summaryrefslogtreecommitdiffstats
path: root/scd/app-help.c
diff options
context:
space:
mode:
Diffstat (limited to 'scd/app-help.c')
-rw-r--r--scd/app-help.c285
1 files changed, 285 insertions, 0 deletions
diff --git a/scd/app-help.c b/scd/app-help.c
new file mode 100644
index 0000000..8d225ef
--- /dev/null
+++ b/scd/app-help.c
@@ -0,0 +1,285 @@
+/* app-help.c - Application helper functions
+ * Copyright (C) 2004, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "scdaemon.h"
+#include "iso7816.h"
+#include "../common/tlv.h"
+
+
+/* Count the number of bits, assuming the A represents an unsigned big
+ integer of length LEN bytes. If A is NULL a length of 0 is
+ returned. */
+unsigned int
+app_help_count_bits (const unsigned char *a, size_t len)
+{
+ unsigned int n = len * 8;
+ int i;
+
+ if (!a)
+ return 0;
+
+ for (; len && !*a; len--, a++, n -=8)
+ ;
+ if (len)
+ {
+ for (i=7; i && !(*a & (1<<i)); i--)
+ n--;
+ }
+ return n;
+}
+
+
+/* Return the KEYGRIP for the canonical encoded public key (PK,PKLEN)
+ * as an hex encoded string in the user provided buffer HEXKEYGRIP
+ * which must be of at least 41 bytes. If R_PKEY is not NULL and the
+ * function succeeded, the S-expression representing the key is stored
+ * there. The caller needs to call gcry_sexp_release on that. If
+ * R_ALGO is not NULL the public key algorithm id of Libgcrypt is
+ * stored there. If R_ALGOSTR is not NULL and the function succeeds a
+ * newly allocated algo string (e.g. "rsa2048") is stored there.
+ * HEXKEYGRIP may be NULL if the caller is not interested in it. */
+gpg_error_t
+app_help_get_keygrip_string_pk (const void *pk, size_t pklen, char *hexkeygrip,
+ gcry_sexp_t *r_pkey, int *r_algo,
+ char **r_algostr)
+{
+ gpg_error_t err;
+ gcry_sexp_t s_pkey;
+ unsigned char array[KEYGRIP_LEN];
+
+ if (r_pkey)
+ *r_pkey = NULL;
+ if (r_algostr)
+ *r_algostr = NULL;
+
+ err = gcry_sexp_sscan (&s_pkey, NULL, pk, pklen);
+ if (err)
+ return err; /* Can't parse that S-expression. */
+ if (hexkeygrip && !gcry_pk_get_keygrip (s_pkey, array))
+ {
+ gcry_sexp_release (s_pkey);
+ return gpg_error (GPG_ERR_GENERAL); /* Failed to calculate the keygrip.*/
+ }
+
+ if (r_algo)
+ *r_algo = get_pk_algo_from_key (s_pkey);
+
+ if (r_algostr)
+ {
+ *r_algostr = pubkey_algo_string (s_pkey, NULL);
+ if (!*r_algostr)
+ {
+ err = gpg_error_from_syserror ();
+ gcry_sexp_release (s_pkey);
+ return err;
+ }
+ }
+
+ if (r_pkey)
+ *r_pkey = s_pkey;
+ else
+ gcry_sexp_release (s_pkey);
+
+ if (hexkeygrip)
+ bin2hex (array, KEYGRIP_LEN, hexkeygrip);
+
+ return 0;
+}
+
+
+/* Return the KEYGRIP for the certificate CERT as an hex encoded
+ * string in the user provided buffer HEXKEYGRIP which must be of at
+ * least 41 bytes. If R_PKEY is not NULL and the function succeeded,
+ * the S-expression representing the key is stored there. The caller
+ * needs to call gcry_sexp_release on that. If R_ALGO is not NULL the
+ * public key algorithm id of Libgcrypt is stored there. */
+gpg_error_t
+app_help_get_keygrip_string (ksba_cert_t cert, char *hexkeygrip,
+ gcry_sexp_t *r_pkey, int *r_algo)
+{
+ gpg_error_t err;
+ ksba_sexp_t p;
+ size_t n;
+
+ if (r_pkey)
+ *r_pkey = NULL;
+
+ p = ksba_cert_get_public_key (cert);
+ if (!p)
+ return gpg_error (GPG_ERR_BUG);
+ n = gcry_sexp_canon_len (p, 0, NULL, NULL);
+ if (!n)
+ return gpg_error (GPG_ERR_INV_SEXP);
+ err = app_help_get_keygrip_string_pk ((void*)p, n, hexkeygrip,
+ r_pkey, r_algo, NULL);
+ ksba_free (p);
+ return err;
+}
+
+
+/* Get the public key from the binary encoded (CERT,CERTLEN). */
+gpg_error_t
+app_help_pubkey_from_cert (const void *cert, size_t certlen,
+ unsigned char **r_pk, size_t *r_pklen)
+{
+ gpg_error_t err;
+ ksba_cert_t kc;
+ unsigned char *pk, *fixed_pk;
+ size_t pklen, fixed_pklen;
+
+ *r_pk = NULL;
+ *r_pklen = 0;
+
+ pk = NULL; /*(avoid cc warning)*/
+
+ err = ksba_cert_new (&kc);
+ if (err)
+ return err;
+
+ err = ksba_cert_init_from_mem (kc, cert, certlen);
+ if (err)
+ goto leave;
+
+ pk = ksba_cert_get_public_key (kc);
+ if (!pk)
+ {
+ err = gpg_error (GPG_ERR_NO_PUBKEY);
+ goto leave;
+ }
+ pklen = gcry_sexp_canon_len (pk, 0, NULL, &err);
+
+ err = uncompress_ecc_q_in_canon_sexp (pk, pklen, &fixed_pk, &fixed_pklen);
+ if (err)
+ goto leave;
+ if (fixed_pk)
+ {
+ ksba_free (pk); pk = NULL;
+ pk = fixed_pk;
+ pklen = fixed_pklen;
+ }
+
+ leave:
+ if (!err)
+ {
+ *r_pk = pk;
+ *r_pklen = pklen;
+ }
+ else
+ ksba_free (pk);
+ ksba_cert_release (kc);
+ return err;
+}
+
+
+/* Given the SLOT and the File ID FID, return the length of the
+ certificate contained in that file. Returns 0 if the file does not
+ exists or does not contain a certificate. If R_CERTOFF is not
+ NULL, the length the header will be stored at this address; thus to
+ parse the X.509 certificate a read should start at that offset.
+
+ On success the file is still selected.
+*/
+size_t
+app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff)
+{
+ gpg_error_t err;
+ unsigned char *buffer;
+ const unsigned char *p;
+ size_t buflen, n;
+ int class, tag, constructed, ndef;
+ size_t resultlen, objlen, hdrlen;
+
+ err = iso7816_select_file (slot, fid, 0);
+ if (err)
+ {
+ log_info ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err));
+ return 0;
+ }
+
+ err = iso7816_read_binary (slot, 0, 32, &buffer, &buflen);
+ if (err)
+ {
+ log_info ("error reading certificate from FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ return 0;
+ }
+
+ if (!buflen || *buffer == 0xff)
+ {
+ log_info ("no certificate contained in FID 0x%04X\n", fid);
+ xfree (buffer);
+ return 0;
+ }
+
+ p = buffer;
+ n = buflen;
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ {
+ log_info ("error parsing certificate in FID 0x%04X: %s\n",
+ fid, gpg_strerror (err));
+ xfree (buffer);
+ return 0;
+ }
+
+ /* All certificates should commence with a SEQUENCE except for the
+ special ROOT CA which are enclosed in a SET. */
+ if ( !(class == CLASS_UNIVERSAL && constructed
+ && (tag == TAG_SEQUENCE || tag == TAG_SET)))
+ {
+ log_info ("data at FID 0x%04X does not look like a certificate\n", fid);
+ return 0;
+ }
+
+ resultlen = objlen + hdrlen;
+ if (r_certoff)
+ {
+ /* The callers want the offset to the actual certificate. */
+ *r_certoff = hdrlen;
+
+ err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+ &ndef, &objlen, &hdrlen);
+ if (err)
+ return 0;
+
+ if (class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+ {
+ /* The certificate seems to be contained in a
+ userCertificate container. Assume the following sequence
+ is the certificate. */
+ *r_certoff += hdrlen + objlen;
+ if (*r_certoff > resultlen)
+ {
+ *r_certoff = 0;
+ return 0; /* That should never happen. */
+ }
+ }
+ else
+ *r_certoff = 0;
+ }
+
+ return resultlen;
+}