vcard_buffer_response);
- g_free(vcard);
-}
-
-void
-vcard_get_atr(VCard *vcard, unsigned char *atr, int *atr_len)
-{
- if (vcard->vcard_get_atr) {
- (*vcard->vcard_get_atr)(vcard, atr, atr_len);
- return;
- }
- vcard_emul_get_atr(vcard, atr, atr_len);
-}
-
-void
-vcard_set_atr_func(VCard *card, VCardGetAtr vcard_get_atr)
-{
- card->vcard_get_atr = vcard_get_atr;
-}
-
-
-VCardStatus
-vcard_add_applet(VCard *card, VCardApplet *applet)
-{
- applet->next = card->applet_list;
- card->applet_list = applet;
- /* if our card-type is direct, always call the applet */
- if (card->type == VCARD_DIRECT) {
- int i;
-
- for (i = 0; i < MAX_CHANNEL; i++) {
- card->current_applet[i] = applet;
- }
- }
- return VCARD_DONE;
-}
-
-/*
- * manage applets
- */
-VCardApplet *
-vcard_find_applet(VCard *card, unsigned char *aid, int aid_len)
-{
- VCardApplet *current_applet;
-
- for (current_applet = card->applet_list; current_applet;
- current_applet = current_applet->next)
{
- if (current_applet->aid_len != aid_len) {
- continue;
- }
- if (memcmp(current_applet->aid, aid, aid_len) == 0) {
- break;
- }
- }
- return current_applet;
-}
-
-unsigned char *
-vcard_applet_get_aid(VCardApplet *applet, int *aid_len)
-{
- if (applet == NULL) {
- return NULL;
- }
- *aid_len = applet->aid_len;
- return applet->aid;
-}
-
-
-void
-vcard_select_applet(VCard *card, int channel, VCardApplet *applet)
-{
- assert(channel < MAX_CHANNEL);
-
- /* If using an emulated card, make sure to log out of any already logged in
- * session. */
- vcard_emul_logout(card);
-
- card->current_applet[channel] = applet;
- /* reset the applet */
- if (applet && applet->reset_applet) {
- applet->reset_applet(card, channel);
- }
-}
-
-VCardAppletPrivate *
-vcard_get_current_applet_private(VCard *card, int channel)
-{
- VCardApplet *applet = card->current_applet[channel];
-
- if (applet == NULL) {
- return NULL;
- }
- return applet->applet_private;
-}
-
-VCardStatus
-vcard_process_applet_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response)
-{
- if (card->current_applet[apdu->a_channel]) {
- return card->current_applet[apdu->a_channel]->process_apdu(
- card, apdu, response);
- }
- return VCARD_NEXT;
-}
-
-/*
- * Accessor functions
- */
-/* accessor functions for the response buffer */
-VCardBufferResponse *
-vcard_get_buffer_response(VCard *card)
-{
- return card->vcard_buffer_response;
-}
-
-void
-vcard_set_buffer_response(VCard *card, VCardBufferResponse *buffer)
-{
- card->vcard_buffer_response = buffer;
-}
-
-
-/* accessor functions for the type */
-VCardType
-vcard_get_type(VCard *card)
-{
- return card->type;
-}
-
-void
-vcard_set_type(VCard *card, VCardType type)
-{
- card->type = type;
-}
-
-/* accessor for private data */
-VCardEmul *
-vcard_get_private(VCard *vcard)
-{
- return vcard->vcard_private;
-}
-
diff --git a/libcacard/vcard.h b/libcacard/vcard.h
deleted file mode 100644
index 47dc703..0000000
--- a/libcacard/vcard.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef VCARD_H
-#define VCARD_H 1
-
-#include "vcardt.h"
-
-/*
- * response buffer constructors and destructors.
- *
- * response buffers are used when we need to return more data than will fit in
- * a normal APDU response (nominally 254 bytes).
- */
-VCardBufferResponse *vcard_buffer_response_new(unsigned char *buffer, int
size);
-void vcard_buffer_response_delete(VCardBufferResponse *buffer_response);
-
-
-/*
- * clean up state on reset
- */
-void vcard_reset(VCard *card, VCardPower power);
-
-/*
- * applet utilities
- */
-/*
- * Constructor for a VCardApplet
- */
-VCardApplet *vcard_new_applet(VCardProcessAPDU applet_process_function,
- VCardResetApplet applet_reset_function,
- unsigned char *aid, int aid_len);
-
-/*
- * destructor for a VCardApplet
- * Can be called with a NULL applet
- */
-void vcard_delete_applet(VCardApplet *applet);
-
-/* accessor - set the card type specific private data */
-void vcard_set_applet_private(VCardApplet *applet, VCardAppletPrivate
*_private,
- VCardAppletPrivateFree private_free);
-
-/* set type of vcard */
-void vcard_set_type(VCard *card, VCardType type);
-
-/*
- * utilities interacting with the current applet
- */
-/* add a new applet to a card */
-VCardStatus vcard_add_applet(VCard *card, VCardApplet *applet);
-/* find the applet on the card with the given aid */
-VCardApplet *vcard_find_applet(VCard *card, unsigned char *aid, int aid_len);
-/* set the following applet to be current on the given channel */
-void vcard_select_applet(VCard *card, int channel, VCardApplet *applet);
-/* get the card type specific private data on the given channel */
-VCardAppletPrivate *vcard_get_current_applet_private(VCard *card, int channel);
-/* fetch the applet's id */
-unsigned char *vcard_applet_get_aid(VCardApplet *applet, int *aid_len);
-
-/* process the apdu for the current selected applet/file */
-VCardStatus vcard_process_applet_apdu(VCard *card, VCardAPDU *apdu,
- VCardResponse **response);
-/*
- * VCard utilities
- */
-/* constructor */
-VCard *vcard_new(VCardEmul *_private, VCardEmulFree private_free);
-/* get a reference */
-VCard *vcard_reference(VCard *);
-/* destructor (reference counted) */
-void vcard_free(VCard *);
-/* get the atr from the card */
-void vcard_get_atr(VCard *card, unsigned char *atr, int *atr_len);
-void vcard_set_atr_func(VCard *card, VCardGetAtr vcard_get_atr);
-
-/* accessor functions for the response buffer */
-VCardBufferResponse *vcard_get_buffer_response(VCard *card);
-void vcard_set_buffer_response(VCard *card, VCardBufferResponse *buffer);
-/* accessor functions for the type */
-VCardType vcard_get_type(VCard *card);
-/* get the private data */
-VCardEmul *vcard_get_private(VCard *card);
-
-#endif
diff --git a/libcacard/vcard_emul.h b/libcacard/vcard_emul.h
deleted file mode 100644
index f09ee98..0000000
--- a/libcacard/vcard_emul.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * This is the actual card emulator.
- *
- * These functions can be implemented in different ways on different platforms
- * using the underlying system primitives. For Linux it uses NSS, though direct
- * to PKCS #11, openssl+pkcs11, or even gnu crypto libraries+pkcs #11 could be
- * used. On Windows CAPI could be used.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef VCARD_EMUL_H
-#define VCARD_EMUL_H 1
-
-#include "card_7816t.h"
-#include "vcard.h"
-#include "vcard_emul_type.h"
-
-/*
- * types
- */
-typedef enum {
- VCARD_EMUL_OK = 0,
- VCARD_EMUL_FAIL,
- /* return values by vcard_emul_init */
- VCARD_EMUL_INIT_ALREADY_INITED,
-} VCardEmulError;
-
-/* options are emul specific. call card_emul_parse_args to change a string
- * To an options struct */
-typedef struct VCardEmulOptionsStruct VCardEmulOptions;
-
-/*
- * Login functions
- */
-/* return the number of login attempts still possible on the card. if unknown,
- * return -1 */
-int vcard_emul_get_login_count(VCard *card);
-/* login into the card, return the 7816 status word (sw2 || sw1) */
-vcard_7816_status_t vcard_emul_login(VCard *card, unsigned char *pin,
- int pin_len);
-void vcard_emul_logout(VCard *card);
-
-/*
- * key functions
- */
-/* delete a key */
-void vcard_emul_delete_key(VCardKey *key);
-/* RSA sign/decrypt with the key, signature happens 'in place' */
-vcard_7816_status_t vcard_emul_rsa_op(VCard *card, VCardKey *key,
- unsigned char *buffer, int buffer_size);
-
-void vcard_emul_reset(VCard *card, VCardPower power);
-void vcard_emul_get_atr(VCard *card, unsigned char *atr, int *atr_len);
-
-/* Re-insert of a card that has been removed by force removal */
-VCardEmulError vcard_emul_force_card_insert(VReader *vreader);
-/* Force a card removal even if the card is not physically removed */
-VCardEmulError vcard_emul_force_card_remove(VReader *vreader);
-
-VCardEmulOptions *vcard_emul_options(const char *args);
-VCardEmulError vcard_emul_init(const VCardEmulOptions *options);
-void vcard_emul_replay_insertion_events(void);
-void vcard_emul_usage(void);
-#endif
diff --git a/libcacard/vcard_emul_nss.c b/libcacard/vcard_emul_nss.c
deleted file mode 100644
index d9761ee..0000000
--- a/libcacard/vcard_emul_nss.c
+++ /dev/null
@@ -1,1274 +0,0 @@
-/*
- * This is the actual card emulator.
- *
- * These functions can be implemented in different ways on different platforms
- * using the underlying system primitives. For Linux it uses NSS, though direct
- * to PKCS #11, openssl+pkcs11, or even gnu crypto libraries+pkcs #11 could be
- * used. On Windows CAPI could be used.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-/*
- * NSS headers
- */
-
-/* avoid including prototypes.h that redefines uint32 */
-#define NO_NSPR_10_SUPPORT
-
-#include <nss.h>
-#include <pk11pub.h>
-#include <cert.h>
-#include <key.h>
-#include <secmod.h>
-#include <prthread.h>
-#include <secerr.h>
-
-#include "glib-compat.h"
-
-#include "vcard.h"
-#include "card_7816t.h"
-#include "vcard_emul.h"
-#include "vreader.h"
-#include "vevent.h"
-
-#include "vcardt_internal.h"
-
-
-typedef enum {
- VCardEmulUnknown = -1,
- VCardEmulFalse = 0,
- VCardEmulTrue = 1
-} VCardEmulTriState;
-
-struct VCardKeyStruct {
- CERTCertificate *cert;
- PK11SlotInfo *slot;
- SECKEYPrivateKey *key;
- VCardEmulTriState failedX509;
-};
-
-
-typedef struct VirtualReaderOptionsStruct VirtualReaderOptions;
-
-struct VReaderEmulStruct {
- PK11SlotInfo *slot;
- VCardEmulType default_type;
- char *type_params;
- PRBool present;
- int series;
- VCard *saved_vcard;
-};
-
-/*
- * NSS Specific options
- */
-struct VirtualReaderOptionsStruct {
- char *name;
- char *vname;
- VCardEmulType card_type;
- char *type_params;
- char **cert_name;
- int cert_count;
-};
-
-struct VCardEmulOptionsStruct {
- void *nss_db;
- VirtualReaderOptions *vreader;
- int vreader_count;
- VCardEmulType hw_card_type;
- const char *hw_type_params;
- PRBool use_hw;
-};
-
-static int nss_emul_init;
-
-/* if we have more that just the slot, define
- * VCardEmulStruct here */
-
-/*
- * allocate the set of arrays for certs, cert_len, key
- */
-static void
-vcard_emul_alloc_arrays(unsigned char ***certsp, int **cert_lenp,
- VCardKey ***keysp, int cert_count)
-{
- *certsp = g_new(unsigned char *, cert_count);
- *cert_lenp = g_new(int, cert_count);
- *keysp = g_new(VCardKey *, cert_count);
-}
-
-/*
- * Emulator specific card information
- */
-typedef struct CardEmulCardStruct CardEmulPrivate;
-
-static VCardEmul *
-vcard_emul_new_card(PK11SlotInfo *slot)
-{
- PK11_ReferenceSlot(slot);
- /* currently we don't need anything other than the slot */
- return (VCardEmul *)slot;
-}
-
-static void
-vcard_emul_delete_card(VCardEmul *vcard_emul)
-{
- PK11SlotInfo *slot = (PK11SlotInfo *)vcard_emul;
- if (slot == NULL) {
- return;
- }
- PK11_FreeSlot(slot);
-}
-
-static PK11SlotInfo *
-vcard_emul_card_get_slot(VCard *card)
-{
- /* note, the card is holding the reference, no need to get another one */
- return (PK11SlotInfo *)vcard_get_private(card);
-}
-
-
-/*
- * key functions
- */
-/* private constructure */
-static VCardKey *
-vcard_emul_make_key(PK11SlotInfo *slot, CERTCertificate *cert)
-{
- VCardKey *key;
-
- key = g_new(VCardKey, 1);
- key->slot = PK11_ReferenceSlot(slot);
- key->cert = CERT_DupCertificate(cert);
- /* NOTE: if we aren't logged into the token, this could return NULL */
- /* NOTE: the cert is a temp cert, not necessarily the cert in the token,
- * use the DER version of this function */
- key->key = PK11_FindKeyByDERCert(slot, cert, NULL);
- key->failedX509 = VCardEmulUnknown;
- return key;
-}
-
-/* destructor */
-void
-vcard_emul_delete_key(VCardKey *key)
-{
- if (!nss_emul_init || (key == NULL)) {
- return;
- }
- if (key->key) {
- SECKEY_DestroyPrivateKey(key->key);
- key->key = NULL;
- }
- if (key->cert) {
- CERT_DestroyCertificate(key->cert);
- }
- if (key->slot) {
- PK11_FreeSlot(key->slot);
- }
-}
-
-/*
- * grab the nss key from a VCardKey. If it doesn't exist, try to look it up
- */
-static SECKEYPrivateKey *
-vcard_emul_get_nss_key(VCardKey *key)
-{
- if (key->key) {
- return key->key;
- }
- /* NOTE: if we aren't logged into the token, this could return NULL */
- key->key = PK11_FindPrivateKeyFromCert(key->slot, key->cert, NULL);
- return key->key;
-}
-
-/*
- * Map NSS errors to 7816 errors
- */
-static vcard_7816_status_t
-vcard_emul_map_error(int error)
-{
- switch (error) {
- case SEC_ERROR_TOKEN_NOT_LOGGED_IN:
- return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
- case SEC_ERROR_BAD_DATA:
- case SEC_ERROR_OUTPUT_LEN:
- case SEC_ERROR_INPUT_LEN:
- case SEC_ERROR_INVALID_ARGS:
- case SEC_ERROR_INVALID_ALGORITHM:
- case SEC_ERROR_NO_KEY:
- case SEC_ERROR_INVALID_KEY:
- case SEC_ERROR_DECRYPTION_DISALLOWED:
- return VCARD7816_STATUS_ERROR_DATA_INVALID;
- case SEC_ERROR_NO_MEMORY:
- return VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE;
- }
- return VCARD7816_STATUS_EXC_ERROR_CHANGE;
-}
-
-/* RSA sign/decrypt with the key, signature happens 'in place' */
-vcard_7816_status_t
-vcard_emul_rsa_op(VCard *card, VCardKey *key,
- unsigned char *buffer, int buffer_size)
-{
- SECKEYPrivateKey *priv_key;
- unsigned signature_len;
- PK11SlotInfo *slot;
- SECStatus rv;
- unsigned char buf[2048];
- unsigned char *bp = NULL;
- int pad_len;
- vcard_7816_status_t ret = VCARD7816_STATUS_SUCCESS;
-
- if ((!nss_emul_init) || (key == NULL)) {
- /* couldn't get the key, indicate that we aren't logged in */
- return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
- }
- priv_key = vcard_emul_get_nss_key(key);
- if (priv_key == NULL) {
- /* couldn't get the key, indicate that we aren't logged in */
- return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
- }
- slot = vcard_emul_card_get_slot(card);
-
- /*
- * this is only true of the rsa signature
- */
- signature_len = PK11_SignatureLen(priv_key);
- if (buffer_size != signature_len) {
- return VCARD7816_STATUS_ERROR_DATA_INVALID;
- }
- /* be able to handle larger keys if necessariy */
- bp = &buf[0];
- if (sizeof(buf) < signature_len) {
- bp = g_malloc(signature_len);
- }
-
- /*
- * do the raw operations. Some tokens claim to do CKM_RSA_X_509, but then
- * choke when they try to do the actual operations. Try to detect
- * those cases and treat them as if the token didn't claim support for
- * X_509.
- */
- if (key->failedX509 != VCardEmulTrue
- && PK11_DoesMechanism(slot, CKM_RSA_X_509)) {
- rv = PK11_PrivDecryptRaw(priv_key, bp, &signature_len, signature_len,
- buffer, buffer_size);
- if (rv == SECSuccess) {
- assert(buffer_size == signature_len);
- memcpy(buffer, bp, signature_len);
- key->failedX509 = VCardEmulFalse;
- goto cleanup;
- }
- /*
- * we've had a successful X509 operation, this failure must be
- * somethine else
- */
- if (key->failedX509 == VCardEmulFalse) {
- ret = vcard_emul_map_error(PORT_GetError());
- goto cleanup;
- }
- /*
- * key->failedX509 must be Unknown at this point, try the
- * non-x_509 case
- */
- }
- /* token does not support CKM_RSA_X509, emulate that with CKM_RSA_PKCS */
- /* is this a PKCS #1 formatted signature? */
- if ((buffer[0] == 0) && (buffer[1] == 1)) {
- int i;
-
- for (i = 2; i < buffer_size; i++) {
- /* rsa signature pad */
- if (buffer[i] != 0xff) {
- break;
- }
- }
- if ((i < buffer_size) && (buffer[i] == 0)) {
- /* yes, we have a properly formatted PKCS #1 signature */
- /*
- * NOTE: even if we accidentally got an encrypt buffer, which
- * through sheer luck started with 00, 01, ff, 00, it won't matter
- * because the resulting Sign operation will effectively decrypt
- * the real buffer.
- */
- SECItem signature;
- SECItem hash;
-
- i++;
- hash.data = &buffer[i];
- hash.len = buffer_size - i;
- signature.data = bp;
- signature.len = signature_len;
- rv = PK11_Sign(priv_key, &signature, &hash);
- if (rv != SECSuccess) {
- ret = vcard_emul_map_error(PORT_GetError());
- goto cleanup;
- }
- assert(buffer_size == signature.len);
- memcpy(buffer, bp, signature.len);
- /*
- * we got here because either the X509 attempt failed, or the
- * token couldn't do the X509 operation, in either case stay
- * with the PKCS version for future operations on this key
- */
- key->failedX509 = VCardEmulTrue;
- goto cleanup;
- }
- }
- pad_len = buffer_size - signature_len;
- assert(pad_len < 4);
- /*
- * OK now we've decrypted the payload, package it up in PKCS #1 for the
- * upper layer.
- */
- buffer[0] = 0;
- buffer[1] = 2; /* RSA_encrypt */
- pad_len -= 3; /* format is 0 || 2 || pad || 0 || data */
- /*
- * padding for PKCS #1 encrypted data is a string of random bytes. The
- * random butes protect against potential decryption attacks against RSA.
- * Since PrivDecrypt has already stripped those bytes, we can't reconstruct
- * them. This shouldn't matter to the upper level code which should just
- * strip this code out anyway, so We'll pad with a constant 3.
- */
- memset(&buffer[2], 0x03, pad_len);
- pad_len += 2; /* index to the end of the pad */
- buffer[pad_len] = 0;
- pad_len++; /* index to the start of the data */
- memcpy(&buffer[pad_len], bp, signature_len);
- /*
- * we got here because either the X509 attempt failed, or the
- * token couldn't do the X509 operation, in either case stay
- * with the PKCS version for future operations on this key
- */
- key->failedX509 = VCardEmulTrue;
-cleanup:
- if (bp != buf) {
- g_free(bp);
- }
- return ret;
-}
-
-/*
- * Login functions
- */
-/* return the number of login attempts still possible on the card. if unknown,
- * return -1 */
-int
-vcard_emul_get_login_count(VCard *card)
-{
- return -1;
-}
-
-/* login into the card, return the 7816 status word (sw2 || sw1) */
-vcard_7816_status_t
-vcard_emul_login(VCard *card, unsigned char *pin, int pin_len)
-{
- PK11SlotInfo *slot;
- unsigned char *pin_string;
- int i;
- SECStatus rv;
-
- if (!nss_emul_init) {
- return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
- }
- slot = vcard_emul_card_get_slot(card);
- /* We depend on the PKCS #11 module internal login state here because we
- * create a separate process to handle each guest instance. If we needed
- * to handle multiple guests from one process, then we would need to keep
- * a lot of extra state in our card structure
- * */
- pin_string = g_malloc(pin_len+1);
- memcpy(pin_string, pin, pin_len);
- pin_string[pin_len] = 0;
-
- /* handle CAC expanded pins correctly */
- for (i = pin_len-1; i >= 0 && (pin_string[i] == 0xff); i--) {
- pin_string[i] = 0;
- }
-
- rv = PK11_Authenticate(slot, PR_FALSE, pin_string);
- memset(pin_string, 0, pin_len); /* don't let the pin hang around in memory
- to be snooped */
- g_free(pin_string);
- if (rv == SECSuccess) {
- return VCARD7816_STATUS_SUCCESS;
- }
- /* map the error from port get error */
- return VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED;
-}
-
-void
-vcard_emul_logout(VCard *card)
-{
- PK11SlotInfo *slot;
-
- if (!nss_emul_init) {
- return;
- }
-
- slot = vcard_emul_card_get_slot(card);
- if (PK11_IsLoggedIn(slot, NULL)) {
- PK11_Logout(slot); /* NOTE: ignoring SECStatus return value */
- }
-}
-
-void
-vcard_emul_reset(VCard *card, VCardPower power)
-{
- /*
- * if we reset the card (either power on or power off), we lose our login
- * state
- */
- vcard_emul_logout(card);
-
- /* TODO: we may also need to send insertion/removal events? */
-}
-
-static VReader *
-vcard_emul_find_vreader_from_slot(PK11SlotInfo *slot)
-{
- VReaderList *reader_list = vreader_get_reader_list();
- VReaderListEntry *current_entry;
-
- if (reader_list == NULL) {
- return NULL;
- }
- for (current_entry = vreader_list_get_first(reader_list); current_entry;
- current_entry = vreader_list_get_next(current_entry)) {
- VReader *reader = vreader_list_get_reader(current_entry);
- VReaderEmul *reader_emul = vreader_get_private(reader);
- if (reader_emul->slot == slot) {
- vreader_list_delete(reader_list);
- return reader;
- }
- vreader_free(reader);
- }
-
- vreader_list_delete(reader_list);
- return NULL;
-}
-
-/*
- * create a new reader emul
- */
-static VReaderEmul *
-vreader_emul_new(PK11SlotInfo *slot, VCardEmulType type, const char *params)
-{
- VReaderEmul *new_reader_emul;
-
- new_reader_emul = g_new(VReaderEmul, 1);
-
- new_reader_emul->slot = PK11_ReferenceSlot(slot);
- new_reader_emul->default_type = type;
- new_reader_emul->type_params = g_strdup(params);
- new_reader_emul->present = PR_FALSE;
- new_reader_emul->series = 0;
- new_reader_emul->saved_vcard = NULL;
- return new_reader_emul;
-}
-
-static void
-vreader_emul_delete(VReaderEmul *vreader_emul)
-{
- if (vreader_emul == NULL) {
- return;
- }
- if (vreader_emul->slot) {
- PK11_FreeSlot(vreader_emul->slot);
- }
- g_free(vreader_emul->type_params);
- g_free(vreader_emul);
-}
-
-/*
- * TODO: move this to emulater non-specific file
- */
-static VCardEmulType
-vcard_emul_get_type(VReader *vreader)
-{
- VReaderEmul *vreader_emul;
-
- vreader_emul = vreader_get_private(vreader);
- if (vreader_emul && vreader_emul->default_type != VCARD_EMUL_NONE) {
- return vreader_emul->default_type;
- }
-
- return vcard_emul_type_select(vreader);
-}
-/*
- * TODO: move this to emulater non-specific file
- */
-static const char *
-vcard_emul_get_type_params(VReader *vreader)
-{
- VReaderEmul *vreader_emul;
-
- vreader_emul = vreader_get_private(vreader);
- if (vreader_emul && vreader_emul->type_params) {
- return vreader_emul->type_params;
- }
-
- return "";
-}
-
-/* pull the slot out of the reader private data */
-static PK11SlotInfo *
-vcard_emul_reader_get_slot(VReader *vreader)
-{
- VReaderEmul *vreader_emul = vreader_get_private(vreader);
- if (vreader_emul == NULL) {
- return NULL;
- }
- return vreader_emul->slot;
-}
-
-/*
- * Card ATR's map to physical cards. vcard_alloc_atr will set appropriate
- * historical bytes for any software emulated card. The remaining bytes can be
- * used to indicate the actual emulator
- */
-static unsigned char *nss_atr;
-static int nss_atr_len;
-
-void
-vcard_emul_get_atr(VCard *card, unsigned char *atr, int *atr_len)
-{
- int len;
- assert(atr != NULL);
-
- if (nss_atr == NULL) {
- nss_atr = vcard_alloc_atr("NSS", &nss_atr_len);
- }
- len = MIN(nss_atr_len, *atr_len);
- memcpy(atr, nss_atr, len);
- *atr_len = len;
-}
-
-/*
- * create a new card from certs and keys
- */
-static VCard *
-vcard_emul_make_card(VReader *reader,
- unsigned char * const *certs, int *cert_len,
- VCardKey *keys[], int cert_count)
-{
- VCardEmul *vcard_emul;
- VCard *vcard;
- PK11SlotInfo *slot;
- VCardEmulType type;
- const char *params;
-
- type = vcard_emul_get_type(reader);
-
- /* ignore the inserted card */
- if (type == VCARD_EMUL_NONE) {
- return NULL;
- }
- slot = vcard_emul_reader_get_slot(reader);
- if (slot == NULL) {
- return NULL;
- }
-
- params = vcard_emul_get_type_params(reader);
- /* params these can be NULL */
-
- vcard_emul = vcard_emul_new_card(slot);
- if (vcard_emul == NULL) {
- return NULL;
- }
- vcard = vcard_new(vcard_emul, vcard_emul_delete_card);
- if (vcard == NULL) {
- vcard_emul_delete_card(vcard_emul);
- return NULL;
- }
- vcard_init(reader, vcard, type, params, certs, cert_len, keys, cert_count);
- return vcard;
-}
-
-
-/*
- * 'clone' a physical card as a virtual card
- */
-static VCard *
-vcard_emul_mirror_card(VReader *vreader)
-{
- /*
- * lookup certs using the C_FindObjects. The Stan Cert handle won't give
- * us the real certs until we log in.
- */
- PK11GenericObject *firstObj, *thisObj;
- int cert_count;
- unsigned char **certs;
- int *cert_len;
- VCardKey **keys;
- PK11SlotInfo *slot;
- VCard *card;
-
- slot = vcard_emul_reader_get_slot(vreader);
- if (slot == NULL) {
- return NULL;
- }
-
- firstObj = PK11_FindGenericObjects(slot, CKO_CERTIFICATE);
- if (firstObj == NULL) {
- return NULL;
- }
-
- /* count the certs */
- cert_count = 0;
- for (thisObj = firstObj; thisObj;
- thisObj = PK11_GetNextGenericObject(thisObj)) {
- cert_count++;
- }
-
- /* allocate the arrays */
- vcard_emul_alloc_arrays(&certs, &cert_len, &keys, cert_count);
-
- /* fill in the arrays */
- cert_count = 0;
- for (thisObj = firstObj; thisObj;
- thisObj = PK11_GetNextGenericObject(thisObj)) {
- SECItem derCert;
- CERTCertificate *cert;
- SECStatus rv;
-
- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, thisObj,
- CKA_VALUE, &derCert);
- if (rv != SECSuccess) {
- continue;
- }
- /* create floating temp cert. This gives us a cert structure even if
- * the token isn't logged in */
- cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
- NULL, PR_FALSE, PR_TRUE);
- SECITEM_FreeItem(&derCert, PR_FALSE);
- if (cert == NULL) {
- continue;
- }
-
- certs[cert_count] = cert->derCert.data;
- cert_len[cert_count] = cert->derCert.len;
- keys[cert_count] = vcard_emul_make_key(slot, cert);
- cert_count++;
- CERT_DestroyCertificate(cert); /* key obj still has a reference */
- }
-
- /* now create the card */
- card = vcard_emul_make_card(vreader, certs, cert_len, keys, cert_count);
- g_free(certs);
- g_free(cert_len);
- g_free(keys);
-
- return card;
-}
-
-static VCardEmulType default_card_type = VCARD_EMUL_NONE;
-static const char *default_type_params = "";
-
-/*
- * This thread looks for card and reader insertions and puts events on the
- * event queue
- */
-static void
-vcard_emul_event_thread(void *arg)
-{
- PK11SlotInfo *slot;
- VReader *vreader;
- VReaderEmul *vreader_emul;
- VCard *vcard;
- SECMODModule *module = (SECMODModule *)arg;
-
- do {
- /*
- * XXX - the latency value doesn't matter one bit. you only get no
- * blocking (flags |= CKF_DONT_BLOCK) or PKCS11_WAIT_LATENCY (==500),
- * hard coded in coolkey. And it isn't coolkey's fault - the timeout
- * value we pass get's dropped on the floor before C_WaitForSlotEvent
- * is called.
- */
- slot = SECMOD_WaitForAnyTokenEvent(module, 0, 500);
- if (slot == NULL) {
- /* this could be just a no event indication */
- if (PORT_GetError() == SEC_ERROR_NO_EVENT) {
- continue;
- }
- break;
- }
- vreader = vcard_emul_find_vreader_from_slot(slot);
- if (vreader == NULL) {
- /* new vreader */
- vreader_emul = vreader_emul_new(slot, default_card_type,
- default_type_params);
- vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul,
- vreader_emul_delete);
- PK11_FreeSlot(slot);
- slot = NULL;
- vreader_add_reader(vreader);
- vreader_free(vreader);
- continue;
- }
- /* card remove/insert */
- vreader_emul = vreader_get_private(vreader);
- if (PK11_IsPresent(slot)) {
- int series = PK11_GetSlotSeries(slot);
- if (series != vreader_emul->series) {
- if (vreader_emul->present) {
- vreader_insert_card(vreader, NULL);
- }
- vcard = vcard_emul_mirror_card(vreader);
- vreader_insert_card(vreader, vcard);
- vcard_free(vcard);
- }
- vreader_emul->series = series;
- vreader_emul->present = 1;
- vreader_free(vreader);
- PK11_FreeSlot(slot);
- continue;
- }
- if (vreader_emul->present) {
- vreader_insert_card(vreader, NULL);
- }
- vreader_emul->series = 0;
- vreader_emul->present = 0;
- PK11_FreeSlot(slot);
- vreader_free(vreader);
- } while (1);
-}
-
-/* if the card is inserted when we start up, make sure our state is correct */
-static void
-vcard_emul_init_series(VReader *vreader, VCard *vcard)
-{
- VReaderEmul *vreader_emul = vreader_get_private(vreader);
- PK11SlotInfo *slot = vreader_emul->slot;
-
- vreader_emul->present = PK11_IsPresent(slot);
- vreader_emul->series = PK11_GetSlotSeries(slot);
- if (vreader_emul->present == 0) {
- vreader_insert_card(vreader, NULL);
- }
-}
-
-/*
- * each module has a separate wait call, create a thread for each module that
- * we are using.
- */
-static void
-vcard_emul_new_event_thread(SECMODModule *module)
-{
- PR_CreateThread(PR_SYSTEM_THREAD, vcard_emul_event_thread,
- module, PR_PRIORITY_HIGH, PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
-}
-
-static const VCardEmulOptions default_options = {
- .nss_db = NULL,
- .vreader = NULL,
- .vreader_count = 0,
- .hw_card_type = VCARD_EMUL_CAC,
- .hw_type_params = "",
- .use_hw = PR_TRUE
-};
-
-
-/*
- * NSS needs the app to supply a password prompt. In our case the only time
- * the password is supplied is as part of the Login APDU. The actual password
- * is passed in the pw_arg in that case. In all other cases pw_arg should be
- * NULL.
- */
-static char *
-vcard_emul_get_password(PK11SlotInfo *slot, PRBool retries, void *pw_arg)
-{
- /* if it didn't work the first time, don't keep trying */
- if (retries) {
- return NULL;
- }
- /* we are looking up a password when we don't have one in hand */
- if (pw_arg == NULL) {
- return NULL;
- }
- /* TODO: we really should verify that were are using the right slot */
- return PORT_Strdup(pw_arg);
-}
-
-/* Force a card removal even if the card is not physically removed */
-VCardEmulError
-vcard_emul_force_card_remove(VReader *vreader)
-{
- if (!nss_emul_init || (vreader_card_is_present(vreader) != VREADER_OK)) {
- return VCARD_EMUL_FAIL; /* card is already removed */
- }
-
- /* OK, remove it */
- vreader_insert_card(vreader, NULL);
- return VCARD_EMUL_OK;
-}
-
-/* Re-insert of a card that has been removed by force removal */
-VCardEmulError
-vcard_emul_force_card_insert(VReader *vreader)
-{
- VReaderEmul *vreader_emul;
- VCard *vcard;
-
- if (!nss_emul_init || (vreader_card_is_present(vreader) == VREADER_OK)) {
- return VCARD_EMUL_FAIL; /* card is already removed */
- }
- vreader_emul = vreader_get_private(vreader);
-
- /* if it's a softcard, get the saved vcard from the reader emul structure
*/
- if (vreader_emul->saved_vcard) {
- vcard = vcard_reference(vreader_emul->saved_vcard);
- } else {
- /* it must be a physical card, rebuild it */
- if (!PK11_IsPresent(vreader_emul->slot)) {
- /* physical card has been removed, not way to reinsert it */
- return VCARD_EMUL_FAIL;
- }
- vcard = vcard_emul_mirror_card(vreader);
- }
- vreader_insert_card(vreader, vcard);
- vcard_free(vcard);
-
- return VCARD_EMUL_OK;
-}
-
-
-static PRBool
-module_has_removable_hw_slots(SECMODModule *mod)
-{
- int i;
- PRBool ret = PR_FALSE;
- SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
-
- if (!moduleLock) {
- PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
- return ret;
- }
- SECMOD_GetReadLock(moduleLock);
- for (i = 0; i < mod->slotCount; i++) {
- PK11SlotInfo *slot = mod->slots[i];
- if (PK11_IsRemovable(slot) && PK11_IsHW(slot)) {
- ret = PR_TRUE;
- break;
- }
- }
- SECMOD_ReleaseReadLock(moduleLock);
- return ret;
-}
-
-/* Previously we returned FAIL if no readers found. This makes
- * no sense when using hardware, since there may be no readers connected
- * at the time vcard_emul_init is called, but they will be properly
- * recognized later. So Instead return FAIL only if no_hw==1 and no
- * vcards can be created (indicates error with certificates provided
- * or db), or if any other higher level error (NSS error, missing coolkey). */
-static int vcard_emul_init_called;
-
-VCardEmulError
-vcard_emul_init(const VCardEmulOptions *options)
-{
- SECStatus rv;
- PRBool has_readers = PR_FALSE;
- VReader *vreader;
- VReaderEmul *vreader_emul;
- SECMODListLock *module_lock;
- SECMODModuleList *module_list;
- SECMODModuleList *mlp;
- int i;
-
- if (vcard_emul_init_called) {
- return VCARD_EMUL_INIT_ALREADY_INITED;
- }
- vcard_emul_init_called = 1;
- vreader_init();
- vevent_queue_init();
-
- if (options == NULL) {
- options = &default_options;
- }
-
- /* first initialize NSS */
- if (options->nss_db) {
- rv = NSS_Init(options->nss_db);
- } else {
- gchar *path;
-#ifndef _WIN32
- path = g_strdup("/etc/pki/nssdb");
-#else
- if (g_get_system_config_dirs() == NULL ||
- g_get_system_config_dirs()[0] == NULL) {
- return VCARD_EMUL_FAIL;
- }
-
- path = g_build_filename(
- g_get_system_config_dirs()[0], "pki", "nssdb", NULL);
-#endif
-
- rv = NSS_Init(path);
- g_free(path);
- }
- if (rv != SECSuccess) {
- return VCARD_EMUL_FAIL;
- }
- /* Set password callback function */
- PK11_SetPasswordFunc(vcard_emul_get_password);
-
- /* set up soft cards emulated by software certs rather than physical cards
- * */
- for (i = 0; i < options->vreader_count; i++) {
- int j;
- int cert_count;
- unsigned char **certs;
- int *cert_len;
- VCardKey **keys;
- PK11SlotInfo *slot;
-
- slot = PK11_FindSlotByName(options->vreader[i].name);
- if (slot == NULL) {
- continue;
- }
- vreader_emul = vreader_emul_new(slot, options->vreader[i].card_type,
- options->vreader[i].type_params);
- vreader = vreader_new(options->vreader[i].vname, vreader_emul,
- vreader_emul_delete);
- vreader_add_reader(vreader);
-
- vcard_emul_alloc_arrays(&certs, &cert_len, &keys,
- options->vreader[i].cert_count);
-
- cert_count = 0;
- for (j = 0; j < options->vreader[i].cert_count; j++) {
- /* we should have a better way of identifying certs than by
- * nickname here */
- CERTCertificate *cert = PK11_FindCertFromNickname(
- options->vreader[i].cert_name[j],
- NULL);
- if (cert == NULL) {
- continue;
- }
- certs[cert_count] = cert->derCert.data;
- cert_len[cert_count] = cert->derCert.len;
- keys[cert_count] = vcard_emul_make_key(slot, cert);
- /* this is safe because the key is still holding a cert reference
*/
- CERT_DestroyCertificate(cert);
- cert_count++;
- }
- if (cert_count) {
- VCard *vcard = vcard_emul_make_card(vreader, certs, cert_len,
- keys, cert_count);
- vreader_insert_card(vreader, vcard);
- vcard_emul_init_series(vreader, vcard);
- /* allow insertion and removal of soft cards */
- vreader_emul->saved_vcard = vcard_reference(vcard);
- vcard_free(vcard);
- vreader_free(vreader);
- has_readers = PR_TRUE;
- }
- g_free(certs);
- g_free(cert_len);
- g_free(keys);
- }
-
- /* if we aren't suppose to use hw, skip looking up hardware tokens */
- if (!options->use_hw) {
- nss_emul_init = has_readers;
- return has_readers ? VCARD_EMUL_OK : VCARD_EMUL_FAIL;
- }
-
- /* make sure we have some PKCS #11 module loaded */
- module_lock = SECMOD_GetDefaultModuleListLock();
- module_list = SECMOD_GetDefaultModuleList();
- SECMOD_GetReadLock(module_lock);
- for (mlp = module_list; mlp; mlp = mlp->next) {
- SECMODModule *module = mlp->module;
- if (module_has_removable_hw_slots(module)) {
- break;
- }
- }
- SECMOD_ReleaseReadLock(module_lock);
-
- /* now examine all the slots, finding which should be readers */
- /* We should control this with options. For now we mirror out any
- * removable hardware slot */
- default_card_type = options->hw_card_type;
- default_type_params = g_strdup(options->hw_type_params);
-
- SECMOD_GetReadLock(module_lock);
- for (mlp = module_list; mlp; mlp = mlp->next) {
- SECMODModule *module = mlp->module;
-
- /* Ignore the internal module */
- if (module == NULL || module == SECMOD_GetInternalModule()) {
- continue;
- }
-
- for (i = 0; i < module->slotCount; i++) {
- PK11SlotInfo *slot = module->slots[i];
-
- /* only map removable HW slots */
- if (slot == NULL || !PK11_IsRemovable(slot) || !PK11_IsHW(slot)) {
- continue;
- }
- if (strcmp("E-Gate 0 0", PK11_GetSlotName(slot)) == 0) {
- /*
- * coolkey <= 1.1.0-20 emulates this reader if it can't find
- * any hardware readers. This causes problems, warn user of
- * problems.
- */
- fprintf(stderr, "known bad coolkey version - see "
-
"https://bugzilla.redhat.com/show_bug.cgi?id=802435\n";);
- continue;
- }
- vreader_emul = vreader_emul_new(slot, options->hw_card_type,
- options->hw_type_params);
- vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul,
- vreader_emul_delete);
- vreader_add_reader(vreader);
-
- if (PK11_IsPresent(slot)) {
- VCard *vcard;
- vcard = vcard_emul_mirror_card(vreader);
- vreader_insert_card(vreader, vcard);
- vcard_emul_init_series(vreader, vcard);
- vcard_free(vcard);
- }
- }
- vcard_emul_new_event_thread(module);
- }
- SECMOD_ReleaseReadLock(module_lock);
- nss_emul_init = PR_TRUE;
-
- return VCARD_EMUL_OK;
-}
-
-/* Recreate card insert events for all readers (user should
- * deduce implied reader insert. perhaps do a reader insert as well?)
- */
-void
-vcard_emul_replay_insertion_events(void)
-{
- VReaderListEntry *current_entry;
- VReaderListEntry *next_entry;
- VReaderList *list = vreader_get_reader_list();
-
- for (current_entry = vreader_list_get_first(list); current_entry;
- current_entry = next_entry) {
- VReader *vreader = vreader_list_get_reader(current_entry);
- next_entry = vreader_list_get_next(current_entry);
- vreader_queue_card_event(vreader);
- }
-
- vreader_list_delete(list);
-}
-
-/*
- * Silly little functions to help parsing our argument string
- */
-static int
-count_tokens(const char *str, char token, char token_end)
-{
- int count = 0;
-
- for (; *str; str++) {
- if (*str == token) {
- count++;
- }
- if (*str == token_end) {
- break;
- }
- }
- return count;
-}
-
-static const char *
-strip(const char *str)
-{
- for (; *str && isspace(*str); str++) {
- }
- return str;
-}
-
-static const char *
-find_blank(const char *str)
-{
- for (; *str && !isspace(*str); str++) {
- }
- return str;
-}
-
-
-/*
- * We really want to use some existing argument parsing library here. That
- * would give us a consistent look */
-static VCardEmulOptions options;
-#define READER_STEP 4
-
-/* Expects "args" to be at the beginning of a token (ie right after the ','
- * ending the previous token), and puts the next token start in "token",
- * and its length in "token_length". "token" will not be nul-terminated.
- * After calling the macro, "args" will be advanced to the beginning of
- * the next token.
- * This macro may call continue or break.
- */
-#define NEXT_TOKEN(token) \
- (token) = args; \
- args = strpbrk(args, ",)"); \
- if (*args == 0) { \
- break; \
- } \
- if (*args == ')') { \
- args++; \
- continue; \
- } \
- (token##_length) = args - (token); \
- args = strip(args+1);
-
-VCardEmulOptions *
-vcard_emul_options(const char *args)
-{
- int reader_count = 0;
- VCardEmulOptions *opts;
-
- /* Allow the future use of allocating the options structure on the fly */
- memcpy(&options, &default_options, sizeof(options));
- opts = &options;
-
- do {
- args = strip(args); /* strip off the leading spaces */
- if (*args == ',') {
- continue;
- }
- /* soft=(slot_name,virt_name,emul_type,emul_flags,cert_1, (no eol)
- * cert_2,cert_3...) */
- if (strncmp(args, "soft=", 5) == 0) {
- const char *name;
- size_t name_length;
- const char *vname;
- size_t vname_length;
- const char *type_params;
- size_t type_params_length;
- char type_str[100];
- VCardEmulType type;
- int count, i;
- VirtualReaderOptions *vreaderOpt;
-
- args = strip(args + 5);
- if (*args != '(') {
- continue;
- }
- args = strip(args+1);
-
- NEXT_TOKEN(name)
- NEXT_TOKEN(vname)
- NEXT_TOKEN(type_params)
- type_params_length = MIN(type_params_length, sizeof(type_str)-1);
- memcpy(type_str, type_params, type_params_length);
- type_str[type_params_length] = '\0';
- type = vcard_emul_type_from_string(type_str);
-
- NEXT_TOKEN(type_params)
-
- if (*args == 0) {
- break;
- }
-
- if (opts->vreader_count >= reader_count) {
- reader_count += READER_STEP;
- opts->vreader = g_renew(VirtualReaderOptions, opts->vreader,
- reader_count);
- }
- vreaderOpt = &opts->vreader[opts->vreader_count];
- vreaderOpt->name = g_strndup(name, name_length);
- vreaderOpt->vname = g_strndup(vname, vname_length);
- vreaderOpt->card_type = type;
- vreaderOpt->type_params =
- g_strndup(type_params, type_params_length);
- count = count_tokens(args, ',', ')') + 1;
- vreaderOpt->cert_count = count;
- vreaderOpt->cert_name = g_new(char *, count);
- for (i = 0; i < count; i++) {
- const char *cert = args;
- args = strpbrk(args, ",)");
- vreaderOpt->cert_name[i] = g_strndup(cert, args - cert);
- args = strip(args+1);
- }
- if (*args == ')') {
- args++;
- }
- opts->vreader_count++;
- /* use_hw= */
- } else if (strncmp(args, "use_hw=", 7) == 0) {
- args = strip(args+7);
- if (*args == '0' || *args == 'N' || *args == 'n' || *args == 'F') {
- opts->use_hw = PR_FALSE;
- } else {
- opts->use_hw = PR_TRUE;
- }
- args = find_blank(args);
- /* hw_type= */
- } else if (strncmp(args, "hw_type=", 8) == 0) {
- args = strip(args+8);
- opts->hw_card_type = vcard_emul_type_from_string(args);
- args = find_blank(args);
- /* hw_params= */
- } else if (strncmp(args, "hw_params=", 10) == 0) {
- const char *params;
- args = strip(args+10);
- params = args;
- args = find_blank(args);
- opts->hw_type_params = g_strndup(params, args-params);
- /* db="/data/base/path" */
- } else if (strncmp(args, "db=", 3) == 0) {
- const char *db;
- args = strip(args+3);
- if (*args != '"') {
- continue;
- }
- args++;
- db = args;
- args = strpbrk(args, "\"\n");
- opts->nss_db = g_strndup(db, args-db);
- if (*args != 0) {
- args++;
- }
- } else {
- args = find_blank(args);
- }
- } while (*args != 0);
-
- return opts;
-}
-
-void
-vcard_emul_usage(void)
-{
- fprintf(stderr,
-"emul args: comma separated list of the following arguments\n"
-" db={nss_database} (default sql:/etc/pki/nssdb)\n"
-" use_hw=[yes|no] (default yes)\n"
-" hw_type={card_type_to_emulate} (default CAC)\n"
-" hw_param={param_for_card} (default \"\")\n"
-" soft=({slot_name},{vreader_name},{card_type_to_emulate},{params_for_card},\n"
-" {cert1},{cert2},{cert3} (default none)\n"
-"\n"
-" {nss_database} The location of the NSS cert & key database\n"
-" {card_type_to_emulate} What card interface to present to the guest\n"
-" {param_for_card} Card interface specific parameters\n"
-" {slot_name} NSS slot that contains the certs\n"
-" {vreader_name} Virtual reader name to present to the guest\n"
-" {certN} Nickname of the certificate n on the virtual card\n"
-"\n"
-"These parameters come as a single string separated by blanks or newlines."
-"\n"
-"Unless use_hw is set to no, all tokens that look like removable hardware\n"
-"tokens will be presented to the guest using the emulator specified by\n"
-"hw_type, and parameters of hw_param.\n"
-"\n"
-"If more one or more soft= parameters are specified, these readers will be\n"
-"presented to the guest\n");
-}
diff --git a/libcacard/vcard_emul_type.c b/libcacard/vcard_emul_type.c
deleted file mode 100644
index 59a1458..0000000
--- a/libcacard/vcard_emul_type.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * This file contains utility functions which abstract the different card
- * types. The goal is that new card types can easily be added by simply
- * changing this file and vcard_emul_type.h. It is currently not a requirement
- * to dynamically add new card types.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include <strings.h>
-#include "vcardt.h"
-#include "vcard_emul_type.h"
-#include "cac.h"
-
-VCardStatus vcard_init(VReader *vreader, VCard *vcard,
- VCardEmulType type, const char *params,
- unsigned char *const *cert, int cert_len[],
- VCardKey *key[], int cert_count)
-{
- switch (type) {
- case VCARD_EMUL_NONE:
- break;
- case VCARD_EMUL_CAC:
- return cac_card_init(vreader, vcard, params,
- cert, cert_len, key, cert_count);
- /* add new ones here */
- default:
- break;
- }
- return VCARD_FAIL;
-}
-
-VCardEmulType vcard_emul_type_select(VReader *vreader)
-{
-#ifdef notdef
- /* since there is only one emulator no need to call this function */
- if (cac_is_cac_card(vreader) == VCARD_DONE) {
- return VCARD_EMUL_CAC;
- }
-#endif
- /* return the default */
- return VCARD_EMUL_CAC;
-}
-
-VCardEmulType vcard_emul_type_from_string(const char *type_string)
-{
- if (strcasecmp(type_string, "CAC") == 0) {
- return VCARD_EMUL_CAC;
- }
-#ifdef USE_PASSTHRU
- if (strcasecmp(type_string, "PASSTHRU") == 0) {
- return VCARD_EMUL_PASSTHRU;
- }
-#endif
- return VCARD_EMUL_NONE;
-}
diff --git a/libcacard/vcard_emul_type.h b/libcacard/vcard_emul_type.h
deleted file mode 100644
index 0242f40..0000000
--- a/libcacard/vcard_emul_type.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * This header file abstracts the different card types. The goal is new card
- * types can easily be added by simply changing this file and
- * vcard_emul_type.c. It is currently not a requirement to dynamically add new
- * card types.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef VCARD_EMUL_TYPE_H
-#define VCARD_EMUL_TYPE_H 1
-#include "vcardt.h"
-#include "vreadert.h"
-
-/*
- * types
- */
-typedef enum {
- VCARD_EMUL_NONE = 0,
- VCARD_EMUL_CAC,
- VCARD_EMUL_PASSTHRU
-} VCardEmulType;
-
-/* functions used by the rest of the emulator */
-VCardStatus vcard_init(VReader *vreader, VCard *vcard, VCardEmulType type,
- const char *params, unsigned char * const *cert,
- int cert_len[], VCardKey *key[], int cert_count);
-VCardEmulType vcard_emul_type_select(VReader *vreader);
-VCardEmulType vcard_emul_type_from_string(const char *type_string);
-
-#endif
diff --git a/libcacard/vcardt.c b/libcacard/vcardt.c
deleted file mode 100644
index c67de2f..0000000
--- a/libcacard/vcardt.c
+++ /dev/null
@@ -1,40 +0,0 @@
-#include <stdlib.h>
-#include <string.h>
-#include <glib.h>
-
-#include "vcardt.h"
-
-#include "vcardt_internal.h"
-
-/* create an ATR with appropriate historical bytes */
-#define ATR_TS_DIRECT_CONVENTION 0x3b
-#define ATR_TA_PRESENT 0x10
-#define ATR_TB_PRESENT 0x20
-#define ATR_TC_PRESENT 0x40
-#define ATR_TD_PRESENT 0x80
-
-unsigned char *vcard_alloc_atr(const char *postfix, int *atr_len)
-{
- int postfix_len;
- const char prefix[] = "VCARD_";
- const char default_postfix[] = "DEFAULT";
- const int prefix_len = sizeof(prefix) - 1;
- int total_len;
- unsigned char *atr;
-
- if (postfix == NULL) {
- postfix = default_postfix;
- }
- postfix_len = strlen(postfix);
- total_len = 3 + prefix_len + postfix_len;
- atr = g_malloc(total_len);
- atr[0] = ATR_TS_DIRECT_CONVENTION;
- atr[1] = ATR_TD_PRESENT + prefix_len + postfix_len;
- atr[2] = 0x00;
- memcpy(&atr[3], prefix, prefix_len);
- memcpy(&atr[3 + prefix_len], postfix, postfix_len);
- if (atr_len) {
- *atr_len = total_len;
- }
- return atr;
-}
diff --git a/libcacard/vcardt.h b/libcacard/vcardt.h
deleted file mode 100644
index 795e265..0000000
--- a/libcacard/vcardt.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef VCARDT_H
-#define VCARDT_H 1
-
-/*
- * these should come from some common spice header file
- */
-#include <assert.h>
-#ifndef MIN
-#define MIN(x, y) ((x) > (y) ? (y) : (x))
-#define MAX(x, y) ((x) > (y) ? (x) : (y))
-#endif
-
-typedef struct VCardStruct VCard;
-typedef struct VCardAPDUStruct VCardAPDU;
-typedef struct VCardResponseStruct VCardResponse;
-typedef struct VCardBufferResponseStruct VCardBufferResponse;
-typedef struct VCardAppletStruct VCardApplet;
-typedef struct VCardAppletPrivateStruct VCardAppletPrivate;
-typedef struct VCardKeyStruct VCardKey; /* opaque */
-typedef struct VCardEmulStruct VCardEmul;
-
-#define MAX_CHANNEL 4
-
-typedef enum {
- VCARD_DONE,
- VCARD_NEXT,
- VCARD_FAIL
-} VCardStatus;
-
-typedef enum {
- VCARD_FILE_SYSTEM,
- VCARD_VM,
- VCARD_DIRECT
-} VCardType;
-
-typedef enum {
- VCARD_POWER_ON,
- VCARD_POWER_OFF
-} VCardPower;
-
-typedef VCardStatus (*VCardProcessAPDU)(VCard *card, VCardAPDU *apdu,
- VCardResponse **response);
-typedef VCardStatus (*VCardResetApplet)(VCard *card, int channel);
-typedef void (*VCardAppletPrivateFree) (VCardAppletPrivate *);
-typedef void (*VCardEmulFree) (VCardEmul *);
-typedef void (*VCardGetAtr) (VCard *, unsigned char *atr, int *atr_len);
-
-struct VCardBufferResponseStruct {
- unsigned char *buffer;
- int buffer_len;
- unsigned char *current;
- int len;
-};
-
-#endif
diff --git a/libcacard/vcardt_internal.h b/libcacard/vcardt_internal.h
deleted file mode 100644
index e5c8d2d..0000000
--- a/libcacard/vcardt_internal.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef VCARDT_INTERNAL_H
-#define VCARDT_INTERNAL_H
-
-unsigned char *vcard_alloc_atr(const char *postfix, int *atr_len);
-
-#endif
diff --git a/libcacard/vevent.h b/libcacard/vevent.h
deleted file mode 100644
index 38c3482..0000000
--- a/libcacard/vevent.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-#ifndef EVENT_H
-#define EVENT_H 1
-#include "eventt.h"
-#include "vreadert.h"
-#include "vcardt.h"
-
-VEvent *vevent_new(VEventType type, VReader *reader, VCard *card);
-void vevent_delete(VEvent *);
-
-/*
- * VEvent queueing services
- */
-void vevent_queue_vevent(VEvent *);
-void vevent_queue_init(void);
-
-/*
- * VEvent dequeing services
- */
-VEvent *vevent_wait_next_vevent(void);
-VEvent *vevent_get_next_vevent(void);
-
-
-#endif
diff --git a/libcacard/vreader.c b/libcacard/vreader.c
deleted file mode 100644
index 9725f46..0000000
--- a/libcacard/vreader.c
+++ /dev/null
@@ -1,578 +0,0 @@
-/*
- * emulate the reader
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifdef G_LOG_DOMAIN
-#undef G_LOG_DOMAIN
-#endif
-#define G_LOG_DOMAIN "libcacard"
-
-#include "glib-compat.h"
-
-#include <string.h>
-
-#include "vcard.h"
-#include "vcard_emul.h"
-#include "card_7816.h"
-#include "vreader.h"
-#include "vevent.h"
-#include "cac.h" /* just for debugging defines */
-
-#define LIBCACARD_LOG_DOMAIN "libcacard"
-
-struct VReaderStruct {
- int reference_count;
- VCard *card;
- char *name;
- vreader_id_t id;
- CompatGMutex lock;
- VReaderEmul *reader_private;
- VReaderEmulFree reader_private_free;
-};
-
-/*
- * Debug helpers
- */
-
-static const char *
-apdu_ins_to_string(int ins)
-{
- switch (ins) {
- case VCARD7816_INS_MANAGE_CHANNEL:
- return "manage channel";
- case VCARD7816_INS_EXTERNAL_AUTHENTICATE:
- return "external authenticate";
- case VCARD7816_INS_GET_CHALLENGE:
- return "get challenge";
- case VCARD7816_INS_INTERNAL_AUTHENTICATE:
- return "internal authenticate";
- case VCARD7816_INS_ERASE_BINARY:
- return "erase binary";
- case VCARD7816_INS_READ_BINARY:
- return "read binary";
- case VCARD7816_INS_WRITE_BINARY:
- return "write binary";
- case VCARD7816_INS_UPDATE_BINARY:
- return "update binary";
- case VCARD7816_INS_READ_RECORD:
- return "read record";
- case VCARD7816_INS_WRITE_RECORD:
- return "write record";
- case VCARD7816_INS_UPDATE_RECORD:
- return "update record";
- case VCARD7816_INS_APPEND_RECORD:
- return "append record";
- case VCARD7816_INS_ENVELOPE:
- return "envelope";
- case VCARD7816_INS_PUT_DATA:
- return "put data";
- case VCARD7816_INS_GET_DATA:
- return "get data";
- case VCARD7816_INS_SELECT_FILE:
- return "select file";
- case VCARD7816_INS_VERIFY:
- return "verify";
- case VCARD7816_INS_GET_RESPONSE:
- return "get response";
- case CAC_GET_PROPERTIES:
- return "get properties";
- case CAC_GET_ACR:
- return "get acr";
- case CAC_READ_BUFFER:
- return "read buffer";
- case CAC_UPDATE_BUFFER:
- return "update buffer";
- case CAC_SIGN_DECRYPT:
- return "sign decrypt";
- case CAC_GET_CERTIFICATE:
- return "get certificate";
- }
- return "unknown";
-}
-
-/* manage locking */
-static inline void
-vreader_lock(VReader *reader)
-{
- g_mutex_lock(&reader->lock);
-}
-
-static inline void
-vreader_unlock(VReader *reader)
-{
- g_mutex_unlock(&reader->lock);
-}
-
-/*
- * vreader constructor
- */
-VReader *
-vreader_new(const char *name, VReaderEmul *private,
- VReaderEmulFree private_free)
-{
- VReader *reader;
-
- reader = g_new(VReader, 1);
- g_mutex_init(&reader->lock);
- reader->reference_count = 1;
- reader->name = g_strdup(name);
- reader->card = NULL;
- reader->id = (vreader_id_t)-1;
- reader->reader_private = private;
- reader->reader_private_free = private_free;
- return reader;
-}
-
-/* get a reference */
-VReader*
-vreader_reference(VReader *reader)
-{
- if (reader == NULL) {
- return NULL;
- }
- vreader_lock(reader);
- reader->reference_count++;
- vreader_unlock(reader);
- return reader;
-}
-
-/* free a reference */
-void
-vreader_free(VReader *reader)
-{
- if (reader == NULL) {
- return;
- }
- vreader_lock(reader);
- if (reader->reference_count-- > 1) {
- vreader_unlock(reader);
- return;
- }
- vreader_unlock(reader);
- g_mutex_clear(&reader->lock);
- if (reader->card) {
- vcard_free(reader->card);
- }
- g_free(reader->name);
- if (reader->reader_private_free) {
- reader->reader_private_free(reader->reader_private);
- }
- g_free(reader);
-}
-
-static VCard *
-vreader_get_card(VReader *reader)
-{
- VCard *card;
-
- vreader_lock(reader);
- card = vcard_reference(reader->card);
- vreader_unlock(reader);
- return card;
-}
-
-VReaderStatus
-vreader_card_is_present(VReader *reader)
-{
- VCard *card = vreader_get_card(reader);
-
- if (card == NULL) {
- return VREADER_NO_CARD;
- }
- vcard_free(card);
- return VREADER_OK;
-}
-
-vreader_id_t
-vreader_get_id(VReader *reader)
-{
- if (reader == NULL) {
- return (vreader_id_t)-1;
- }
- return reader->id;
-}
-
-VReaderStatus
-vreader_set_id(VReader *reader, vreader_id_t id)
-{
- if (reader == NULL) {
- return VREADER_NO_CARD;
- }
- reader->id = id;
- return VREADER_OK;
-}
-
-const char *
-vreader_get_name(VReader *reader)
-{
- if (reader == NULL) {
- return NULL;
- }
- return reader->name;
-}
-
-VReaderEmul *
-vreader_get_private(VReader *reader)
-{
- return reader->reader_private;
-}
-
-static VReaderStatus
-vreader_reset(VReader *reader, VCardPower power, unsigned char *atr, int *len)
-{
- VCard *card = vreader_get_card(reader);
-
- if (card == NULL) {
- return VREADER_NO_CARD;
- }
- /*
- * clean up our state
- */
- vcard_reset(card, power);
- if (atr) {
- vcard_get_atr(card, atr, len);
- }
- vcard_free(card); /* free our reference */
- return VREADER_OK;
-}
-
-VReaderStatus
-vreader_power_on(VReader *reader, unsigned char *atr, int *len)
-{
- return vreader_reset(reader, VCARD_POWER_ON, atr, len);
-}
-
-VReaderStatus
-vreader_power_off(VReader *reader)
-{
- return vreader_reset(reader, VCARD_POWER_OFF, NULL, 0);
-}
-
-
-VReaderStatus
-vreader_xfr_bytes(VReader *reader,
- unsigned char *send_buf, int send_buf_len,
- unsigned char *receive_buf, int *receive_buf_len)
-{
- VCardAPDU *apdu;
- VCardResponse *response = NULL;
- VCardStatus card_status;
- unsigned short status;
- VCard *card = vreader_get_card(reader);
-
- if (card == NULL) {
- return VREADER_NO_CARD;
- }
-
- apdu = vcard_apdu_new(send_buf, send_buf_len, &status);
- if (apdu == NULL) {
- response = vcard_make_response(status);
- card_status = VCARD_DONE;
- } else {
- g_debug("%s: CLS=0x%x,INS=0x%x,P1=0x%x,P2=0x%x,Lc=%d,Le=%d %s",
- __func__, apdu->a_cla, apdu->a_ins, apdu->a_p1, apdu->a_p2,
- apdu->a_Lc, apdu->a_Le, apdu_ins_to_string(apdu->a_ins));
- card_status = vcard_process_apdu(card, apdu, &response);
- if (response) {
- g_debug("%s: status=%d sw1=0x%x sw2=0x%x len=%d (total=%d)",
- __func__, response->b_status, response->b_sw1,
- response->b_sw2, response->b_len, response->b_total_len);
- }
- }
- assert(card_status == VCARD_DONE && response);
- int size = MIN(*receive_buf_len, response->b_total_len);
- memcpy(receive_buf, response->b_data, size);
- *receive_buf_len = size;
- vcard_response_delete(response);
- vcard_apdu_delete(apdu);
- vcard_free(card); /* free our reference */
- return VREADER_OK;
-}
-
-struct VReaderListStruct {
- VReaderListEntry *head;
- VReaderListEntry *tail;
-};
-
-struct VReaderListEntryStruct {
- VReaderListEntry *next;
- VReaderListEntry *prev;
- VReader *reader;
-};
-
-
-static VReaderListEntry *
-vreader_list_entry_new(VReader *reader)
-{
- VReaderListEntry *new_reader_list_entry;
-
- new_reader_list_entry = g_new0(VReaderListEntry, 1);
- new_reader_list_entry->reader = vreader_reference(reader);
- return new_reader_list_entry;
-}
-
-static void
-vreader_list_entry_delete(VReaderListEntry *entry)
-{
- if (entry == NULL) {
- return;
- }
- vreader_free(entry->reader);
- g_free(entry);
-}
-
-
-static VReaderList *
-vreader_list_new(void)
-{
- VReaderList *new_reader_list;
-
- new_reader_list = g_new0(VReaderList, 1);
- return new_reader_list;
-}
-
-void
-vreader_list_delete(VReaderList *list)
-{
- VReaderListEntry *current_entry;
- VReaderListEntry *next_entry;
- for (current_entry = vreader_list_get_first(list); current_entry;
- current_entry = next_entry) {
- next_entry = vreader_list_get_next(current_entry);
- vreader_list_entry_delete(current_entry);
- }
- g_free(list);
-}
-
-
-VReaderListEntry *
-vreader_list_get_first(VReaderList *list)
-{
- return list ? list->head : NULL;
-}
-
-VReaderListEntry *
-vreader_list_get_next(VReaderListEntry *current)
-{
- return current ? current->next : NULL;
-}
-
-VReader *
-vreader_list_get_reader(VReaderListEntry *entry)
-{
- return entry ? vreader_reference(entry->reader) : NULL;
-}
-
-static void
-vreader_queue(VReaderList *list, VReaderListEntry *entry)
-{
- if (entry == NULL) {
- return;
- }
- entry->next = NULL;
- entry->prev = list->tail;
- if (list->head) {
- list->tail->next = entry;
- } else {
- list->head = entry;
- }
- list->tail = entry;
-}
-
-static void
-vreader_dequeue(VReaderList *list, VReaderListEntry *entry)
-{
- if (entry == NULL) {
- return;
- }
- if (entry->next == NULL) {
- list->tail = entry->prev;
- } else if (entry->prev == NULL) {
- list->head = entry->next;
- } else {
- entry->prev->next = entry->next;
- entry->next->prev = entry->prev;
- }
- if ((list->tail == NULL) || (list->head == NULL)) {
- list->head = list->tail = NULL;
- }
- entry->next = entry->prev = NULL;
-}
-
-static VReaderList *vreader_list;
-static CompatGMutex vreader_list_mutex;
-
-static void
-vreader_list_init(void)
-{
- vreader_list = vreader_list_new();
-}
-
-static void
-vreader_list_lock(void)
-{
- g_mutex_lock(&vreader_list_mutex);
-}
-
-static void
-vreader_list_unlock(void)
-{
- g_mutex_unlock(&vreader_list_mutex);
-}
-
-static VReaderList *
-vreader_copy_list(VReaderList *list)
-{
- VReaderList *new_list;
- VReaderListEntry *current_entry;
-
- new_list = vreader_list_new();
- if (new_list == NULL) {
- return NULL;
- }
- for (current_entry = vreader_list_get_first(list); current_entry;
- current_entry = vreader_list_get_next(current_entry)) {
- VReader *reader = vreader_list_get_reader(current_entry);
- VReaderListEntry *new_entry = vreader_list_entry_new(reader);
-
- vreader_free(reader);
- vreader_queue(new_list, new_entry);
- }
- return new_list;
-}
-
-VReaderList *
-vreader_get_reader_list(void)
-{
- VReaderList *new_reader_list;
-
- vreader_list_lock();
- new_reader_list = vreader_copy_list(vreader_list);
- vreader_list_unlock();
- return new_reader_list;
-}
-
-VReader *
-vreader_get_reader_by_id(vreader_id_t id)
-{
- VReader *reader = NULL;
- VReaderListEntry *current_entry;
-
- if (id == (vreader_id_t) -1) {
- return NULL;
- }
-
- vreader_list_lock();
- for (current_entry = vreader_list_get_first(vreader_list); current_entry;
- current_entry = vreader_list_get_next(current_entry)) {
- VReader *creader = vreader_list_get_reader(current_entry);
- if (creader->id == id) {
- reader = creader;
- break;
- }
- vreader_free(creader);
- }
- vreader_list_unlock();
- return reader;
-}
-
-VReader *
-vreader_get_reader_by_name(const char *name)
-{
- VReader *reader = NULL;
- VReaderListEntry *current_entry;
-
- vreader_list_lock();
- for (current_entry = vreader_list_get_first(vreader_list); current_entry;
- current_entry = vreader_list_get_next(current_entry)) {
- VReader *creader = vreader_list_get_reader(current_entry);
- if (strcmp(creader->name, name) == 0) {
- reader = creader;
- break;
- }
- vreader_free(creader);
- }
- vreader_list_unlock();
- return reader;
-}
-
-/* called from card_emul to initialize the readers */
-VReaderStatus
-vreader_add_reader(VReader *reader)
-{
- VReaderListEntry *reader_entry;
-
- reader_entry = vreader_list_entry_new(reader);
- if (reader_entry == NULL) {
- return VREADER_OUT_OF_MEMORY;
- }
- vreader_list_lock();
- vreader_queue(vreader_list, reader_entry);
- vreader_list_unlock();
- vevent_queue_vevent(vevent_new(VEVENT_READER_INSERT, reader, NULL));
- return VREADER_OK;
-}
-
-
-VReaderStatus
-vreader_remove_reader(VReader *reader)
-{
- VReaderListEntry *current_entry;
-
- vreader_list_lock();
- for (current_entry = vreader_list_get_first(vreader_list); current_entry;
- current_entry = vreader_list_get_next(current_entry)) {
- if (current_entry->reader == reader) {
- break;
- }
- }
- vreader_dequeue(vreader_list, current_entry);
- vreader_list_unlock();
- vreader_list_entry_delete(current_entry);
- vevent_queue_vevent(vevent_new(VEVENT_READER_REMOVE, reader, NULL));
- return VREADER_OK;
-}
-
-/*
- * Generate VEVENT_CARD_INSERT or VEVENT_CARD_REMOVE based on vreader
- * state. Separated from vreader_insert_card to allow replaying events
- * for a given state.
- */
-void
-vreader_queue_card_event(VReader *reader)
-{
- vevent_queue_vevent(vevent_new(
- reader->card ? VEVENT_CARD_INSERT : VEVENT_CARD_REMOVE, reader,
- reader->card));
-}
-
-/*
- * insert/remove a new card. for removal, card == NULL
- */
-VReaderStatus
-vreader_insert_card(VReader *reader, VCard *card)
-{
- vreader_lock(reader);
- if (reader->card) {
- /* decrement reference count */
- vcard_free(reader->card);
- reader->card = NULL;
- }
- reader->card = vcard_reference(card);
- vreader_unlock(reader);
- vreader_queue_card_event(reader);
- return VREADER_OK;
-}
-
-/*
- * initialize all the static reader structures
- */
-void
-vreader_init(void)
-{
- vreader_list_init();
-}
-
diff --git a/libcacard/vreader.h b/libcacard/vreader.h
deleted file mode 100644
index ec20421..0000000
--- a/libcacard/vreader.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef VREADER_H
-#define VREADER_H 1
-
-#include "eventt.h"
-#include "vreadert.h"
-#include "vcardt.h"
-
-/*
- * calls for reader front end
- */
-VReaderStatus vreader_power_on(VReader *reader, unsigned char *atr, int *len);
-VReaderStatus vreader_power_off(VReader *reader);
-VReaderStatus vreader_xfr_bytes(VReader *reader, unsigned char *send_buf,
- int send_buf_len, unsigned char *receive_buf,
- int *receive_buf_len);
-
-/* constructor */
-VReader *vreader_new(const char *readerName, VReaderEmul *emul_private,
- VReaderEmulFree private_free);
-/* get a new reference to a reader */
-VReader *vreader_reference(VReader *reader);
-/* "destructor" (readers are reference counted) */
-void vreader_free(VReader *reader);
-
-/* accessors */
-VReaderEmul *vreader_get_private(VReader *);
-VReaderStatus vreader_card_is_present(VReader *reader);
-void vreader_queue_card_event(VReader *reader);
-const char *vreader_get_name(VReader *reader);
-vreader_id_t vreader_get_id(VReader *reader);
-VReaderStatus vreader_set_id(VReader *reader, vreader_id_t id);
-
-/* list operations */
-VReaderList *vreader_get_reader_list(void);
-void vreader_list_delete(VReaderList *list);
-VReader *vreader_list_get_reader(VReaderListEntry *entry);
-VReaderListEntry *vreader_list_get_first(VReaderList *list);
-VReaderListEntry *vreader_list_get_next(VReaderListEntry *list);
-VReader *vreader_get_reader_by_id(vreader_id_t id);
-VReader *vreader_get_reader_by_name(const char *name);
-
-/*
- * list tools for vcard_emul
- */
-void vreader_init(void);
-VReaderStatus vreader_add_reader(VReader *reader);
-VReaderStatus vreader_remove_reader(VReader *reader);
-VReaderStatus vreader_insert_card(VReader *reader, VCard *card);
-
-#endif
diff --git a/libcacard/vreadert.h b/libcacard/vreadert.h
deleted file mode 100644
index f97e0a7..0000000
--- a/libcacard/vreadert.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef VREADERT_H
-#define VREADERT_H 1
-
-typedef enum {
- VREADER_OK = 0,
- VREADER_NO_CARD,
- VREADER_OUT_OF_MEMORY
-} VReaderStatus;
-
-typedef unsigned int vreader_id_t;
-typedef struct VReaderStruct VReader;
-typedef struct VReaderListStruct VReaderList;
-typedef struct VReaderListEntryStruct VReaderListEntry;
-
-typedef struct VReaderEmulStruct VReaderEmul;
-typedef void (*VReaderEmulFree)(VReaderEmul *);
-
-#endif
-
diff --git a/libcacard/vscard_common.h b/libcacard/vscard_common.h
deleted file mode 100644
index 08f68e4..0000000
--- a/libcacard/vscard_common.h
+++ /dev/null
@@ -1,178 +0,0 @@
-/* Virtual Smart Card protocol definition
- *
- * This protocol is between a host using virtual smart card readers,
- * and a client providing the smart cards, perhaps by emulating them or by
- * access to real cards.
- *
- * Definitions for this protocol:
- * Host - user of the card
- * Client - owner of the card
- *
- * The current implementation passes the raw APDU's from 7816 and additionally
- * contains messages to setup and teardown readers, handle insertion and
- * removal of cards, negotiate the protocol via capabilities and provide
- * for error responses.
- *
- * Copyright (c) 2011 Red Hat.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef VSCARD_COMMON_H
-#define VSCARD_COMMON_H
-
-#include <stdint.h>
-
-#define VERSION_MAJOR_BITS 11
-#define VERSION_MIDDLE_BITS 11
-#define VERSION_MINOR_BITS 10
-
-#define MAKE_VERSION(major, middle, minor) \
- ((major << (VERSION_MINOR_BITS + VERSION_MIDDLE_BITS)) \
- | (middle << VERSION_MINOR_BITS) \
- | (minor))
-
-/*
- * IMPORTANT NOTE on VERSION
- *
- * The version below MUST be changed whenever a change in this file is made.
- *
- * The last digit, the minor, is for bug fix changes only.
- *
- * The middle digit is for backward / forward compatible changes, updates
- * to the existing messages, addition of fields.
- *
- * The major digit is for a breaking change of protocol, presumably
- * something that cannot be accommodated with the existing protocol.
- */
-
-#define VSCARD_VERSION MAKE_VERSION(0, 0, 2)
-
-typedef enum VSCMsgType {
- VSC_Init = 1,
- VSC_Error,
- VSC_ReaderAdd,
- VSC_ReaderRemove,
- VSC_ATR,
- VSC_CardRemove,
- VSC_APDU,
- VSC_Flush,
- VSC_FlushComplete
-} VSCMsgType;
-
-typedef enum VSCErrorCode {
- VSC_SUCCESS = 0,
- VSC_GENERAL_ERROR = 1,
- VSC_CANNOT_ADD_MORE_READERS,
- VSC_CARD_ALREAY_INSERTED,
-} VSCErrorCode;
-
-#define VSCARD_UNDEFINED_READER_ID 0xffffffff
-#define VSCARD_MINIMAL_READER_ID 0
-
-#define VSCARD_MAGIC (*(uint32_t *)"VSCD")
-
-/*
- * Header
- * Each message starts with the header.
- * type - message type
- * reader_id - used by messages that are reader specific
- * length - length of payload (not including header, i.e. zero for
- * messages containing empty payloads)
- */
-typedef struct VSCMsgHeader {
- uint32_t type;
- uint32_t reader_id;
- uint32_t length;
- uint8_t data[0];
-} VSCMsgHeader;
-
-/*
- * VSCMsgInit Client <-> Host
- * Client sends it on connection, with its own capabilities.
- * Host replies with VSCMsgInit filling in its capabilities.
- *
- * It is not meant to be used for negotiation, i.e. sending more then
- * once from any side, but could be used for that in the future.
- */
-typedef struct VSCMsgInit {
- uint32_t magic;
- uint32_t version;
- uint32_t capabilities[1]; /* receiver must check length,
- array may grow in the future*/
-} VSCMsgInit;
-
-/*
- * VSCMsgError Client <-> Host
- * This message is a response to any of:
- * Reader Add
- * Reader Remove
- * Card Remove
- * If the operation was successful then VSC_SUCCESS
- * is returned, other wise a specific error code.
- */
-typedef struct VSCMsgError {
- uint32_t code;
-} VSCMsgError;
-
-/*
- * VSCMsgReaderAdd Client -> Host
- * Host replies with allocated reader id in VSCMsgError with code==SUCCESS.
- *
- * name - name of the reader on client side, UTF-8 encoded. Only used
- * for client presentation (may be translated to the device presented to the
- * guest), protocol wise only reader_id is important.
- */
-typedef struct VSCMsgReaderAdd {
- uint8_t name[0];
-} VSCMsgReaderAdd;
-
-/*
- * VSCMsgReaderRemove Client -> Host
- * The client's reader has been removed.
- */
-typedef struct VSCMsgReaderRemove {
-} VSCMsgReaderRemove;
-
-/*
- * VSCMsgATR Client -> Host
- * Answer to reset. Sent for card insertion or card reset. The reset/insertion
- * happens on the client side, they do not require any action from the host.
- */
-typedef struct VSCMsgATR {
- uint8_t atr[0];
-} VSCMsgATR;
-
-/*
- * VSCMsgCardRemove Client -> Host
- * The client card has been removed.
- */
-typedef struct VSCMsgCardRemove {
-} VSCMsgCardRemove;
-
-/*
- * VSCMsgAPDU Client <-> Host
- * Main reason of existence. Transfer a single APDU in either direction.
- */
-typedef struct VSCMsgAPDU {
- uint8_t data[0];
-} VSCMsgAPDU;
-
-/*
- * VSCMsgFlush Host -> Client
- * Request client to send a FlushComplete message when it is done
- * servicing all outstanding APDUs
- */
-typedef struct VSCMsgFlush {
-} VSCMsgFlush;
-
-/*
- * VSCMsgFlush Client -> Host
- * Client response to Flush after all APDUs have been processed and
- * responses sent.
- */
-typedef struct VSCMsgFlushComplete {
-} VSCMsgFlushComplete;
-
-#endif /* VSCARD_COMMON_H */
diff --git a/libcacard/vscclient.c b/libcacard/vscclient.c
deleted file mode 100644
index 0652684..0000000
--- a/libcacard/vscclient.c
+++ /dev/null
@@ -1,785 +0,0 @@
-/*
- * Tester for VSCARD protocol, client side.
- *
- * Can be used with ccid-card-passthru.
- *
- * Copyright (c) 2011 Red Hat.
- * Written by Alon Levy.
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifndef _WIN32
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <unistd.h>
-#define closesocket(x) close(x)
-#else
-#include <getopt.h>
-#endif
-
-#include "glib-compat.h"
-
-#include "vscard_common.h"
-
-#include "vreader.h"
-#include "vcard_emul.h"
-#include "vevent.h"
-
-static int verbose;
-
-static void
-print_byte_array(
- uint8_t *arrBytes,
- unsigned int nSize
-) {
- int i;
- for (i = 0; i < nSize; i++) {
- printf("%02X ", arrBytes[i]);
- }
- printf("\n");
-}
-
-static void
-print_usage(void) {
- printf("vscclient [-c <certname> .. -e <emul_args> -d <level>%s] "
- "<host> <port>\n",
-#ifdef USE_PASSTHRU
- " -p");
- printf(" -p use passthrough mode\n");
-#else
- "");
-#endif
- vcard_emul_usage();
-}
-
-static GIOChannel *channel_socket;
-static GByteArray *socket_to_send;
-static CompatGMutex socket_to_send_lock;
-static guint socket_tag;
-
-static void
-update_socket_watch(void);
-
-static gboolean
-do_socket_send(GIOChannel *source,
- GIOCondition condition,
- gpointer data)
-{
- gsize bw;
- GError *err = NULL;
-
- g_return_val_if_fail(socket_to_send->len != 0, FALSE);
- g_return_val_if_fail(condition & G_IO_OUT, FALSE);
-
- g_io_channel_write_chars(channel_socket,
- (gchar *)socket_to_send->data, socket_to_send->len, &bw, &err);
- if (err != NULL) {
- g_error("Error while sending socket %s", err->message);
- return FALSE;
- }
- g_byte_array_remove_range(socket_to_send, 0, bw);
-
- if (socket_to_send->len == 0) {
- update_socket_watch();
- return FALSE;
- }
- return TRUE;
-}
-
-static gboolean
-socket_prepare_sending(gpointer user_data)
-{
- update_socket_watch();
-
- return FALSE;
-}
-
-static int
-send_msg(
- VSCMsgType type,
- uint32_t reader_id,
- const void *msg,
- unsigned int length
-) {
- VSCMsgHeader mhHeader;
-
- g_mutex_lock(&socket_to_send_lock);
-
- if (verbose > 10) {
- printf("sending type=%d id=%u, len =%u (0x%x)\n",
- type, reader_id, length, length);
- }
-
- mhHeader.type = htonl(type);
- mhHeader.reader_id = 0;
- mhHeader.length = htonl(length);
- g_byte_array_append(socket_to_send, (guint8 *)&mhHeader, sizeof(mhHeader));
- g_byte_array_append(socket_to_send, (guint8 *)msg, length);
- g_idle_add(socket_prepare_sending, NULL);
-
- g_mutex_unlock(&socket_to_send_lock);
-
- return 0;
-}
-
-static VReader *pending_reader;
-static CompatGMutex pending_reader_lock;
-static CompatGCond pending_reader_condition;
-
-#define MAX_ATR_LEN 40
-static gpointer
-event_thread(gpointer arg)
-{
- unsigned char atr[MAX_ATR_LEN];
- int atr_len;
- VEvent *event;
- unsigned int reader_id;
-
-
- while (1) {
- const char *reader_name;
-
- event = vevent_wait_next_vevent();
- if (event == NULL) {
- break;
- }
- reader_id = vreader_get_id(event->reader);
- if (reader_id == VSCARD_UNDEFINED_READER_ID &&
- event->type != VEVENT_READER_INSERT) {
- /* ignore events from readers qemu has rejected */
- /* if qemu is still deciding on this reader, wait to see if need to
- * forward this event */
- g_mutex_lock(&pending_reader_lock);
- if (!pending_reader || (pending_reader != event->reader)) {
- /* wasn't for a pending reader, this reader has already been
- * rejected by qemu */
- g_mutex_unlock(&pending_reader_lock);
- vevent_delete(event);
- continue;
- }
- /* this reader hasn't been told its status from qemu yet, wait for
- * that status */
- while (pending_reader != NULL) {
- g_cond_wait(&pending_reader_condition, &pending_reader_lock);
- }
- g_mutex_unlock(&pending_reader_lock);
- /* now recheck the id */
- reader_id = vreader_get_id(event->reader);
- if (reader_id == VSCARD_UNDEFINED_READER_ID) {
- /* this reader was rejected */
- vevent_delete(event);
- continue;
- }
- /* reader was accepted, now forward the event */
- }
- switch (event->type) {
- case VEVENT_READER_INSERT:
- /* tell qemu to insert a new CCID reader */
- /* wait until qemu has responded to our first reader insert
- * before we send a second. That way we won't confuse the responses
- * */
- g_mutex_lock(&pending_reader_lock);
- while (pending_reader != NULL) {
- g_cond_wait(&pending_reader_condition, &pending_reader_lock);
- }
- pending_reader = vreader_reference(event->reader);
- g_mutex_unlock(&pending_reader_lock);
- reader_name = vreader_get_name(event->reader);
- if (verbose > 10) {
- printf(" READER INSERT: %s\n", reader_name);
- }
- send_msg(VSC_ReaderAdd,
- reader_id, /* currerntly VSCARD_UNDEFINED_READER_ID */
- NULL, 0 /* TODO reader_name, strlen(reader_name) */);
- break;
- case VEVENT_READER_REMOVE:
- /* future, tell qemu that an old CCID reader has been removed */
- if (verbose > 10) {
- printf(" READER REMOVE: %u\n", reader_id);
- }
- send_msg(VSC_ReaderRemove, reader_id, NULL, 0);
- break;
- case VEVENT_CARD_INSERT:
- /* get the ATR (intended as a response to a power on from the
- * reader */
- atr_len = MAX_ATR_LEN;
- vreader_power_on(event->reader, atr, &atr_len);
- /* ATR call functions as a Card Insert event */
- if (verbose > 10) {
- printf(" CARD INSERT %u: ", reader_id);
- print_byte_array(atr, atr_len);
- }
- send_msg(VSC_ATR, reader_id, atr, atr_len);
- break;
- case VEVENT_CARD_REMOVE:
- /* Card removed */
- if (verbose > 10) {
- printf(" CARD REMOVE %u:\n", reader_id);
- }
- send_msg(VSC_CardRemove, reader_id, NULL, 0);
- break;
- default:
- break;
- }
- vevent_delete(event);
- }
- return NULL;
-}
-
-
-static unsigned int
-get_id_from_string(char *string, unsigned int default_id)
-{
- unsigned int id = atoi(string);
-
- /* don't accidentally swith to zero because no numbers have been supplied
*/
- if ((id == 0) && *string != '0') {
- return default_id;
- }
- return id;
-}
-
-static int
-on_host_init(VSCMsgHeader *mhHeader, VSCMsgInit *incoming)
-{
- uint32_t *capabilities = (incoming->capabilities);
- int num_capabilities =
- 1 + ((mhHeader->length - sizeof(VSCMsgInit)) / sizeof(uint32_t));
- int i;
-
- incoming->version = ntohl(incoming->version);
- if (incoming->version != VSCARD_VERSION) {
- if (verbose > 0) {
- printf("warning: host has version %d, we have %d\n",
- verbose, VSCARD_VERSION);
- }
- }
- if (incoming->magic != VSCARD_MAGIC) {
- printf("unexpected magic: got %d, expected %d\n",
- incoming->magic, VSCARD_MAGIC);
- return -1;
- }
- for (i = 0 ; i < num_capabilities; ++i) {
- capabilities[i] = ntohl(capabilities[i]);
- }
- /* Future: check capabilities */
- /* remove whatever reader might be left in qemu,
- * in case of an unclean previous exit. */
- send_msg(VSC_ReaderRemove, VSCARD_MINIMAL_READER_ID, NULL, 0);
- /* launch the event_thread. This will trigger reader adds for all the
- * existing readers */
- g_thread_new("vsc/event", event_thread, NULL);
- return 0;
-}
-
-
-enum {
- STATE_HEADER,
- STATE_MESSAGE,
-};
-
-#define APDUBufSize 270
-
-static gboolean
-do_socket_read(GIOChannel *source,
- GIOCondition condition,
- gpointer data)
-{
- int rv;
- int dwSendLength;
- int dwRecvLength;
- uint8_t pbRecvBuffer[APDUBufSize];
- static uint8_t pbSendBuffer[APDUBufSize];
- VReaderStatus reader_status;
- VReader *reader = NULL;
- static VSCMsgHeader mhHeader;
- VSCMsgError *error_msg;
- GError *err = NULL;
-
- static gchar *buf;
- static gsize br, to_read;
- static int state = STATE_HEADER;
-
- if (state == STATE_HEADER && to_read == 0) {
- buf = (gchar *)&mhHeader;
- to_read = sizeof(mhHeader);
- }
-
- if (to_read > 0) {
- g_io_channel_read_chars(source, (gchar *)buf, to_read, &br, &err);
- if (err != NULL) {
- g_error("error while reading: %s", err->message);
- }
- buf += br;
- to_read -= br;
- if (to_read != 0) {
- return TRUE;
- }
- }
-
- if (state == STATE_HEADER) {
- mhHeader.type = ntohl(mhHeader.type);
- mhHeader.reader_id = ntohl(mhHeader.reader_id);
- mhHeader.length = ntohl(mhHeader.length);
- if (verbose) {
- printf("Header: type=%d, reader_id=%u length=%d (0x%x)\n",
- mhHeader.type, mhHeader.reader_id, mhHeader.length,
- mhHeader.length);
- }
- switch (mhHeader.type) {
- case VSC_APDU:
- case VSC_Flush:
- case VSC_Error:
- case VSC_Init:
- buf = (gchar *)pbSendBuffer;
- to_read = mhHeader.length;
- state = STATE_MESSAGE;
- return TRUE;
- default:
- fprintf(stderr, "Unexpected message of type 0x%X\n",
mhHeader.type);
- return FALSE;
- }
- }
-
- if (state == STATE_MESSAGE) {
- switch (mhHeader.type) {
- case VSC_APDU:
- if (verbose) {
- printf(" recv APDU: ");
- print_byte_array(pbSendBuffer, mhHeader.length);
- }
- /* Transmit received APDU */
- dwSendLength = mhHeader.length;
- dwRecvLength = sizeof(pbRecvBuffer);
- reader = vreader_get_reader_by_id(mhHeader.reader_id);
- reader_status = vreader_xfr_bytes(reader,
- pbSendBuffer, dwSendLength,
- pbRecvBuffer, &dwRecvLength);
- if (reader_status == VREADER_OK) {
- mhHeader.length = dwRecvLength;
- if (verbose) {
- printf(" send response: ");
- print_byte_array(pbRecvBuffer, mhHeader.length);
- }
- send_msg(VSC_APDU, mhHeader.reader_id,
- pbRecvBuffer, dwRecvLength);
- } else {
- rv = reader_status; /* warning: not meaningful */
- send_msg(VSC_Error, mhHeader.reader_id, &rv, sizeof(uint32_t));
- }
- vreader_free(reader);
- reader = NULL; /* we've freed it, don't use it by accident
- again */
- break;
- case VSC_Flush:
- /* TODO: actually flush */
- send_msg(VSC_FlushComplete, mhHeader.reader_id, NULL, 0);
- break;
- case VSC_Error:
- error_msg = (VSCMsgError *) pbSendBuffer;
- if (error_msg->code == VSC_SUCCESS) {
- g_mutex_lock(&pending_reader_lock);
- if (pending_reader) {
- vreader_set_id(pending_reader, mhHeader.reader_id);
- vreader_free(pending_reader);
- pending_reader = NULL;
- g_cond_signal(&pending_reader_condition);
- }
- g_mutex_unlock(&pending_reader_lock);
- break;
- }
- printf("warning: qemu refused to add reader\n");
- if (error_msg->code == VSC_CANNOT_ADD_MORE_READERS) {
- /* clear pending reader, qemu can't handle any more */
- g_mutex_lock(&pending_reader_lock);
- if (pending_reader) {
- pending_reader = NULL;
- /* make sure the event loop doesn't hang */
- g_cond_signal(&pending_reader_condition);
- }
- g_mutex_unlock(&pending_reader_lock);
- }
- break;
- case VSC_Init:
- if (on_host_init(&mhHeader, (VSCMsgInit *)pbSendBuffer) < 0) {
- return FALSE;
- }
- break;
- default:
- g_assert_not_reached();
- return FALSE;
- }
-
- state = STATE_HEADER;
- }
-
-
- return TRUE;
-}
-
-static gboolean
-do_socket(GIOChannel *source,
- GIOCondition condition,
- gpointer data)
-{
- /* not sure if two watches work well with a single win32 sources */
- if (condition & G_IO_OUT) {
- if (!do_socket_send(source, condition, data)) {
- return FALSE;
- }
- }
-
- if (condition & G_IO_IN) {
- if (!do_socket_read(source, condition, data)) {
- return FALSE;
- }
- }
-
- return TRUE;
-}
-
-static void
-update_socket_watch(void)
-{
- gboolean out = socket_to_send->len > 0;
-
- if (socket_tag != 0) {
- g_source_remove(socket_tag);
- }
-
- socket_tag = g_io_add_watch(channel_socket,
- G_IO_IN | (out ? G_IO_OUT : 0), do_socket, NULL);
-}
-
-static gboolean
-do_command(GIOChannel *source,
- GIOCondition condition,
- gpointer data)
-{
- char *string;
- VCardEmulError error;
- static unsigned int default_reader_id;
- unsigned int reader_id;
- VReader *reader = NULL;
- GError *err = NULL;
-
- g_assert(condition & G_IO_IN);
-
- reader_id = default_reader_id;
- g_io_channel_read_line(source, &string, NULL, NULL, &err);
- if (err != NULL) {
- g_error("Error while reading command: %s", err->message);
- }
-
- if (string != NULL) {
- if (strncmp(string, "exit", 4) == 0) {
- /* remove all the readers */
- VReaderList *list = vreader_get_reader_list();
- VReaderListEntry *reader_entry;
- printf("Active Readers:\n");
- for (reader_entry = vreader_list_get_first(list); reader_entry;
- reader_entry = vreader_list_get_next(reader_entry)) {
- VReader *reader = vreader_list_get_reader(reader_entry);
- vreader_id_t reader_id;
- reader_id = vreader_get_id(reader);
- if (reader_id == -1) {
- continue;
- }
- /* be nice and signal card removal first (qemu probably should
- * do this itself) */
- if (vreader_card_is_present(reader) == VREADER_OK) {
- send_msg(VSC_CardRemove, reader_id, NULL, 0);
- }
- send_msg(VSC_ReaderRemove, reader_id, NULL, 0);
- }
- exit(0);
- } else if (strncmp(string, "insert", 6) == 0) {
- if (string[6] == ' ') {
- reader_id = get_id_from_string(&string[7], reader_id);
- }
- reader = vreader_get_reader_by_id(reader_id);
- if (reader != NULL) {
- error = vcard_emul_force_card_insert(reader);
- printf("insert %s, returned %d\n",
- vreader_get_name(reader), error);
- } else {
- printf("no reader by id %u found\n", reader_id);
- }
- } else if (strncmp(string, "remove", 6) == 0) {
- if (string[6] == ' ') {
- reader_id = get_id_from_string(&string[7], reader_id);
- }
- reader = vreader_get_reader_by_id(reader_id);
- if (reader != NULL) {
- error = vcard_emul_force_card_remove(reader);
- printf("remove %s, returned %d\n",
- vreader_get_name(reader), error);
- } else {
- printf("no reader by id %u found\n", reader_id);
- }
- } else if (strncmp(string, "select", 6) == 0) {
- if (string[6] == ' ') {
- reader_id = get_id_from_string(&string[7],
- VSCARD_UNDEFINED_READER_ID);
- }
- if (reader_id != VSCARD_UNDEFINED_READER_ID) {
- reader = vreader_get_reader_by_id(reader_id);
- }
- if (reader) {
- printf("Selecting reader %u, %s\n", reader_id,
- vreader_get_name(reader));
- default_reader_id = reader_id;
- } else {
- printf("Reader with id %u not found\n", reader_id);
- }
- } else if (strncmp(string, "debug", 5) == 0) {
- if (string[5] == ' ') {
- verbose = get_id_from_string(&string[6], 0);
- }
- printf("debug level = %d\n", verbose);
- } else if (strncmp(string, "list", 4) == 0) {
- VReaderList *list = vreader_get_reader_list();
- VReaderListEntry *reader_entry;
- printf("Active Readers:\n");
- for (reader_entry = vreader_list_get_first(list); reader_entry;
- reader_entry = vreader_list_get_next(reader_entry)) {
- VReader *reader = vreader_list_get_reader(reader_entry);
- vreader_id_t reader_id;
- reader_id = vreader_get_id(reader);
- if (reader_id == -1) {
- continue;
- }
- printf("%3u %s %s\n", reader_id,
- vreader_card_is_present(reader) == VREADER_OK ?
- "CARD_PRESENT" : " ",
- vreader_get_name(reader));
- }
- printf("Inactive Readers:\n");
- for (reader_entry = vreader_list_get_first(list); reader_entry;
- reader_entry = vreader_list_get_next(reader_entry)) {
- VReader *reader = vreader_list_get_reader(reader_entry);
- vreader_id_t reader_id;
- reader_id = vreader_get_id(reader);
- if (reader_id != -1) {
- continue;
- }
-
- printf("INA %s %s\n",
- vreader_card_is_present(reader) == VREADER_OK ?
- "CARD_PRESENT" : " ",
- vreader_get_name(reader));
- }
- vreader_list_delete(list);
- } else if (*string != 0) {
- printf("valid commands:\n");
- printf("insert [reader_id]\n");
- printf("remove [reader_id]\n");
- printf("select reader_id\n");
- printf("list\n");
- printf("debug [level]\n");
- printf("exit\n");
- }
- }
- vreader_free(reader);
- printf("> ");
- fflush(stdout);
-
- return TRUE;
-}
-
-
-/* just for ease of parsing command line arguments. */
-#define MAX_CERTS 100
-
-static int
-connect_to_qemu(
- const char *host,
- const char *port
-) {
- struct addrinfo hints;
- struct addrinfo *server = NULL;
- int ret, sock;
-
- sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0) {
- /* Error */
- fprintf(stderr, "Error opening socket!\n");
- return -1;
- }
-
- memset(&hints, 0, sizeof(struct addrinfo));
- hints.ai_family = AF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = 0;
- hints.ai_protocol = 0; /* Any protocol */
-
- ret = getaddrinfo(host, port, &hints, &server);
-
- if (ret != 0) {
- /* Error */
- fprintf(stderr, "getaddrinfo failed\n");
- goto cleanup_socket;
- }
-
- if (connect(sock, server->ai_addr, server->ai_addrlen) < 0) {
- /* Error */
- fprintf(stderr, "Could not connect\n");
- goto cleanup_socket;
- }
- if (verbose) {
- printf("Connected (sizeof Header=%zd)!\n", sizeof(VSCMsgHeader));
- }
-
- freeaddrinfo(server);
- return sock;
-
-cleanup_socket:
- if (server) {
- freeaddrinfo(server);
- }
- closesocket(sock);
- return -1;
-}
-
-int
-main(
- int argc,
- char *argv[]
-) {
- GMainLoop *loop;
- GIOChannel *channel_stdin;
- char *qemu_host;
- char *qemu_port;
-
- VCardEmulOptions *command_line_options = NULL;
-
- char *cert_names[MAX_CERTS];
- char *emul_args = NULL;
- int cert_count = 0;
- int c, sock;
-
-#ifdef _WIN32
- WSADATA Data;
-
- if (WSAStartup(MAKEWORD(2, 2), &Data) != 0) {
- c = WSAGetLastError();
- fprintf(stderr, "WSAStartup: %d\n", c);
- return 1;
- }
-#endif
-#if !GLIB_CHECK_VERSION(2, 31, 0)
- if (!g_thread_supported()) {
- g_thread_init(NULL);
- }
-#endif
-
- while ((c = getopt(argc, argv, "c:e:pd:")) != -1) {
- switch (c) {
- case 'c':
- if (cert_count >= MAX_CERTS) {
- printf("too many certificates (max = %d)\n", MAX_CERTS);
- exit(5);
- }
- cert_names[cert_count++] = optarg;
- break;
- case 'e':
- emul_args = optarg;
- break;
- case 'p':
- print_usage();
- exit(4);
- break;
- case 'd':
- verbose = get_id_from_string(optarg, 1);
- break;
- }
- }
-
- if (argc - optind != 2) {
- print_usage();
- exit(4);
- }
-
- if (cert_count > 0) {
- char *new_args;
- int len, i;
- /* if we've given some -c options, we clearly we want do so some
- * software emulation. add that emulation now. this is NSS Emulator
- * specific */
- if (emul_args == NULL) {
- emul_args = (char *)"db=\"/etc/pki/nssdb\"";
- }
-#define SOFT_STRING ",soft=(,Virtual Reader,CAC,,"
- /* 2 == close paren & null */
- len = strlen(emul_args) + strlen(SOFT_STRING) + 2;
- for (i = 0; i < cert_count; i++) {
- len += strlen(cert_names[i])+1; /* 1 == comma */
- }
- new_args = g_malloc(len);
- strcpy(new_args, emul_args);
- strcat(new_args, SOFT_STRING);
- for (i = 0; i < cert_count; i++) {
- strcat(new_args, cert_names[i]);
- strcat(new_args, ",");
- }
- strcat(new_args, ")");
- emul_args = new_args;
- }
- if (emul_args) {
- command_line_options = vcard_emul_options(emul_args);
- }
-
- qemu_host = g_strdup(argv[argc - 2]);
- qemu_port = g_strdup(argv[argc - 1]);
- sock = connect_to_qemu(qemu_host, qemu_port);
- if (sock == -1) {
- fprintf(stderr, "error opening socket, exiting.\n");
- exit(5);
- }
-
- socket_to_send = g_byte_array_new();
- vcard_emul_init(command_line_options);
- loop = g_main_loop_new(NULL, TRUE);
-
- printf("> ");
- fflush(stdout);
-
-#ifdef _WIN32
- channel_stdin = g_io_channel_win32_new_fd(STDIN_FILENO);
-#else
- channel_stdin = g_io_channel_unix_new(STDIN_FILENO);
-#endif
- g_io_add_watch(channel_stdin, G_IO_IN, do_command, NULL);
-#ifdef _WIN32
- channel_socket = g_io_channel_win32_new_socket(sock);
-#else
- channel_socket = g_io_channel_unix_new(sock);
-#endif
- g_io_channel_set_encoding(channel_socket, NULL, NULL);
- /* we buffer ourself for thread safety reasons */
- g_io_channel_set_buffered(channel_socket, FALSE);
-
- /* Send init message, Host responds (and then we send reader attachments)
*/
- VSCMsgInit init = {
- .version = htonl(VSCARD_VERSION),
- .magic = VSCARD_MAGIC,
- .capabilities = {0}
- };
- send_msg(VSC_Init, 0, &init, sizeof(init));
-
- g_main_loop_run(loop);
- g_main_loop_unref(loop);
-
- g_io_channel_unref(channel_stdin);
- g_io_channel_unref(channel_socket);
- g_byte_array_free(socket_to_send, TRUE);
-
- closesocket(sock);
- return 0;
-}
--
2.4.3
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [RFC PATCH] libcacard: move it to a standalone project,
marcandre . lureau <=