Upstream fixes already included in the latest community updates to coolkey v1.1.0

Adds header definitons for ADPU fixes.

--- ORIGINAL/./src/libckyapplet/cky_applet.h 2016-06-24 16:09:45.867985533 -0400

+++ ././src/libckyapplet/cky_applet.h 2016-06-24 12:37:33.151017365 -0400

@@ -43,6 +43,8 @@

#define CKYISO_MORE_MASK 0xff00 /* More data mask */

#define CKYISO_MORE 0x6300 /* More data available */

#define CKYISO_DATA_INVALID 0x6984

+#define CKYISO_CONDITION_NOT_SATISFIED 0x6985 /* AKA not logged in (CAC)*/

+#define CKYISO_SECURITY_NOT_SATISFIED 0x6982 /* AKA not logged in (PIV)*/

/* Applet Defined Return codes */

#define CKYISO_NO_MEMORY_LEFT 0x9c01 /* There have been memory

* problems on the card */

@@ -71,6 +73,16 @@

#define CKYISO_INTERNAL_ERROR 0x9cff /* Reserved for debugging,

* shouldn't happen */

+#define CAC_INVALID_PARAMS 0x6a83

+#define CAC_TAG_FILE 1

+#define CAC_VALUE_FILE 2

+

+

+#define CAC_TAG_CARDURL 0xf3

+#define CAC_TAG_CERTIFICATE 0x70

+#define CAC_TAG_CERTINFO 0x71

+#define CAC_TLV_APP_PKI 0x04

+

/*

* Pin Constants as used by our applet

*/

@@ -192,6 +204,14 @@

CKYByte size;

} CKYAppletArgReadObject;

+typedef struct _CKYAppletArgWriteObject {

+ unsigned long objectID;

+ CKYOffset offset;

+ CKYByte size;

+ CKYBuffer *data;

+

+} CKYAppletArgWriteObject;

+

typedef struct _CKYAppletArgComputeCrypt {

CKYByte keyNumber;

CKYByte mode;

@@ -201,6 +221,47 @@

const CKYBuffer *sig;

} CKYAppletArgComputeCrypt;

+typedef struct _CKYAppletArgComputeECCSignature {

+ CKYByte keyNumber;

+ CKYByte location;

+ const CKYBuffer *data;

+ const CKYBuffer *sig;

+} CKYAppletArgComputeECCSignature;

+

+typedef struct _CKYAppletArgComputeECCKeyAgreement {

+ CKYByte keyNumber;

+ CKYByte location;

+ const CKYBuffer *publicValue;

+ const CKYBuffer *secretKey;

+} CKYAppletArgComputeECCKeyAgreement;

+

+

+typedef struct _CACAppletArgReadFile {

+ CKYByte type;

+ CKYByte count;

+ unsigned short offset;

+} CACAppletArgReadFile;

+

+typedef struct _PIVAppletArgSignDecrypt {

+ CKYByte alg;

+ CKYByte key;

+ CKYByte chain;

+ CKYSize len;

+ CKYBuffer *buf;

+} PIVAppletArgSignDecrypt;

+

+typedef struct _pivUnwrapState {

+ CKYByte tag;

+ CKYByte length;

+ int length_bytes;

+} PIVUnwrapState;

+

+typedef struct _PIVAppletRespSignDecrypt {

+ PIVUnwrapState tag_1;

+ PIVUnwrapState tag_2;

+ CKYBuffer *buf;

+} PIVAppletRespSignDecrypt;

+

/* fills in an APDU from a structure -- form of all the generic factories*/

typedef CKYStatus (*CKYAppletFactory)(CKYAPDU *apdu, const void *param);

/* fills in an a structure from a response -- form of all the fill structures*/

@@ -250,6 +311,8 @@

/* param == CKYByte * (pointer to pinNumber) */

CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param);

/* Future add WriteObject */

+/* parm == CKYAppletArgWriteObject */

+CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param);

/* param == CKYAppletArgCreateObject */

CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param);

/* param == CKYAppletArgDeleteObject */

@@ -310,7 +373,6 @@

/* Single value fills: Byte, Short, & Long */

/* param == CKYByte * */

CKYStatus CKYAppletFill_Byte(const CKYBuffer *response, CKYSize size, void *param);

-/* param == CKYByte * */

CKYStatus CKYAppletFill_Short(const CKYBuffer *response, CKYSize size, void *param);

CKYStatus CKYAppletFill_Long(const CKYBuffer *response, CKYSize size, void *param);

@@ -336,7 +398,7 @@

* Sends the ADPU to the card through the connection conn.

* Checks that the response was valid (returning the responce code in apduRC.

* Formats the response data into fillArg with fillFunc

- * nonce and apduRC can be NULL (no nonce is added, not status returned

+ * nonce and apduRC can be NULL (no nonce is added, no status returned

* legal values for afArg are depened on afFunc.

* legal values for fillArg are depened on fillFunc.

*/

@@ -352,7 +414,7 @@

* into function calls, with input and output parameters.

* The application is still responsible for

* 1) creating a connection to the card,

- * 2) Getting a tranaction long, then

+ * 2) Getting a transaction lock, then

* 3) selecting the appropriate applet (or Card manager).

* Except for those calls that have been noted, the appropriate applet

* is the CoolKey applet.

@@ -441,9 +503,17 @@

/* Select the CAC card manager. Can happen with either applet selected */

CKYStatus CACApplet_SelectCardManager(CKYCardConnection *conn,

CKYISOStatus *apduRC);

-/* Can happen with either applet selected */

-CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYByte instance,

- CKYISOStatus *apduRC);

+/* Select the CAC CC container. Can happen with either applet selected */

+CKYStatus CACApplet_SelectCCC(CKYCardConnection *conn, CKYISOStatus *apduRC);

+/* Select an old CAC applet and fill in the cardAID */

+CKYStatus CACApplet_SelectPKI(CKYCardConnection *conn, CKYBuffer *cardAid,

+ CKYByte instance, CKYISOStatus *apduRC);

+/* read a TLV file */

+CKYStatus CACApplet_ReadFile(CKYCardConnection *conn, CKYByte type,

+ CKYBuffer *buffer, CKYISOStatus *apduRC);

+CKYStatus CACApplet_SelectFile(CKYCardConnection *conn, unsigned short ef,

+ CKYISOStatus *apduRC);

+

/* must happen with PKI applet selected */

CKYStatus CACApplet_SignDecrypt(CKYCardConnection *conn, const CKYBuffer *data,

CKYBuffer *result, CKYISOStatus *apduRC);

@@ -457,9 +527,18 @@

CKYISOStatus *apduRC);

/*CKYStatus CACApplet_GetProperties(); */

-CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin,

- CKYISOStatus *apduRC);

+CKYStatus CACApplet_VerifyPIN(CKYCardConnection *conn, const char *pin,

+ int local, CKYISOStatus *apduRC);

+/* Select a PIV applet */

+CKYStatus PIVApplet_Select(CKYCardConnection *conn, CKYISOStatus *apduRC);

+

+CKYStatus PIVApplet_GetCertificate(CKYCardConnection *conn, CKYBuffer *cert,

+ int tag, CKYISOStatus *apduRC);

+CKYStatus PIVApplet_SignDecrypt(CKYCardConnection *conn, CKYByte key,

+ unsigned int keySize, int derive,

+ const CKYBuffer *data, CKYBuffer *result,

+ CKYISOStatus *apduRC);

/*

* There are 3 read commands:

*

@@ -482,6 +561,17 @@

CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn,

unsigned long objectID, CKYOffset offset, CKYSize size,

const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC);

+/*

+ * There is 1 write command:

+ * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple

+ * apdu calls in order to write the full amount into the buffer. The buffer is

+ * overwritten.

+*/

+

+CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,

+ unsigned long objectID, CKYOffset offset, CKYSize size,

+ const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC);

+

CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,

CKYAppletRespListObjects *lop, CKYISOStatus *apduRC);

CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,

@@ -509,6 +599,18 @@

CKYStatus CKYApplet_GetBuiltinACL(CKYCardConnection *conn,

CKYAppletRespGetBuiltinACL *gba, CKYISOStatus *apduRC);

+/** ECC commands

+ * * */

+

+CKYStatus CKYApplet_ComputeECCSignature(CKYCardConnection *conn, CKYByte keyNumber,

+ const CKYBuffer *data, CKYBuffer *sig,

+ CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC);

+

+CKYStatus

+CKYApplet_ComputeECCKeyAgreement(CKYCardConnection *conn, CKYByte keyNumber,

+ const CKYBuffer *publicValue, CKYBuffer *sharedSecret,

+ CKYBuffer *result, const CKYBuffer *nonce, CKYISOStatus *apduRC);

+

/*

* deprecates 0.x functions