1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
// --- BEGIN COPYRIGHT BLOCK ---
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation;
// version 2.1 of the License.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor,
// Boston, MA 02110-1301 USA
//
// Copyright (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
#include <stdio.h>
#include "apdu/APDU.h"
#include "apdu/Create_Object_APDU.h"
#include "main/Memory.h"
#ifdef XP_WIN32
#define TPS_PUBLIC __declspec(dllexport)
#else /* !XP_WIN32 */
#define TPS_PUBLIC
#endif /* !XP_WIN32 */
/**
* Constructs a Create Object APDU. This APDU is usually sent right
* before Write_Buffer_APDU is sent. This APDU only creates an Object
* on token, but does not actually writes object content until
* Write_Buffer_APDU is sent.
*
* CreateObject APDU format:
* CLA 0x84
* INS 0x5a
* P1 0x00
* P2 0x00
* lc 0x0e
* DATA <Object Parameters>
*
* [DATA] Object Parameters are:
* Long Object ID;
* Long Object Size;
* ObjectACL ObjectACL;
*
* Connection requirement:
* Secure Channel
*
* Possible error Status Codes:
* 9C 06 - unauthorized
* 9C 08 - object already exists
* 9C 01 - insufficient memory on card to complete the operation
*
* NOTE:
* Observe that the PIN identity is hard-coded at n.2 for each
* permission. In Housekey, this is probably a non-issue, however,
* in housekey, do we not allow multiple people (presumably closely
* -related) to share one token with individual certs? We should
* consider exposing this as an input param.
*
* @param object_id as defined in APDU
* @param len length of object
* @see APDU
*/
TPS_PUBLIC Create_Object_APDU::Create_Object_APDU (BYTE *object_id, BYTE *permissions, int len)
{
SetCLA(0x84);
SetINS(0x5a);
SetP1(0x00);
SetP2(0x00);
Buffer data;
data =
/* Object ID */
Buffer(1, (BYTE)object_id[0]) +
Buffer(1, (BYTE)object_id[1]) +
Buffer(1, (BYTE)object_id[2]) +
Buffer(1, (BYTE)object_id[3]) +
/* data length */
Buffer(1, (BYTE)(len >> 24)) +
Buffer(1, (BYTE)((len >> 16) & 0xff)) +
Buffer(1, (BYTE)((len >> 8) & 0xff)) +
Buffer(1, (BYTE)(len & 0xff)) +
/* ACLs */
/* should take from caller
// read permission
Buffer(1, (BYTE)0xFF) + // means "read" never allowed
Buffer(1, (BYTE)0xFF) +
// write permission
Buffer(1, (BYTE)0x40) + //means "write" for identity n.2 (PIN required)
Buffer(1, (BYTE)0x00) +
// delete permission
Buffer(1, (BYTE)0x40) + //means "delete" for identity n.2 (PIN) required
Buffer(1, (BYTE)0x00);
*/
Buffer(1, (BYTE) permissions[0]) +
Buffer(1, (BYTE) permissions[1]) +
Buffer(1, (BYTE) permissions[2]) +
Buffer(1, (BYTE) permissions[3]) +
Buffer(1, (BYTE) permissions[4]) +
Buffer(1, (BYTE) permissions[5]);
SetData(data);
}
TPS_PUBLIC Create_Object_APDU::~Create_Object_APDU ()
{
}
TPS_PUBLIC APDU_Type Create_Object_APDU::GetType()
{
return APDU_CREATE_OBJECT;
}
|
