* This provides the real list of applets in the emulated card
in the CCC applet CardURLs, which is mandatory for applet and certificated
discovery.
* This also increaseses the amount of possible certificates to 10
Signed-off-by: Jakub Jelen <jjelen@xxxxxxxxxx>
Reviewed-by: Robert Relyea <rrelyea@xxxxxxxxxx>
---
src/cac.c | 80 +++++++++++++++++++++++++++++------------------
tests/libcacard.c | 2 +-
2 files changed, 51 insertions(+), 31 deletions(-)
diff --git a/src/cac.c b/src/cac.c
index fc6ba34..c023ee1 100644
--- a/src/cac.c
+++ b/src/cac.c
@@ -1137,23 +1137,30 @@ cac_new_ccc_applet_private(int cert_count)
"\x72\x36\x0E\x00\x00\x58\xBD\x00\x2C\x19\xB5";
unsigned char cc_version[] = "\x21";
unsigned char cg_version[] = "\x21";
- unsigned char pki_cardurl[] =
- "\xA0\x00\x00\x00\x79\x04\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00";
- unsigned char cardurl[14][16] = {
- "\xA0\x00\x00\x01\x16\x01\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* ACA */
+ unsigned char cardurl[21][16] = {
+ /* common CardURLs */
"\xA0\x00\x00\x00\x79\x01\x02\xFB\x02\xFB\x00\x00\x00\x00\x00\x00", /* ??? */
"\xA0\x00\x00\x00\x79\x01\x02\xFE\x02\xFE\x00\x00\x00\x00\x00\x00", /* PKI Certificate */
"\xA0\x00\x00\x00\x79\x01\x02\xFD\x02\xFD\x00\x00\x00\x00\x00\x00", /* PKI Credential */
"\xA0\x00\x00\x00\x79\x01\x02\x00\x02\x00\x00\x00\x00\x00\x00\x00", /* Person Instance */
"\xA0\x00\x00\x00\x79\x01\x02\x01\x02\x01\x00\x00\x00\x00\x00\x00", /* Personel */
+ "\xA0\x00\x00\x01\x16\x01\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* Access Control F. */
+ "\xA0\x00\x00\x01\x16\x01\x60\x10\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+ "\xA0\x00\x00\x01\x16\x01\x60\x30\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+ "\xA0\x00\x00\x01\x16\x01\x90\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+ "\xA0\x00\x00\x00\x79\x01\x12\x01\x12\x01\x00\x00\x00\x00\x00\x00", /* ?? */
+ "\xA0\x00\x00\x00\x79\x01\x12\x02\x12\x02\x00\x00\x00\x00\x00\x00", /* ?? */
+ /* dynamic list of all possible PKI objects CardURLs */
"\xA0\x00\x00\x00\x79\x04\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00", /* PKI */
"\xA0\x00\x00\x00\x79\x04\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00", /* PKI */
"\xA0\x00\x00\x00\x79\x04\x01\x02\x01\x02\x00\x00\x00\x00\x00\x00", /* PKI */
- "\xA0\x00\x00\x01\x16\x01\x60\x10\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
- "\xA0\x00\x00\x01\x16\x01\x60\x30\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
- "\xA0\x00\x00\x01\x16\x01\x90\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
- "\xA0\x00\x00\x00\x79\x01\x12\x01\x12\x01\x00\x00\x00\x00\x00\x00", /* ?? */
- "\xA0\x00\x00\x00\x79\x01\x12\x02\x12\x02\x00\x00\x00\x00\x00\x00", /* ?? */
+ "\xA0\x00\x00\x00\x79\x04\x01\x03\x01\x03\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x04\x01\x04\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x05\x01\x05\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x06\x01\x06\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x07\x01\x07\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x08\x01\x08\x00\x00\x00\x00\x00\x00", /* PKI */
+ "\xA0\x00\x00\x00\x79\x04\x01\x09\x01\x09\x00\x00\x00\x00\x00\x00", /* PKI */
/*
* [ Empty for VM cards! ]
* [ RID 5B ][T ][ OID ][ AID ] [ P][AccessKeyInfo ][ K]
@@ -1171,7 +1178,7 @@ cac_new_ccc_applet_private(int cert_count)
unsigned char reg_data_model[] = "\x10";
unsigned char acr_table[] = "\x07\xA0\x00\x00\x00\x79\x03\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00";
- static struct simpletlv_member buffer[26] = {
+ static struct simpletlv_member buffer[33] = {
{CAC_CCC_CARD_IDENTIFIER, 0x15, {/*.value = card_identifier*/},
SIMPLETLV_TYPE_LEAF},
{CAC_CCC_CAPABILITY_CONTAINER_VERSION, 1, {/*.value = cc_version*/},
@@ -1181,31 +1188,45 @@ cac_new_ccc_applet_private(int cert_count)
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[0]*/},
SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[1]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[2]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[3]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[4]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[5]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[6]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[7]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[8]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[9]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[10]*/},
- SIMPLETLV_TYPE_NONE},
+ SIMPLETLV_TYPE_LEAF},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[11]*/},
SIMPLETLV_TYPE_NONE},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[12]*/},
SIMPLETLV_TYPE_NONE},
{CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[13]*/},
SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[14]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[15]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[16]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[17]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[18]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[19]*/},
+ SIMPLETLV_TYPE_NONE},
+ {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[20]*/},
+ SIMPLETLV_TYPE_NONE},
{CAC_CCC_PKCS15, 1, {/*.value = pkcs15 */},
SIMPLETLV_TYPE_LEAF},
{CAC_CCC_REGISTERED_DATA_MODEL_NUMBER, 1, {/*.value = reg_data_model */},
@@ -1236,7 +1257,10 @@ cac_new_ccc_applet_private(int cert_count)
buffer[0].value.value = card_identifier;
buffer[1].value.value = cc_version;
buffer[2].value.value = cg_version;
- buffer[3].value.value = cardurl[0]; /* ACA */
+ /* common CardURLs */
+ for (i = 0; i < 11; i++) {
+ buffer[3+i].value.value = cardurl[i];
+ }
if (cert_count > 10) {
// XXX too many objects for now
@@ -1245,17 +1269,13 @@ cac_new_ccc_applet_private(int cert_count)
}
/* Generate card URLs for PKI applets */
for (i = 0; i < cert_count; i++) {
- memcpy(cardurl[i+1], pki_cardurl, 16);
- cardurl[i+1][8] = i; /* adjust OID and AID */
- cardurl[i+1][10] = i;
- buffer[i+4].value.value = cardurl[i+1];
- buffer[i+4].type = SIMPLETLV_TYPE_LEAF;
+ buffer[i+14].value.value = cardurl[i+11];
+ buffer[i+14].type = SIMPLETLV_TYPE_LEAF;
}
- /* Skip unknown CardURLs for now */
- buffer[17].value.value = pkcs15;
- buffer[18].value.value = reg_data_model;
- buffer[19].value.value = acr_table;
+ buffer[24].value.value = pkcs15;
+ buffer[25].value.value = reg_data_model;
+ buffer[26].value.value = acr_table;
/* CCC Tag+Len buffer */
/* Ex:
* 34 00 Length of complete buffer
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 9fc4462..650e2e7 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -502,7 +502,7 @@ static void read_buffer(VReader *reader, uint8_t type, int object_type)
}
}
if (object_type == TEST_CCC)
- g_assert_cmpint(card_urls, ==, 4);
+ g_assert_cmpint(card_urls, ==, 11 + 3);
}
g_free(data);
}
--
2.17.1
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel