[mirror_qemu.git] / libcacard / cac.c

/*
 * implement the applets for the CAC card.
 *
 * This code is licensed under the GNU LGPL, version 2.1 or later.
 * See the COPYING.LIB file in the top-level directory.
 */

#include "qemu-common.h"

#include "cac.h"
#include "vcard.h"
#include "vcard_emul.h"
#include "card_7816.h"

/* private data for PKI applets */
typedef struct CACPKIAppletDataStruct {
    unsigned char *cert;
    int cert_len;
    unsigned char *cert_buffer;
    int cert_buffer_len;
    unsigned char *sign_buffer;
    int sign_buffer_len;
    VCardKey *key;
} CACPKIAppletData;

/*
 * CAC applet private data
 */
struct VCardAppletPrivateStruct {
    union {
        CACPKIAppletData pki_data;
        void *reserved;
    } u;
};

/*
 * handle all the APDU's that are common to all CAC applets
 */
static VCardStatus
cac_common_process_apdu(VCard *card, VCardAPDU *apdu, VCardResponse **response)
{
    int ef;

    switch (apdu->a_ins) {
    case VCARD7816_INS_SELECT_FILE:
        if (apdu->a_p1 != 0x02) {
            /* let the 7816 code handle applet switches */
            return VCARD_NEXT;
        }
        /* handle file id setting */
        if (apdu->a_Lc != 2) {
            *response = vcard_make_response(
                VCARD7816_STATUS_ERROR_DATA_INVALID);
            return VCARD_DONE;
        }
        /* CAC 1.0 only supports ef = 0 */
        ef = apdu->a_body[0] | (apdu->a_body[1] << 8);
        if (ef != 0) {
            *response = vcard_make_response(
                VCARD7816_STATUS_ERROR_FILE_NOT_FOUND);
            return VCARD_DONE;
        }
        *response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
        return VCARD_DONE;
    case VCARD7816_INS_GET_RESPONSE:
    case VCARD7816_INS_VERIFY:
        /* let the 7816 code handle these */
        return VCARD_NEXT;
    case CAC_GET_PROPERTIES:
    case CAC_GET_ACR:
        /* skip these for now, this will probably be needed */
        *response = vcard_make_response(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
        return VCARD_DONE;
    }
    *response = vcard_make_response(
        VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
    return VCARD_DONE;
}

/*
 *  reset the inter call state between applet selects
 */
static VCardStatus
cac_applet_pki_reset(VCard *card, int channel)
{
    VCardAppletPrivate *applet_private = NULL;
    CACPKIAppletData *pki_applet = NULL;
    applet_private = vcard_get_current_applet_private(card, channel);
    assert(applet_private);
    pki_applet = &(applet_private->u.pki_data);

    pki_applet->cert_buffer = NULL;
    if (pki_applet->sign_buffer) {
        g_free(pki_applet->sign_buffer);
        pki_applet->sign_buffer = NULL;
    }
    pki_applet->cert_buffer_len = 0;
    pki_applet->sign_buffer_len = 0;
    return VCARD_DONE;
}

static VCardStatus
cac_applet_pki_process_apdu(VCard *card, VCardAPDU *apdu,
                            VCardResponse **response)
{
    CACPKIAppletData *pki_applet = NULL;
    VCardAppletPrivate *applet_private = NULL;
    int size, next;
    unsigned char *sign_buffer;
    vcard_7816_status_t status;

    applet_private = vcard_get_current_applet_private(card, apdu->a_channel);
    assert(applet_private);
    pki_applet = &(applet_private->u.pki_data);

    switch (apdu->a_ins) {
    case CAC_UPDATE_BUFFER:
        *response = vcard_make_response(
            VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
        return VCARD_DONE;
    case CAC_GET_CERTIFICATE:
        if ((apdu->a_p2 != 0) || (apdu->a_p1 != 0)) {
            *response = vcard_make_response(
                             VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
            break;
        }
        assert(pki_applet->cert != NULL);
        size = apdu->a_Le;
        if (pki_applet->cert_buffer == NULL) {
            pki_applet->cert_buffer = pki_applet->cert;
            pki_applet->cert_buffer_len = pki_applet->cert_len;
        }
        size = MIN(size, pki_applet->cert_buffer_len);
        next = MIN(255, pki_applet->cert_buffer_len - size);
        *response = vcard_response_new_bytes(
                        card, pki_applet->cert_buffer, size,
                        apdu->a_Le, next ?
                        VCARD7816_SW1_WARNING_CHANGE :
                        VCARD7816_SW1_SUCCESS,
                        next);
        pki_applet->cert_buffer += size;
        pki_applet->cert_buffer_len -= size;
        if ((*response == NULL) || (next == 0)) {
            pki_applet->cert_buffer = NULL;
        }
        if (*response == NULL) {
            *response = vcard_make_response(
                            VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
        }
        return VCARD_DONE;
    case CAC_SIGN_DECRYPT:
        if (apdu->a_p2 != 0) {
            *response = vcard_make_response(
                             VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
            break;
        }
        size = apdu->a_Lc;

        sign_buffer = realloc(pki_applet->sign_buffer,
                      pki_applet->sign_buffer_len+size);
        if (sign_buffer == NULL) {
            g_free(pki_applet->sign_buffer);
            pki_applet->sign_buffer = NULL;
            pki_applet->sign_buffer_len = 0;
            *response = vcard_make_response(
                            VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
            return VCARD_DONE;
        }
        memcpy(sign_buffer+pki_applet->sign_buffer_len, apdu->a_body, size);
        size += pki_applet->sign_buffer_len;
        switch (apdu->a_p1) {
        case  0x80:
            /* p1 == 0x80 means we haven't yet sent the whole buffer, wait for
             * the rest */
            pki_applet->sign_buffer = sign_buffer;
            pki_applet->sign_buffer_len = size;
            *response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
            return VCARD_DONE;
        case 0x00:
            /* we now have the whole buffer, do the operation, result will be
             * in the sign_buffer */
            status = vcard_emul_rsa_op(card, pki_applet->key,
                                       sign_buffer, size);
            if (status != VCARD7816_STATUS_SUCCESS) {
                *response = vcard_make_response(status);
                break;
            }
            *response = vcard_response_new(card, sign_buffer, size, apdu->a_Le,
                                                     VCARD7816_STATUS_SUCCESS);
            if (*response == NULL) {
                *response = vcard_make_response(
                                VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
            }
            break;
        default:
           *response = vcard_make_response(
                                VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
            break;
        }
        g_free(sign_buffer);
        pki_applet->sign_buffer = NULL;
        pki_applet->sign_buffer_len = 0;
        return VCARD_DONE;
    case CAC_READ_BUFFER:
        /* new CAC call, go ahead and use the old version for now */
        /* TODO: implement */
        *response = vcard_make_response(
                                VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
        return VCARD_DONE;
    }
    return cac_common_process_apdu(card, apdu, response);
}


static VCardStatus
cac_applet_id_process_apdu(VCard *card, VCardAPDU *apdu,
                           VCardResponse **response)
{
    switch (apdu->a_ins) {
    case CAC_UPDATE_BUFFER:
        *response = vcard_make_response(
                        VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
        return VCARD_DONE;
    case CAC_READ_BUFFER:
        /* new CAC call, go ahead and use the old version for now */
        /* TODO: implement */
        *response = vcard_make_response(
                        VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
        return VCARD_DONE;
    }
    return cac_common_process_apdu(card, apdu, response);
}


/*
 * TODO: if we ever want to support general CAC middleware, we will need to
 * implement the various containers.
 */
static VCardStatus
cac_applet_container_process_apdu(VCard *card, VCardAPDU *apdu,
                                  VCardResponse **response)
{
    switch (apdu->a_ins) {
    case CAC_READ_BUFFER:
    case CAC_UPDATE_BUFFER:
        *response = vcard_make_response(
                        VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
        return VCARD_DONE;
    default:
        break;
    }
    return cac_common_process_apdu(card, apdu, response);
}

/*
 * utilities for creating and destroying the private applet data
 */
static void
cac_delete_pki_applet_private(VCardAppletPrivate *applet_private)
{
    CACPKIAppletData *pki_applet_data = NULL;

    if (applet_private == NULL) {
        return;
    }
    pki_applet_data = &(applet_private->u.pki_data);
    if (pki_applet_data->cert != NULL) {
        g_free(pki_applet_data->cert);
    }
    if (pki_applet_data->sign_buffer != NULL) {
        g_free(pki_applet_data->sign_buffer);
    }
    if (pki_applet_data->key != NULL) {
        vcard_emul_delete_key(pki_applet_data->key);
    }
    g_free(applet_private);
}

static VCardAppletPrivate *
cac_new_pki_applet_private(const unsigned char *cert,
                           int cert_len, VCardKey *key)
{
    CACPKIAppletData *pki_applet_data = NULL;
    VCardAppletPrivate *applet_private = NULL;
    applet_private = (VCardAppletPrivate *)g_malloc(sizeof(VCardAppletPrivate));

    pki_applet_data = &(applet_private->u.pki_data);
    pki_applet_data->cert_buffer = NULL;
    pki_applet_data->cert_buffer_len = 0;
    pki_applet_data->sign_buffer = NULL;
    pki_applet_data->sign_buffer_len = 0;
    pki_applet_data->key = NULL;
    pki_applet_data->cert = (unsigned char *)g_malloc(cert_len+1);
    /*
     * if we want to support compression, then we simply change the 0 to a 1
     * and compress the cert data with libz
     */
    pki_applet_data->cert[0] = 0; /* not compressed */
    memcpy(&pki_applet_data->cert[1], cert, cert_len);
    pki_applet_data->cert_len = cert_len+1;

    pki_applet_data->key = key;
    return applet_private;
}


/*
 * create a new cac applet which links to a given cert
 */
static VCardApplet *
cac_new_pki_applet(int i, const unsigned char *cert,
                   int cert_len, VCardKey *key)
{
    VCardAppletPrivate *applet_private = NULL;
    VCardApplet *applet = NULL;
    unsigned char pki_aid[] = { 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 };
    int pki_aid_len = sizeof(pki_aid);

    pki_aid[pki_aid_len-1] = i;

    applet_private = cac_new_pki_applet_private(cert, cert_len, key);
    if (applet_private == NULL) {
        goto failure;
    }
    applet = vcard_new_applet(cac_applet_pki_process_apdu, cac_applet_pki_reset,
                              pki_aid, pki_aid_len);
    if (applet == NULL) {
        goto failure;
    }
    vcard_set_applet_private(applet, applet_private,
                             cac_delete_pki_applet_private);
    applet_private = NULL;

    return applet;

failure:
    if (applet_private != NULL) {
        cac_delete_pki_applet_private(applet_private);
    }
    return NULL;
}


static unsigned char cac_default_container_aid[] = {
    0xa0, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00 };
static unsigned char cac_id_aid[] = {
    0xa0, 0x00, 0x00, 0x00, 0x79, 0x03, 0x00 };
/*
 * Initialize the cac card. This is the only public function in this file. All
 * the rest are connected through function pointers.
 */
VCardStatus
cac_card_init(VReader *reader, VCard *card,
              const char *params,
              unsigned char * const *cert,
              int cert_len[],
              VCardKey *key[] /* adopt the keys*/,
              int cert_count)
{
    int i;
    VCardApplet *applet;

    /* CAC Cards are VM Cards */
    vcard_set_type(card, VCARD_VM);

    /* create one PKI applet for each cert */
    for (i = 0; i < cert_count; i++) {
        applet = cac_new_pki_applet(i, cert[i], cert_len[i], key[i]);
        if (applet == NULL) {
            goto failure;
        }
        vcard_add_applet(card, applet);
    }

    /* create a default blank container applet */
    applet = vcard_new_applet(cac_applet_container_process_apdu,
                              NULL, cac_default_container_aid,
                              sizeof(cac_default_container_aid));
    if (applet == NULL) {
        goto failure;
    }
    vcard_add_applet(card, applet);

    /* create a default blank container applet */
    applet = vcard_new_applet(cac_applet_id_process_apdu,
                              NULL, cac_id_aid,
                              sizeof(cac_id_aid));
    if (applet == NULL) {
        goto failure;
    }
    vcard_add_applet(card, applet);
    return VCARD_DONE;

failure:
    return VCARD_FAIL;
}
Commit	Line	Data
111a38b0 RR	1	/*
	2	* implement the applets for the CAC card.
	3	*
	4	* This code is licensed under the GNU LGPL, version 2.1 or later.
	5	* See the COPYING.LIB file in the top-level directory.
	6	*/
	7
	8	#include "qemu-common.h"
	9
	10	#include "cac.h"
	11	#include "vcard.h"
	12	#include "vcard_emul.h"
	13	#include "card_7816.h"
	14
111a38b0 RR	15	/* private data for PKI applets */
	16	typedef struct CACPKIAppletDataStruct {
	17	unsigned char *cert;
	18	int cert_len;
	19	unsigned char *cert_buffer;
	20	int cert_buffer_len;
	21	unsigned char *sign_buffer;
	22	int sign_buffer_len;
	23	VCardKey *key;
	24	} CACPKIAppletData;
	25
	26	/*
	27	* CAC applet private data
	28	*/
	29	struct VCardAppletPrivateStruct {
	30	union {
	31	CACPKIAppletData pki_data;
	32	void *reserved;
	33	} u;
	34	};
	35
	36	/*
	37	* handle all the APDU's that are common to all CAC applets
	38	*/
	39	static VCardStatus
	40	cac_common_process_apdu(VCard card, VCardAPDU apdu, VCardResponse **response)
	41	{
	42	int ef;
	43
	44	switch (apdu->a_ins) {
	45	case VCARD7816_INS_SELECT_FILE:
	46	if (apdu->a_p1 != 0x02) {
	47	/* let the 7816 code handle applet switches */
	48	return VCARD_NEXT;
	49	}
	50	/* handle file id setting */
	51	if (apdu->a_Lc != 2) {
	52	*response = vcard_make_response(
	53	VCARD7816_STATUS_ERROR_DATA_INVALID);
	54	return VCARD_DONE;
	55	}
	56	/* CAC 1.0 only supports ef = 0 */
	57	ef = apdu->a_body[0] \| (apdu->a_body[1] << 8);
	58	if (ef != 0) {
	59	*response = vcard_make_response(
	60	VCARD7816_STATUS_ERROR_FILE_NOT_FOUND);
	61	return VCARD_DONE;
	62	}
	63	*response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
	64	return VCARD_DONE;
	65	case VCARD7816_INS_GET_RESPONSE:
	66	case VCARD7816_INS_VERIFY:
	67	/* let the 7816 code handle these */
	68	return VCARD_NEXT;
	69	case CAC_GET_PROPERTIES:
	70	case CAC_GET_ACR:
	71	/* skip these for now, this will probably be needed */
	72	*response = vcard_make_response(VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
	73	return VCARD_DONE;
	74	}
	75	*response = vcard_make_response(
	76	VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
	77	return VCARD_DONE;
	78	}
79
80	/*
81	* reset the inter call state between applet selects
82	*/
83	static VCardStatus
84	cac_applet_pki_reset(VCard *card, int channel)
85	{
86	VCardAppletPrivate *applet_private = NULL;
87	CACPKIAppletData *pki_applet = NULL;
88	applet_private = vcard_get_current_applet_private(card, channel);
89	assert(applet_private);
90	pki_applet = &(applet_private->u.pki_data);
91
92	pki_applet->cert_buffer = NULL;
93	if (pki_applet->sign_buffer) {
7267c094	94	g_free(pki_applet->sign_buffer);
111a38b0 RR	95	pki_applet->sign_buffer = NULL;
	96	}
	97	pki_applet->cert_buffer_len = 0;
	98	pki_applet->sign_buffer_len = 0;
	99	return VCARD_DONE;
	100	}
	101
	102	static VCardStatus
	103	cac_applet_pki_process_apdu(VCard card, VCardAPDU apdu,
	104	VCardResponse **response)
	105	{
	106	CACPKIAppletData *pki_applet = NULL;
	107	VCardAppletPrivate *applet_private = NULL;
	108	int size, next;
	109	unsigned char *sign_buffer;
	110	vcard_7816_status_t status;
	111
	112	applet_private = vcard_get_current_applet_private(card, apdu->a_channel);
	113	assert(applet_private);
	114	pki_applet = &(applet_private->u.pki_data);
	115
	116	switch (apdu->a_ins) {
	117	case CAC_UPDATE_BUFFER:
	118	*response = vcard_make_response(
	119	VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
	120	return VCARD_DONE;
	121	case CAC_GET_CERTIFICATE:
	122	if ((apdu->a_p2 != 0) \|\| (apdu->a_p1 != 0)) {
	123	*response = vcard_make_response(
	124	VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
	125	break;
	126	}
	127	assert(pki_applet->cert != NULL);
	128	size = apdu->a_Le;
	129	if (pki_applet->cert_buffer == NULL) {
	130	pki_applet->cert_buffer = pki_applet->cert;
	131	pki_applet->cert_buffer_len = pki_applet->cert_len;
	132	}
	133	size = MIN(size, pki_applet->cert_buffer_len);
	134	next = MIN(255, pki_applet->cert_buffer_len - size);
	135	*response = vcard_response_new_bytes(
	136	card, pki_applet->cert_buffer, size,
	137	apdu->a_Le, next ?
	138	VCARD7816_SW1_WARNING_CHANGE :
	139	VCARD7816_SW1_SUCCESS,
	140	next);
	141	pki_applet->cert_buffer += size;
	142	pki_applet->cert_buffer_len -= size;
	143	if ((*response == NULL) \|\| (next == 0)) {
	144	pki_applet->cert_buffer = NULL;
	145	}
	146	if (*response == NULL) {
	147	*response = vcard_make_response(
	148	VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
	149	}
	150	return VCARD_DONE;
	151	case CAC_SIGN_DECRYPT:
	152	if (apdu->a_p2 != 0) {
	153	*response = vcard_make_response(
	154	VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
	155	break;
	156	}
	157	size = apdu->a_Lc;
	158
159	sign_buffer = realloc(pki_applet->sign_buffer,
160	pki_applet->sign_buffer_len+size);
161	if (sign_buffer == NULL) {
7267c094	162	g_free(pki_applet->sign_buffer);
111a38b0 RR	163	pki_applet->sign_buffer = NULL;
	164	pki_applet->sign_buffer_len = 0;
	165	*response = vcard_make_response(
	166	VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
	167	return VCARD_DONE;
	168	}
	169	memcpy(sign_buffer+pki_applet->sign_buffer_len, apdu->a_body, size);
	170	size += pki_applet->sign_buffer_len;
	171	switch (apdu->a_p1) {
	172	case 0x80:
	173	/* p1 == 0x80 means we haven't yet sent the whole buffer, wait for
	174	* the rest */
	175	pki_applet->sign_buffer = sign_buffer;
	176	pki_applet->sign_buffer_len = size;
	177	*response = vcard_make_response(VCARD7816_STATUS_SUCCESS);
	178	return VCARD_DONE;
	179	case 0x00:
	180	/* we now have the whole buffer, do the operation, result will be
	181	* in the sign_buffer */
	182	status = vcard_emul_rsa_op(card, pki_applet->key,
	183	sign_buffer, size);
	184	if (status != VCARD7816_STATUS_SUCCESS) {
	185	*response = vcard_make_response(status);
	186	break;
	187	}
	188	*response = vcard_response_new(card, sign_buffer, size, apdu->a_Le,
	189	VCARD7816_STATUS_SUCCESS);
	190	if (*response == NULL) {
	191	*response = vcard_make_response(
	192	VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE);
	193	}
	194	break;
	195	default:
	196	*response = vcard_make_response(
	197	VCARD7816_STATUS_ERROR_P1_P2_INCORRECT);
	198	break;
	199	}
7267c094	200	g_free(sign_buffer);
111a38b0 RR	201	pki_applet->sign_buffer = NULL;
	202	pki_applet->sign_buffer_len = 0;
	203	return VCARD_DONE;
	204	case CAC_READ_BUFFER:
	205	/* new CAC call, go ahead and use the old version for now */
	206	/* TODO: implement */
	207	*response = vcard_make_response(
	208	VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
	209	return VCARD_DONE;
	210	}
	211	return cac_common_process_apdu(card, apdu, response);
	212	}
	213
	214
	215	static VCardStatus
	216	cac_applet_id_process_apdu(VCard card, VCardAPDU apdu,
	217	VCardResponse **response)
	218	{
	219	switch (apdu->a_ins) {
	220	case CAC_UPDATE_BUFFER:
	221	*response = vcard_make_response(
	222	VCARD7816_STATUS_ERROR_CONDITION_NOT_SATISFIED);
	223	return VCARD_DONE;
	224	case CAC_READ_BUFFER:
	225	/* new CAC call, go ahead and use the old version for now */
	226	/* TODO: implement */
	227	*response = vcard_make_response(
	228	VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
	229	return VCARD_DONE;
	230	}
	231	return cac_common_process_apdu(card, apdu, response);
	232	}
	233
	234
	235	/*
	236	* TODO: if we ever want to support general CAC middleware, we will need to
	237	* implement the various containers.
	238	*/
	239	static VCardStatus
	240	cac_applet_container_process_apdu(VCard card, VCardAPDU apdu,
	241	VCardResponse **response)
	242	{
	243	switch (apdu->a_ins) {
	244	case CAC_READ_BUFFER:
	245	case CAC_UPDATE_BUFFER:
	246	*response = vcard_make_response(
	247	VCARD7816_STATUS_ERROR_COMMAND_NOT_SUPPORTED);
	248	return VCARD_DONE;
	249	default:
	250	break;
	251	}
	252	return cac_common_process_apdu(card, apdu, response);
	253	}
	254
	255	/*
	256	* utilities for creating and destroying the private applet data
	257	*/
	258	static void
	259	cac_delete_pki_applet_private(VCardAppletPrivate *applet_private)
	260	{
	261	CACPKIAppletData *pki_applet_data = NULL;
7fc7e584 AL	262
7fc7e584 AL	263	if (applet_private == NULL) {
111a38b0 RR	264	return;
	265	}
	266	pki_applet_data = &(applet_private->u.pki_data);
	267	if (pki_applet_data->cert != NULL) {
7267c094	268	g_free(pki_applet_data->cert);
111a38b0 RR	269	}
111a38b0 RR	270	if (pki_applet_data->sign_buffer != NULL) {
7267c094	271	g_free(pki_applet_data->sign_buffer);
111a38b0 RR	272	}
	273	if (pki_applet_data->key != NULL) {
	274	vcard_emul_delete_key(pki_applet_data->key);
	275	}
7267c094	276	g_free(applet_private);
111a38b0 RR	277	}
	278
	279	static VCardAppletPrivate *
	280	cac_new_pki_applet_private(const unsigned char *cert,
	281	int cert_len, VCardKey *key)
	282	{
	283	CACPKIAppletData *pki_applet_data = NULL;
	284	VCardAppletPrivate *applet_private = NULL;
7267c094	285	applet_private = (VCardAppletPrivate *)g_malloc(sizeof(VCardAppletPrivate));
111a38b0 RR	286
	287	pki_applet_data = &(applet_private->u.pki_data);
	288	pki_applet_data->cert_buffer = NULL;
	289	pki_applet_data->cert_buffer_len = 0;
	290	pki_applet_data->sign_buffer = NULL;
	291	pki_applet_data->sign_buffer_len = 0;
	292	pki_applet_data->key = NULL;
7267c094	293	pki_applet_data->cert = (unsigned char *)g_malloc(cert_len+1);
111a38b0 RR	294	/*
	295	* if we want to support compression, then we simply change the 0 to a 1
	296	* and compress the cert data with libz
	297	*/
	298	pki_applet_data->cert[0] = 0; /* not compressed */
	299	memcpy(&pki_applet_data->cert[1], cert, cert_len);
	300	pki_applet_data->cert_len = cert_len+1;
	301
	302	pki_applet_data->key = key;
	303	return applet_private;
	304	}
	305
	306
	307	/*
	308	* create a new cac applet which links to a given cert
	309	*/
	310	static VCardApplet *
	311	cac_new_pki_applet(int i, const unsigned char *cert,
	312	int cert_len, VCardKey *key)
	313	{
	314	VCardAppletPrivate *applet_private = NULL;
	315	VCardApplet *applet = NULL;
	316	unsigned char pki_aid[] = { 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 };
	317	int pki_aid_len = sizeof(pki_aid);
	318
	319	pki_aid[pki_aid_len-1] = i;
	320
	321	applet_private = cac_new_pki_applet_private(cert, cert_len, key);
	322	if (applet_private == NULL) {
	323	goto failure;
	324	}
	325	applet = vcard_new_applet(cac_applet_pki_process_apdu, cac_applet_pki_reset,
	326	pki_aid, pki_aid_len);
	327	if (applet == NULL) {
	328	goto failure;
	329	}
	330	vcard_set_applet_private(applet, applet_private,
	331	cac_delete_pki_applet_private);
	332	applet_private = NULL;
	333
	334	return applet;
	335
	336	failure:
	337	if (applet_private != NULL) {
	338	cac_delete_pki_applet_private(applet_private);
	339	}
	340	return NULL;
	341	}
	342
	343
	344	static unsigned char cac_default_container_aid[] = {
	345	0xa0, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00 };
	346	static unsigned char cac_id_aid[] = {
	347	0xa0, 0x00, 0x00, 0x00, 0x79, 0x03, 0x00 };
	348	/*
	349	* Initialize the cac card. This is the only public function in this file. All
	350	* the rest are connected through function pointers.
	351	*/
	352	VCardStatus
	353	cac_card_init(VReader reader, VCard card,
	354	const char *params,
	355	unsigned char * const *cert,
	356	int cert_len[],
	357	VCardKey key[] / adopt the keys*/,
358	int cert_count)
359	{
360	int i;
361	VCardApplet *applet;
362
363	/* CAC Cards are VM Cards */
364	vcard_set_type(card, VCARD_VM);
365
366	/* create one PKI applet for each cert */
367	for (i = 0; i < cert_count; i++) {
368	applet = cac_new_pki_applet(i, cert[i], cert_len[i], key[i]);
369	if (applet == NULL) {
370	goto failure;
371	}
372	vcard_add_applet(card, applet);
373	}
374
375	/* create a default blank container applet */
376	applet = vcard_new_applet(cac_applet_container_process_apdu,
377	NULL, cac_default_container_aid,
378	sizeof(cac_default_container_aid));
379	if (applet == NULL) {
380	goto failure;
381	}
382	vcard_add_applet(card, applet);
383
384	/* create a default blank container applet */
385	applet = vcard_new_applet(cac_applet_id_process_apdu,
386	NULL, cac_id_aid,
387	sizeof(cac_id_aid));
388	if (applet == NULL) {
389	goto failure;
390	}
391	vcard_add_applet(card, applet);
392	return VCARD_DONE;
393
394	failure:
395	return VCARD_FAIL;
396	}
397