1. 22 Aug, 2018 1 commit
  2. 16 Aug, 2018 3 commits
  3. 06 Aug, 2018 1 commit
    • Jakub Jelen's avatar
      cac, cac-aca: Implement other undocumented encoding for extended properties · d73b64d8
      Jakub Jelen authored
       * These modifiers nor format is not documented anywhere, but ActivClient
         expects them and cards happily answer them
       * This is a kind of more compressed form of other ACA buffers, but it is
         extended with some additional values of unknown meaning.
       * This is somehow consistent with the standard GET ACR parameters, but if
         P1 | 0x40 is set, the response should come in this new format.
       * This affects also GET PROPERTIES APDU, where we get also other bunch of
         TLVs in case of this bit is set.
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-29-jjelen@redhat.com>
      d73b64d8
  4. 02 Aug, 2018 9 commits
    • Jakub Jelen's avatar
      cac: Implement CAC passthrough applets · 982556d0
      Jakub Jelen authored
       * The PKI Credential, PKI Certificate and Person Instance applets
         are hard to emulate with bogus data and therefore we will
         make them available from the existing cards.
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-22-jjelen@redhat.com>
      982556d0
    • Jakub Jelen's avatar
      cac: Emulate also other empty applets; handling multiple COIDs · fd217efb
      Jakub Jelen authored
       * These are probably not mandatory, but they are present in real card
      
       * There are two types od them, one of them presents buffers in
         properties, but they are empty. The other does not even present
         the buffers in properties.
      
       * They do not have any known purpose, but they are on existing cards
      
       * ACF applet has more valid Card Object IDs it answers to on SELECT OID
         APDU
      
       * This requires some internal changes of SELECT OID handling, but
         currently, we do not have any "useful" data in different OIDs
         so we just need to keep the protocol.
      
       * Actually, the data in ACF (Access Control File) are one of the
         mandatory parts of CAC, but they are not exposed in PKCS#11
         and impossible to emulate (signatures of the internal structures),
         but ActivClient does not really need them.
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-19-jjelen@redhat.com>
      fd217efb
    • Jakub Jelen's avatar
      cac: Generate CardURLs in CCC based on the cert list · 922ce9b9
      Jakub Jelen authored
       * This provides the real list of applets in the emulated card
         in the CCC applet CardURLs, which is mandatory for applet and certificated
         discovery.
       * This also increaseses the amount of possible certificates to 10
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-15-jjelen@redhat.com>
      922ce9b9
    • Jakub Jelen's avatar
      cac: Generate dynamic ACA structures based on the certificates · d8386ee1
      Jakub Jelen authored
       * So far, the ACA tables were static from existing card.
       * This change allows adjusting the ACA tables based on the real
         certificates and PKI applets present in virtual smart card
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-14-jjelen@redhat.com>
      d8386ee1
    • Jakub Jelen's avatar
      cac: Anotate other missing applets · 44317ac4
      Jakub Jelen authored
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-11-jjelen@redhat.com>
      44317ac4
    • Jakub Jelen's avatar
      ACA Applet · c130d6ca
      Jakub Jelen authored
       * The Access Control Applet is used to discover other applets
         in the card, discover Access Control Rules for various opperations
         and provides information about authentication mechanisms.
      
       * The ACA provides many structures that are quite independent from
         the rest of CAC so it is implemented in separate file.
      
       * All the structures are annotated with the references to specifications
      
       * Implements structures and access functions in ACA Applet
         * Access Control Rules table
         * Applet/Object Access Control Rules table
         * Access Method Provider table
         * Service Applet Table
      
         (from "5.3.3.5 Get ACR APDU" of GSC-IS 2.1)
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-7-jjelen@redhat.com>
      c130d6ca
    • Jakub Jelen's avatar
      Card Manager Applet · b2023ced
      Jakub Jelen authored
       * The card manager applet from Global Platform is common in
         Java Cards.
       * This commit fixes its location and implement appropriate
         responses to APDUs in separate independent file which can
         be used in other cards in future.
       * The responses to SELECT APDU are still handled in
         the generic ISO 7816 code, but the responses are improved.
       * This affects also the existing testsuite, which needs
         adjustments, since the SELECT APDU retunrs different data.
       * This loads the GP applet separately from CAC applet
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-6-jjelen@redhat.com>
      b2023ced
    • Jakub Jelen's avatar
      CCC Applet implementation · 1ee47450
      Jakub Jelen authored
       * The Card Capability Container (CCC) is mandatory applet of CAC 2
         and is used to discover other applets, card capabilities and
         properties
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-5-jjelen@redhat.com>
      1ee47450
    • Jakub Jelen's avatar
      Adjust PKI Applet to CAC 2 · f2b58b03
      Jakub Jelen authored
       * This involves creation of properties structures in the applet,
         that are used to discover pki buffers in the applet and its
         properties.
       * This also removes the old way of accessing certificates using
         GET CERTIFICATE APDU also with the test
       * This uses the new function vcard_emul_rsa_bits() to expose the
         real key size in properties buffer
      Signed-off-by: default avatarJakub Jelen <jjelen@redhat.com>
      Reviewed-by: default avatarRobert Relyea <rrelyea@redhat.com>
      Message-Id: <20180802094407.4104-4-jjelen@redhat.com>
      f2b58b03
  5. 31 Jul, 2018 1 commit
  6. 15 Sep, 2015 2 commits
  7. 30 Apr, 2015 1 commit
  8. 28 Oct, 2014 1 commit
  9. 10 Jun, 2014 1 commit
  10. 26 May, 2014 1 commit
  11. 23 May, 2014 2 commits
  12. 02 Dec, 2013 1 commit
  13. 24 Apr, 2013 2 commits
  14. 25 Oct, 2011 1 commit
  15. 21 Aug, 2011 1 commit
  16. 02 Apr, 2011 1 commit
    • Robert Relyea's avatar
      libcacard: initial commit · 3b7042ff
      Robert Relyea authored
      libcacard emulates a Common Access Card (CAC) which is a standard
      for smartcards. It is used by the emulated ccid card introduced in
      a following patch. Docs are available in docs/libcacard.txt
      Signed-off-by: default avatarAlon Levy <alevy@redhat.com>
      
      ---
      
      changes from v24->v25:
       * Fix out of tree builds.
       * Fix build with linux-user targets.
      
      changes from v23->v24: (Jes Sorensen review 2)
       * Makefile.target: use obj-$(CONFIG_*) +=
       * remove unrequired includes, include qemu-common before qemu-thread
        * required adding #define NO_NSPR_10_SUPPORT (harmless)
      
      changes from v22->v23:
       * configure fixes: (reported by Stefan Hajnoczi)
        * test a = b, not a == b (second isn't portable)
        * quote $source_path in case it contains spaces
         - this doesn't really help since there are many other places
           that need similar fixes, not introduced by this patch.
      
      changes from v21->v22:
       * fix configure to not link libcacard if nss not found
          (reported by Stefan Hajnoczi)
       * fix vscclient linkage with simpletrace backend
          (reported by Stefan Hajnoczi)
       * card_7816.c: add missing break in ERROR_DATA_NOT_FOUND
          (reported by William van de Velde)
      
      changes from v20->v21: (Jes Sorensen review)
       * use qemu infrastructure: qemu-thread, qemu-common (qemu_malloc
        and qemu_free), error_report
       * assert instead of ASSERT
       * cosmetic fixes
       * use strpbrk and isspace
       * add --disable-nss --enable-nss here, instead of in the final patch.
       * split vscclient, passthru and docs to following patches.
      
      changes from v19->v20:
       * checkpatch.pl
      
      changes from v15->v16:
      
      Build:
       * don't erase self with distclean
       * fix make clean after make distclean
       * Makefile: make vscclient link quiet
      
      Behavioral:
       * vcard_emul_nss: load coolkey in more situations
       * vscclient:
        * use hton,ntoh
        * send init on connect, only start vevent thread on response
        * read payload after header check, before type switch
        * remove Reconnect
        * update for vscard_common changes, empty Flush implementation
      
      Style/Whitespace:
       * fix wrong variable usage
       * remove unused variable
       * use only C style comments
        * add copyright header
        * fix tabulation
      Signed-off-by: default avatarAlon Levy <alevy@redhat.com>
      
      libcacard: fix out of tree builds
      3b7042ff