[Spice-devel] [PATCH libcacard 24/45] cac: Generate CardURLs in CCC based on the cert list

Tue Jul 31 14:50:18 UTC 2018

* This provides the real list of applets in the emulated card
   in the CCC applet CardURLs, which is mandatory for applet and certificated
   discovery.
 * This also increaseses the amount of possible certificates to 10

Signed-off-by: Jakub Jelen <jjelen at redhat.com>
Reviewed-by: Robert Relyea <rrelyea at redhat.com>
---
 src/cac.c         | 80 +++++++++++++++++++++++++++++------------------
 tests/libcacard.c |  2 +-
 2 files changed, 51 insertions(+), 31 deletions(-)

diff --git a/src/cac.c b/src/cac.c
index fc6ba34..c023ee1 100644
--- a/src/cac.c
+++ b/src/cac.c
@@ -1137,23 +1137,30 @@ cac_new_ccc_applet_private(int cert_count)
         "\x72\x36\x0E\x00\x00\x58\xBD\x00\x2C\x19\xB5";
     unsigned char cc_version[] = "\x21";
     unsigned char cg_version[] = "\x21";
-    unsigned char pki_cardurl[] =
-        "\xA0\x00\x00\x00\x79\x04\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00";
-    unsigned char cardurl[14][16] = {
-        "\xA0\x00\x00\x01\x16\x01\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* ACA */
+    unsigned char cardurl[21][16] = {
+        /* common CardURLs */
         "\xA0\x00\x00\x00\x79\x01\x02\xFB\x02\xFB\x00\x00\x00\x00\x00\x00", /* ??? */
         "\xA0\x00\x00\x00\x79\x01\x02\xFE\x02\xFE\x00\x00\x00\x00\x00\x00", /* PKI Certificate */
         "\xA0\x00\x00\x00\x79\x01\x02\xFD\x02\xFD\x00\x00\x00\x00\x00\x00", /* PKI Credential */
         "\xA0\x00\x00\x00\x79\x01\x02\x00\x02\x00\x00\x00\x00\x00\x00\x00", /* Person Instance */
         "\xA0\x00\x00\x00\x79\x01\x02\x01\x02\x01\x00\x00\x00\x00\x00\x00", /* Personel */
+        "\xA0\x00\x00\x01\x16\x01\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* Access Control F. */
+        "\xA0\x00\x00\x01\x16\x01\x60\x10\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+        "\xA0\x00\x00\x01\x16\x01\x60\x30\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+        "\xA0\x00\x00\x01\x16\x01\x90\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* -//- */
+        "\xA0\x00\x00\x00\x79\x01\x12\x01\x12\x01\x00\x00\x00\x00\x00\x00", /* ?? */
+        "\xA0\x00\x00\x00\x79\x01\x12\x02\x12\x02\x00\x00\x00\x00\x00\x00", /* ?? */
+        /* dynamic list of all possible PKI objects CardURLs */
         "\xA0\x00\x00\x00\x79\x04\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00", /* PKI */
         "\xA0\x00\x00\x00\x79\x04\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00", /* PKI */
         "\xA0\x00\x00\x00\x79\x04\x01\x02\x01\x02\x00\x00\x00\x00\x00\x00", /* PKI */
-        "\xA0\x00\x00\x01\x16\x01\x60\x10\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
-        "\xA0\x00\x00\x01\x16\x01\x60\x30\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
-        "\xA0\x00\x00\x01\x16\x01\x90\x00\x30\x00\x00\x00\x00\x00\x00\x00", /* ?? AID=ACA ?? */
-        "\xA0\x00\x00\x00\x79\x01\x12\x01\x12\x01\x00\x00\x00\x00\x00\x00", /* ?? */
-        "\xA0\x00\x00\x00\x79\x01\x12\x02\x12\x02\x00\x00\x00\x00\x00\x00", /* ?? */
+        "\xA0\x00\x00\x00\x79\x04\x01\x03\x01\x03\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x04\x01\x04\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x05\x01\x05\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x06\x01\x06\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x07\x01\x07\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x08\x01\x08\x00\x00\x00\x00\x00\x00", /* PKI */
+        "\xA0\x00\x00\x00\x79\x04\x01\x09\x01\x09\x00\x00\x00\x00\x00\x00", /* PKI */
         /*
          *                                       [ Empty for VM cards!  ]
          * [ RID 5B         ][T ][  OID ][ AID ] [ P][AccessKeyInfo ][ K]
@@ -1171,7 +1178,7 @@ cac_new_ccc_applet_private(int cert_count)
     unsigned char reg_data_model[] = "\x10";
     unsigned char acr_table[] = "\x07\xA0\x00\x00\x00\x79\x03\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00";
-    static struct simpletlv_member buffer[26] = {
+    static struct simpletlv_member buffer[33] = {
       {CAC_CCC_CARD_IDENTIFIER, 0x15, {/*.value = card_identifier*/},
           SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_CAPABILITY_CONTAINER_VERSION, 1, {/*.value = cc_version*/},
@@ -1181,31 +1188,45 @@ cac_new_ccc_applet_private(int cert_count)
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[0]*/},
           SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[1]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[2]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[3]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[4]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[5]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[6]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[7]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[8]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[9]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[10]*/},
-          SIMPLETLV_TYPE_NONE},
+          SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[11]*/},
           SIMPLETLV_TYPE_NONE},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[12]*/},
           SIMPLETLV_TYPE_NONE},
       {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[13]*/},
           SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[14]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[15]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[16]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[17]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[18]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[19]*/},
+          SIMPLETLV_TYPE_NONE},
+      {CAC_CCC_APPLICATION_CARDURL, 16, {/*.value = cardurl[20]*/},
+          SIMPLETLV_TYPE_NONE},
       {CAC_CCC_PKCS15, 1, {/*.value = pkcs15 */},
           SIMPLETLV_TYPE_LEAF},
       {CAC_CCC_REGISTERED_DATA_MODEL_NUMBER, 1, {/*.value = reg_data_model */},
@@ -1236,7 +1257,10 @@ cac_new_ccc_applet_private(int cert_count)
     buffer[0].value.value = card_identifier;
     buffer[1].value.value = cc_version;
     buffer[2].value.value = cg_version;
-    buffer[3].value.value = cardurl[0]; /* ACA */
+    /* common CardURLs */
+    for (i = 0; i < 11; i++) {
+        buffer[3+i].value.value = cardurl[i];
+    }
 
     if (cert_count > 10) {
         // XXX too many objects for now
@@ -1245,17 +1269,13 @@ cac_new_ccc_applet_private(int cert_count)
     }
     /* Generate card URLs for PKI applets */
     for (i = 0; i < cert_count; i++) {
-        memcpy(cardurl[i+1], pki_cardurl, 16);
-        cardurl[i+1][8] = i; /* adjust OID and AID */
-        cardurl[i+1][10] = i;
-        buffer[i+4].value.value = cardurl[i+1];
-        buffer[i+4].type = SIMPLETLV_TYPE_LEAF;
+        buffer[i+14].value.value = cardurl[i+11];
+        buffer[i+14].type = SIMPLETLV_TYPE_LEAF;
     }
-    /* Skip unknown CardURLs for now */
 
-    buffer[17].value.value = pkcs15;
-    buffer[18].value.value = reg_data_model;
-    buffer[19].value.value = acr_table;
+    buffer[24].value.value = pkcs15;
+    buffer[25].value.value = reg_data_model;
+    buffer[26].value.value = acr_table;
     /* CCC Tag+Len buffer */
     /* Ex:
      * 34 00      Length of complete buffer
diff --git a/tests/libcacard.c b/tests/libcacard.c
index 9fc4462..650e2e7 100644
--- a/tests/libcacard.c
+++ b/tests/libcacard.c
@@ -502,7 +502,7 @@ static void read_buffer(VReader *reader, uint8_t type, int object_type)
             }
         }
         if (object_type == TEST_CCC)
-            g_assert_cmpint(card_urls, ==, 4);
+            g_assert_cmpint(card_urls, ==, 11 + 3);
     }
     g_free(data);
 }
-- 
2.17.1

