diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-11-15 17:37:07 -0800 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-11-22 16:00:40 -0800 |
commit | 4027d3caa872f2950dae0b3d2208c0c54ceb4a4c (patch) | |
tree | e34cc65fd7d80e914f93bea144a5c85c172ba068 /base/tps-client | |
parent | 52694cd6acf81446623b6d24947d8d3afdc8536c (diff) | |
download | pki-4027d3caa872f2950dae0b3d2208c0c54ceb4a4c.tar.gz pki-4027d3caa872f2950dae0b3d2208c0c54ceb4a4c.tar.xz pki-4027d3caa872f2950dae0b3d2208c0c54ceb4a4c.zip |
Change lifecycle at end of enrollment if it is not already set.
TPS throws "err=6" when attempting to format and enroll G&D Cards.
https://bugzilla.redhat.com/show_bug.cgi?id=1320283
This fix addresses this bug , but also:
Fixes this issue:
Applet upgrade during rekey operation results in formatted token.
Also, it takes care of a related issue where the new apdu needed for the
lifecycle state causes the testing tool "tpslcient" to seg fault.
The fix here is a minimal fix to have tpsclient return an error when it gets
this apdu it can't handle, instead of crashing.
Diffstat (limited to 'base/tps-client')
-rw-r--r-- | base/tps-client/src/CMakeLists.txt | 1 | ||||
-rw-r--r-- | base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp | 41 | ||||
-rw-r--r-- | base/tps-client/src/include/apdu/APDU.h | 3 | ||||
-rw-r--r-- | base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h | 58 | ||||
-rw-r--r-- | base/tps-client/tools/raclient/RA_Conn.cpp | 14 | ||||
-rw-r--r-- | base/tps-client/tools/raclient/RA_Token.cpp | 4 |
6 files changed, 118 insertions, 3 deletions
diff --git a/base/tps-client/src/CMakeLists.txt b/base/tps-client/src/CMakeLists.txt index 28ca2e450..be5665f30 100644 --- a/base/tps-client/src/CMakeLists.txt +++ b/base/tps-client/src/CMakeLists.txt @@ -95,6 +95,7 @@ set(tps_library_SRCS apdu/Import_Key_APDU.cpp apdu/Import_Key_Enc_APDU.cpp apdu/APDU_Response.cpp + apdu/Get_Lifecycle_APDU.cpp msg/RA_Begin_Op_Msg.cpp msg/RA_End_Op_Msg.cpp msg/RA_Login_Request_Msg.cpp diff --git a/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp b/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp new file mode 100644 index 000000000..19035ee47 --- /dev/null +++ b/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp @@ -0,0 +1,41 @@ +#include <stdio.h> +#include "apdu/APDU.h" +#include "apdu/Get_Lifecycle_APDU.h" +#include "main/Memory.h" + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +/** + * Constructs Get Lifecycle APDU. + */ + +TPS_PUBLIC Get_Lifecycle_APDU::Get_Lifecycle_APDU () +{ + SetCLA(0xB0); + SetINS(0xF2); + SetP1(0x00); + SetP2(0x00); +} + +TPS_PUBLIC Get_Lifecycle_APDU::~Get_Lifecycle_APDU () +{ +} + +TPS_PUBLIC APDU_Type Get_Lifecycle_APDU::GetType() +{ + return APDU_GET_LIFECYCLE; +} + +TPS_PUBLIC void Get_Lifecycle_APDU::GetEncoding(Buffer &data){ + + data += Buffer(1, m_cla); + data += Buffer(1, m_ins); + data += Buffer(1, m_p1); + data += Buffer(1, m_p2); + data += Buffer(1, 0x01); + +} diff --git a/base/tps-client/src/include/apdu/APDU.h b/base/tps-client/src/include/apdu/APDU.h index cfb66ad19..e4b8b2a26 100644 --- a/base/tps-client/src/include/apdu/APDU.h +++ b/base/tps-client/src/include/apdu/APDU.h @@ -76,7 +76,8 @@ enum APDU_Type { APDU_IMPORT_KEY_ENC = 25, APDU_SET_ISSUERINFO = 26, APDU_GET_ISSUERINFO = 27, - APDU_GENERATE_KEY_ECC = 28 + APDU_GENERATE_KEY_ECC = 28, + APDU_GET_LIFECYCLE = 29 }; class APDU diff --git a/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h b/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h new file mode 100644 index 000000000..e8e1e9ad4 --- /dev/null +++ b/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h @@ -0,0 +1,58 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + * + * Copyright (C) 2007 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + */ + +#ifndef GET_LIFECYCLE_APDU_H +#define GET_LIFECYCLE_APDU_H + +#ifdef HAVE_CONFIG_H +#ifndef AUTOTOOLS_CONFIG_H +#define AUTOTOOLS_CONFIG_H + +/* Eliminate warnings when using Autotools */ +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION + +#include <config.h> +#endif /* AUTOTOOLS_CONFIG_H */ +#endif /* HAVE_CONFIG_H */ + +#include "main/Base.h" +#include "apdu/APDU.h" + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +class Get_Lifecycle_APDU : public APDU +{ + public: + TPS_PUBLIC Get_Lifecycle_APDU(); + TPS_PUBLIC ~Get_Lifecycle_APDU(); + TPS_PUBLIC APDU_Type GetType(); + TPS_PUBLIC void GetEncoding(Buffer &data); +}; + +#endif /* LIFECYCLE_APDU_H */ diff --git a/base/tps-client/tools/raclient/RA_Conn.cpp b/base/tps-client/tools/raclient/RA_Conn.cpp index 4686acb6b..6ca033f79 100644 --- a/base/tps-client/tools/raclient/RA_Conn.cpp +++ b/base/tps-client/tools/raclient/RA_Conn.cpp @@ -55,6 +55,7 @@ #include "apdu/Select_APDU.h" #include "apdu/Get_Version_APDU.h" #include "apdu/Put_Key_APDU.h" +#include "apdu/Get_Lifecycle_APDU.h" #include "msg/RA_Begin_Op_Msg.h" #include "msg/RA_End_Op_Msg.h" #include "msg/RA_Extended_Login_Request_Msg.h" @@ -932,6 +933,11 @@ RA_Conn::CreateAPDU (RA_Token * tok, Buffer & in_apdu_data, Buffer & mac) data = NULL; } } + else if (((BYTE *) apdu_data)[1] == 0xF2) + { + /* Get Lifecycle */ + apdu = new Get_Lifecycle_APDU(); + } else { /* error */ @@ -1055,7 +1061,13 @@ RA_Conn::ReadMsg (RA_Token * token) Buffer mac; APDU *apdu = CreateAPDU (token, *apdu_data, mac); - msg = new RA_Token_PDU_Request_Msg (apdu); + + if(apdu == NULL) { + msg = NULL; + } else { + msg = new RA_Token_PDU_Request_Msg (apdu); + } + if (apdu_data != NULL) { delete apdu_data; diff --git a/base/tps-client/tools/raclient/RA_Token.cpp b/base/tps-client/tools/raclient/RA_Token.cpp index ec8307366..2d347cb32 100644 --- a/base/tps-client/tools/raclient/RA_Token.cpp +++ b/base/tps-client/tools/raclient/RA_Token.cpp @@ -2526,7 +2526,9 @@ RA_Token::Process (APDU * apdu, NameValueSet * vars, NameValueSet * params) else { printf ("RA_Token: Unknown APDU (%d)\n", apdu->GetType ()); - /* error */ + + Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88); + resp = new APDU_Response (data); } return resp; } |