|
|
5831fa |
diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
|
|
|
5831fa |
index 03c83868f1..794472134c 100644
|
|
|
5831fa |
--- a/src/libopensc/card-piv.c
|
|
|
5831fa |
+++ b/src/libopensc/card-piv.c
|
|
|
5831fa |
@@ -3,7 +3,7 @@
|
|
|
5831fa |
* card-default.c: Support for cards with no driver
|
|
|
5831fa |
*
|
|
|
5831fa |
* Copyright (C) 2001, 2002 Juha Yrjölä <juha.yrjola@iki.fi>
|
|
|
5831fa |
- * Copyright (C) 2005-2016 Douglas E. Engert <deengert@gmail.com>
|
|
|
5831fa |
+ * Copyright (C) 2005-2018 Douglas E. Engert <deengert@gmail.com>
|
|
|
5831fa |
* Copyright (C) 2006, Identity Alliance, Thomas Harning <thomas.harning@identityalliance.com>
|
|
|
5831fa |
* Copyright (C) 2007, EMC, Russell Larner <rlarner@rsa.com>
|
|
|
5831fa |
*
|
|
|
5831fa |
@@ -53,6 +53,7 @@
|
|
|
5831fa |
#ifdef ENABLE_ZLIB
|
|
|
5831fa |
#include "compression.h"
|
|
|
5831fa |
#endif
|
|
|
5831fa |
+#include "simpletlv.h"
|
|
|
5831fa |
|
|
|
5831fa |
enum {
|
|
|
5831fa |
PIV_OBJ_CCC = 0,
|
|
|
5831fa |
@@ -146,6 +147,16 @@ enum {
|
|
|
5831fa |
PIV_STATE_INIT
|
|
|
5831fa |
};
|
|
|
5831fa |
|
|
|
5831fa |
+/* ccc_flags */
|
|
|
5831fa |
+#define PIV_CCC_FOUND 0x00000001
|
|
|
5831fa |
+#define PIV_CCC_F0_PIV 0x00000002
|
|
|
5831fa |
+#define PIV_CCC_F0_CAC 0x00000004
|
|
|
5831fa |
+#define PIV_CCC_F0_JAVA 0x00000008
|
|
|
5831fa |
+#define PIV_CCC_F3_CAC_PKI 0x00000010
|
|
|
5831fa |
+
|
|
|
5831fa |
+#define PIV_CCC_TAG_F0 0xF0
|
|
|
5831fa |
+#define PIV_CCC_TAG_F3 0xF3
|
|
|
5831fa |
+
|
|
|
5831fa |
typedef struct piv_private_data {
|
|
|
5831fa |
int enumtag;
|
|
|
5831fa |
int selected_obj; /* The index into the piv_objects last selected */
|
|
|
5831fa |
@@ -174,6 +185,7 @@ typedef struct piv_private_data {
|
|
|
5831fa |
unsigned int card_issues; /* card_issues flags for this card */
|
|
|
5831fa |
int object_test_verify; /* Can test this object to set verification state of card */
|
|
|
5831fa |
int yubico_version; /* 3 byte version number of NEO or Yubikey4 as integer */
|
|
|
5831fa |
+ unsigned int ccc_flags; /* From CCC indicate if CAC card */
|
|
|
5831fa |
} piv_private_data_t;
|
|
|
5831fa |
|
|
|
5831fa |
#define PIV_DATA(card) ((piv_private_data_t*)card->drv_data)
|
|
|
5831fa |
@@ -198,6 +210,37 @@ struct piv_aid {
|
|
|
5831fa |
* These can be discovered by trying GET DATA
|
|
|
5831fa |
*/
|
|
|
5831fa |
|
|
|
5831fa |
+/* ATRs of cards known to have PIV applet. But must still be tested for a PIV applet */
|
|
|
5831fa |
+static const struct sc_atr_table piv_atrs[] = {
|
|
|
5831fa |
+ /* CAC cards with PIV from: CAC-utilziation-and-variation-matrix-v2.03-20May2016.doc */
|
|
|
5831fa |
+ /* Oberthur Card Systems (PIV Endpoint) with PIV endpoint applet and PIV auth cert OBSOLETE */
|
|
|
5831fa |
+ { "3B:DB:96:00:80:1F:03:00:31:C0:64:77:E3:03:00:82:90.00:C1", NULL, NULL, SC_CARD_TYPE_PIV_II_OBERTHUR, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* Gemalto (PIV Endpoint) with PIV endpoint applet and PIV auth cert OBSOLETE */
|
|
|
5831fa |
+ { "3B 7D 96 00 00 80 31 80 65 B0 83 11 13 AC 83 00 90 00", NULL, NULL, SC_CARD_TYPE_PIV_II_GEMALTO, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* Gemalto (PIV Endpoint) 2 entries */
|
|
|
5831fa |
+ { "3B:7D:96:00:00:80:31:80:65:B0:83:11:17:D6:83:00:90:00", NULL, NULL, SC_CARD_TYPE_PIV_II_GEMALTO, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* Oberthur Card System (PIV Endpoint) 2 entries*/
|
|
|
5831fa |
+ { "3B:DB:96:00:80:1F:03:00:31:C0:64:B0:F3:10:00:07:90:00:80", NULL, NULL, SC_CARD_TYPE_PIV_II_OBERTHUR, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* Giesecke & Devrient (PIV Endpoint) 2 entries */
|
|
|
5831fa |
+ { "3B:7A:18:00:00:73:66:74:65:20:63:64:31:34:34", NULL, NULL, SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* PIVKEY from Taligo */
|
|
|
5831fa |
+ /* PIVKEY T600 token and T800 on Feitian eJAVA */
|
|
|
5831fa |
+ { "3B:FC:18:00:00:81:31:80:45:90:67:46:4A:00:64:2D:70:C1:72:FE:E0:FE", NULL, NULL, SC_CARD_TYPE_PIV_II_PIVKEY, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* PIVKEY C910 */
|
|
|
5831fa |
+ { "3b:fc:18:00:00:81:31:80:45:90:67:46:4a:00:64:16:06:f2:72:7e:00:e0", NULL, NULL, SC_CARD_TYPE_PIV_II_PIVKEY, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* PIVKEY C980 */
|
|
|
5831fa |
+ { "3B:f9:96:00:00:81:31:fe:45:53:50:49:56:4b:45:59:37:30:28", NULL, NULL, SC_CARD_TYPE_PIV_II_PIVKEY, 0, NULL },
|
|
|
5831fa |
+
|
|
|
5831fa |
+ { NULL, NULL, NULL, 0, 0, NULL }
|
|
|
5831fa |
+};
|
|
|
5831fa |
+
|
|
|
5831fa |
/* all have same AID */
|
|
|
5831fa |
static struct piv_aid piv_aids[] = {
|
|
|
5831fa |
{SC_CARD_TYPE_PIV_II_GENERIC, /* TODO not really card type but what PIV AID is supported */
|
|
|
5831fa |
@@ -209,9 +252,10 @@ static struct piv_aid piv_aids[] = {
|
|
|
5831fa |
#define CI_VERIFY_630X 0x00000001U /* VERIFY tries left returns 630X rather then 63CX */
|
|
|
5831fa |
#define CI_VERIFY_LC0_FAIL 0x00000002U /* VERIFY Lc=0 never returns 90 00 if PIN not needed */
|
|
|
5831fa |
/* will also test after first PIN verify if protected object can be used instead */
|
|
|
5831fa |
+#define CI_NO_RANDOM 0x00000004U /* can not use Challenge to get random data or no 9B key */
|
|
|
5831fa |
#define CI_CANT_USE_GETDATA_FOR_STATE 0x00000008U /* No object to test verification inplace of VERIFY Lc=0 */
|
|
|
5831fa |
#define CI_LEAKS_FILE_NOT_FOUND 0x00000010U /* GET DATA of empty object returns 6A 82 even if PIN not verified */
|
|
|
5831fa |
-#define CI_DISCOVERY_USELESS 0x00000020U /* Discovery can not be used to query active AID */
|
|
|
5831fa |
+#define CI_DISCOVERY_USELESS 0x00000020U /* Discovery can not be used to query active AID invalid or no data returned */
|
|
|
5831fa |
#define CI_PIV_AID_LOSE_STATE 0x00000040U /* PIV AID can lose the login state run with out it*/
|
|
|
5831fa |
|
|
|
5831fa |
#define CI_OTHER_AID_LOSE_STATE 0x00000100U /* Other drivers match routines may reset our security state and lose AID!!! */
|
|
|
5831fa |
@@ -219,7 +263,7 @@ static struct piv_aid piv_aids[] = {
|
|
|
5831fa |
|
|
|
5831fa |
#define CI_NO_RSA2048 0x00010000U /* does not have RSA 2048 */
|
|
|
5831fa |
#define CI_NO_EC384 0x00020000U /* does not have EC 384 */
|
|
|
5831fa |
-
|
|
|
5831fa |
+#define CI_NO_EC 0x00040000U /* No EC at all */
|
|
|
5831fa |
|
|
|
5831fa |
/*
|
|
|
5831fa |
* Flags in the piv_object:
|
|
|
5831fa |
@@ -2222,11 +2266,33 @@ static int piv_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
|
|
|
5831fa |
size_t rbuf_len = 0, out_len = 0;
|
|
|
5831fa |
int r;
|
|
|
5831fa |
unsigned int tag, cla;
|
|
|
5831fa |
+ piv_private_data_t * priv = PIV_DATA(card);
|
|
|
5831fa |
|
|
|
5831fa |
LOG_FUNC_CALLED(card->ctx);
|
|
|
5831fa |
|
|
|
5831fa |
+ if (priv->card_issues & CI_NO_RANDOM) {
|
|
|
5831fa |
+ r = SC_ERROR_NOT_SUPPORTED;
|
|
|
5831fa |
+ LOG_TEST_GOTO_ERR(card->ctx, r, "No support for random data");
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+
|
|
|
5831fa |
/* NIST 800-73-3 says use 9B, previous verisons used 00 */
|
|
|
5831fa |
r = piv_general_io(card, 0x87, 0x00, 0x9B, sbuf, sizeof sbuf, &rbuf, &rbuf_len);
|
|
|
5831fa |
+ /*
|
|
|
5831fa |
+ * piv_get_challenge is called in a loop.
|
|
|
5831fa |
+ * some cards may allow 1 challenge expecting it to be part of
|
|
|
5831fa |
+ * NIST 800-73-3 part 2 "Authentication of PIV Card Application Administrator"
|
|
|
5831fa |
+ * and return "6A 80" if last command was a get_challenge.
|
|
|
5831fa |
+ * Now that the card returned error, we can try one more time.
|
|
|
5831fa |
+ */
|
|
|
5831fa |
+ if (r == SC_ERROR_INCORRECT_PARAMETERS) {
|
|
|
5831fa |
+ if (rbuf)
|
|
|
5831fa |
+ free(rbuf);
|
|
|
5831fa |
+ rbuf_len = 0;
|
|
|
5831fa |
+ r = piv_general_io(card, 0x87, 0x00, 0x9B, sbuf, sizeof sbuf, &rbuf, &rbuf_len);
|
|
|
5831fa |
+ if (r == SC_ERROR_INCORRECT_PARAMETERS) {
|
|
|
5831fa |
+ r = SC_ERROR_NOT_SUPPORTED;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ }
|
|
|
5831fa |
LOG_TEST_GOTO_ERR(card->ctx, r, "GENERAL AUTHENTICATE failed");
|
|
|
5831fa |
|
|
|
5831fa |
p = rbuf;
|
|
|
5831fa |
@@ -2635,6 +2701,91 @@ static int piv_process_discovery(sc_card_t *card)
|
|
|
5831fa |
LOG_FUNC_RETURN(card->ctx, r);
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
+/*
|
|
|
5831fa |
+ * parse a CCC to test if this is a Dual CAC/PIV
|
|
|
5831fa |
+ * We read teh CCC using the PIV API.
|
|
|
5831fa |
+ * Look for CAC RID=A0 00 00 00 79
|
|
|
5831fa |
+ */
|
|
|
5831fa |
+ static int piv_parse_ccc(sc_card_t *card, u8* rbuf, size_t rbuflen)
|
|
|
5831fa |
+{
|
|
|
5831fa |
+ int r = 0;
|
|
|
5831fa |
+ const u8 * body;
|
|
|
5831fa |
+ size_t bodylen;
|
|
|
5831fa |
+ unsigned int cla_out, tag_out;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ u8 tag;
|
|
|
5831fa |
+ const u8 * end;
|
|
|
5831fa |
+ size_t len;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ piv_private_data_t * priv = PIV_DATA(card);
|
|
|
5831fa |
+
|
|
|
5831fa |
+ SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
|
|
5831fa |
+
|
|
|
5831fa |
+ if (rbuf == NULL || rbuflen == 0) {
|
|
|
5831fa |
+ r = SC_ERROR_WRONG_LENGTH;
|
|
|
5831fa |
+ goto err;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* Outer layer is a DER tlv */
|
|
|
5831fa |
+ body = rbuf;
|
|
|
5831fa |
+ if ((r = sc_asn1_read_tag(&body, rbuflen, &cla_out, &tag_out, &bodylen)) != SC_SUCCESS) {
|
|
|
5831fa |
+ sc_log(card->ctx, "DER problem %d",r);
|
|
|
5831fa |
+ r = SC_ERROR_INVALID_ASN1_OBJECT;
|
|
|
5831fa |
+ goto err;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+
|
|
|
5831fa |
+ priv->ccc_flags |= PIV_CCC_FOUND;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* CCC entries are simple tlv */
|
|
|
5831fa |
+ end = body + bodylen;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ for(; (body < end); body += len) {
|
|
|
5831fa |
+
|
|
|
5831fa |
+ r = sc_simpletlv_read_tag((u8**)&body, end - body , &tag, &len;;
|
|
|
5831fa |
+ if (r < 0)
|
|
|
5831fa |
+ goto err;
|
|
|
5831fa |
+ switch (tag) {
|
|
|
5831fa |
+ case PIV_CCC_TAG_F0:
|
|
|
5831fa |
+ if (len == 0x15) {
|
|
|
5831fa |
+ if (memcmp(body ,"\xA0\x00\x00\x03\08", 5) == 0)
|
|
|
5831fa |
+ priv->ccc_flags |= PIV_CCC_F0_PIV;
|
|
|
5831fa |
+ else if (memcmp(body ,"\xA0\x00\x00\x00\x79", 5) == 0)
|
|
|
5831fa |
+ priv->ccc_flags |= PIV_CCC_F0_CAC;
|
|
|
5831fa |
+ if (*(body + 6) == 0x02)
|
|
|
5831fa |
+ priv->ccc_flags |= PIV_CCC_F0_JAVA;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ case PIV_CCC_TAG_F3:
|
|
|
5831fa |
+ if (len == 0x10) {
|
|
|
5831fa |
+ if (memcmp(body ,"\xA0\x00\x00\x00\x79\x04", 6) == 0)
|
|
|
5831fa |
+ priv->ccc_flags |= PIV_CCC_F3_CAC_PKI;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+
|
|
|
5831fa |
+err:
|
|
|
5831fa |
+ LOG_FUNC_RETURN(card->ctx, r);
|
|
|
5831fa |
+}
|
|
|
5831fa |
+
|
|
|
5831fa |
+static int piv_process_ccc(sc_card_t *card)
|
|
|
5831fa |
+{
|
|
|
5831fa |
+ int r = 0;
|
|
|
5831fa |
+ u8 * rbuf = NULL;
|
|
|
5831fa |
+ size_t rbuflen = 0;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
|
|
5831fa |
+ r = piv_get_cached_data(card, PIV_OBJ_CCC, &rbuf, &rbuflen);
|
|
|
5831fa |
+
|
|
|
5831fa |
+ if (r < 0)
|
|
|
5831fa |
+ goto err;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* the object is now cached, see what we have */
|
|
|
5831fa |
+ r = piv_parse_ccc(card, rbuf, rbuflen);
|
|
|
5831fa |
+err:
|
|
|
5831fa |
+ LOG_FUNC_RETURN(card->ctx, r);
|
|
|
5831fa |
+}
|
|
|
5831fa |
+
|
|
|
5831fa |
|
|
|
5831fa |
static int piv_find_discovery(sc_card_t *card)
|
|
|
5831fa |
{
|
|
|
5831fa |
@@ -2922,7 +3073,8 @@ piv_finish(sc_card_t *card)
|
|
|
5831fa |
static int piv_match_card(sc_card_t *card)
|
|
|
5831fa |
{
|
|
|
5831fa |
int r = 0;
|
|
|
5831fa |
-
|
|
|
5831fa |
+
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d\n", card->type);
|
|
|
5831fa |
/* piv_match_card may be called with card->type, set by opensc.conf */
|
|
|
5831fa |
/* user provide card type must be one we know */
|
|
|
5831fa |
switch (card->type) {
|
|
|
5831fa |
@@ -2931,7 +3083,13 @@ static int piv_match_card(sc_card_t *card)
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_HIST:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_NEO:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_YUBIKEY4:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_PIVKEY:
|
|
|
5831fa |
break;
|
|
|
5831fa |
default:
|
|
|
5831fa |
return 0; /* can not handle the card */
|
|
|
5831fa |
@@ -2950,13 +3108,14 @@ static int piv_match_card(sc_card_t *card)
|
|
|
5831fa |
piv_finish(card);
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d r:%d\n", card->type,r);
|
|
|
5831fa |
return r;
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
|
|
|
5831fa |
static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
{
|
|
|
5831fa |
- int i, r;
|
|
|
5831fa |
+ int i, r = 0;
|
|
|
5831fa |
int type = -1;
|
|
|
5831fa |
piv_private_data_t *priv = NULL;
|
|
|
5831fa |
int saved_type = card->type;
|
|
|
5831fa |
@@ -2973,12 +3132,19 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_HIST:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_NEO:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_YUBIKEY4:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_PIVKEY:
|
|
|
5831fa |
type = card->type;
|
|
|
5831fa |
break;
|
|
|
5831fa |
default:
|
|
|
5831fa |
return 0; /* can not handle the card */
|
|
|
5831fa |
}
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d type:%d r:%d\n", card->type, type, r);
|
|
|
5831fa |
if (type == -1) {
|
|
|
5831fa |
|
|
|
5831fa |
/*
|
|
|
5831fa |
@@ -2997,18 +3163,6 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
!(memcmp(card->reader->atr_info.hist_bytes, "Yubikey", 7))) {
|
|
|
5831fa |
type = SC_CARD_TYPE_PIV_II_NEO;
|
|
|
5831fa |
}
|
|
|
5831fa |
- /*
|
|
|
5831fa |
- * https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1239.pdf
|
|
|
5831fa |
- * lists 2 ATRS with historical bytes:
|
|
|
5831fa |
- * 73 66 74 65 2D 63 64 30 38 30
|
|
|
5831fa |
- * 73 66 74 65 20 63 64 31 34 34
|
|
|
5831fa |
- * will check for 73 66 74 65
|
|
|
5831fa |
- */
|
|
|
5831fa |
- else if (card->reader->atr_info.hist_bytes_len >= 4
|
|
|
5831fa |
- && !(memcmp(card->reader->atr_info.hist_bytes, "sfte", 4))) {
|
|
|
5831fa |
- type = SC_CARD_TYPE_PIV_II_GI_DE;
|
|
|
5831fa |
- }
|
|
|
5831fa |
-
|
|
|
5831fa |
else if (card->reader->atr_info.hist_bytes_len > 0
|
|
|
5831fa |
&& card->reader->atr_info.hist_bytes[0] == 0x80u) { /* compact TLV */
|
|
|
5831fa |
size_t datalen;
|
|
|
5831fa |
@@ -3029,10 +3183,17 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
}
|
|
|
5831fa |
}
|
|
|
5831fa |
}
|
|
|
5831fa |
- if (type == -1)
|
|
|
5831fa |
- type = SC_CARD_TYPE_PIV_II_GENERIC;
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d type:%d r:%d\n", card->type, type, r);
|
|
|
5831fa |
+
|
|
|
5831fa |
+ if (type == -1) {
|
|
|
5831fa |
+ /* use known ATRs */
|
|
|
5831fa |
+ i = _sc_match_atr(card, piv_atrs, &type);
|
|
|
5831fa |
+ if (type == -1)
|
|
|
5831fa |
+ type = SC_CARD_TYPE_PIV_II_GENERIC; /* may still be CAC with PIV Endpoint */
|
|
|
5831fa |
+ }
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d type:%d r:%d\n", card->type, type, r);
|
|
|
5831fa |
/* allocate and init basic fields */
|
|
|
5831fa |
|
|
|
5831fa |
priv = calloc(1, sizeof(piv_private_data_t));
|
|
|
5831fa |
@@ -3046,6 +3207,7 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
card->drv_data = priv; /* will free if no match, or pass on to piv_init */
|
|
|
5831fa |
priv->selected_obj = -1;
|
|
|
5831fa |
priv->pin_preference = 0x80; /* 800-73-3 part 1, table 3 */
|
|
|
5831fa |
+ /* TODO Dual CAC/PIV are bases on 800-73-1 were priv->pin_preference = 0. need to check later */
|
|
|
5831fa |
priv->logged_in = SC_PIN_STATE_UNKNOWN;
|
|
|
5831fa |
priv->tries_left = 10; /* will assume OK at start */
|
|
|
5831fa |
priv->pstate = PIV_STATE_MATCH;
|
|
|
5831fa |
@@ -3064,38 +3226,104 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
/*
|
|
|
5831fa |
- * detect if active AID is PIV. NIST 800-73 says Only one PIV application per card
|
|
|
5831fa |
- * and PIV must be the default application
|
|
|
5831fa |
- * This can avoid doing doing a select_aid and losing the login state on some cards
|
|
|
5831fa |
+ * Detect if active AID is PIV. NIST 800-73 says only one PIV application per card
|
|
|
5831fa |
+ * and PIV must be the default application.
|
|
|
5831fa |
+ * Try to avoid doing a select_aid and losing the login state on some cards.
|
|
|
5831fa |
* We may get interference on some cards by other drivers trying SELECT_AID before
|
|
|
5831fa |
- * we get to see if PIV application is still active.
|
|
|
5831fa |
+ * we get to see if PIV application is still active
|
|
|
5831fa |
* putting PIV driver first might help.
|
|
|
5831fa |
- * This may fail if the wrong AID is active
|
|
|
5831fa |
+ * This may fail if the wrong AID is active.
|
|
|
5831fa |
+ * Discovery Object introduced in 800-73-3 so will return 0 if found and PIV applet active.
|
|
|
5831fa |
+ * Will fail with SC_ERROR_FILE_NOT_FOUND if 800-73-3 and no Discovery object.
|
|
|
5831fa |
+ * But some other card could also return SC_ERROR_FILE_NOT_FOUND.
|
|
|
5831fa |
+ * Will fail for other reasons if wrong applet is selected, or bad PIV implimentation.
|
|
|
5831fa |
*/
|
|
|
5831fa |
- i = piv_find_discovery(card);
|
|
|
5831fa |
+
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d CI:%08x r:%d\n", card->type, priv->card_issues, r);
|
|
|
5831fa |
+ if (priv->card_issues & CI_DISCOVERY_USELESS) /* TODO may be in wrong place */
|
|
|
5831fa |
+ i = -1;
|
|
|
5831fa |
+ else
|
|
|
5831fa |
+ i = piv_find_discovery(card);
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i:%d CI:%08x r:%d\n", card->type, i, priv->card_issues, r);
|
|
|
5831fa |
if (i < 0) {
|
|
|
5831fa |
/* Detect by selecting applet */
|
|
|
5831fa |
i = piv_find_aid(card);
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i:%d CI:%08x r:%d\n", card->type, i, priv->card_issues, r);
|
|
|
5831fa |
if (i >= 0) {
|
|
|
5831fa |
+ int iccc = 0;
|
|
|
5831fa |
+ /* We now know PIV AID is active, test CCC object 800-73-* say CCC is required */
|
|
|
5831fa |
+ switch (card->type) {
|
|
|
5831fa |
+ /*
|
|
|
5831fa |
+ * For cards that may also be CAC, try and read the CCC
|
|
|
5831fa |
+ * CCC is required and all Dual PIV/CAC will have a CCC
|
|
|
5831fa |
+ * Currently Dual PIV/CAC are based on NIST 800-73-1 which does not have Discovery or History
|
|
|
5831fa |
+ */
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GENERIC: /* i.e. really dont know what this is */
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_HIST:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR:
|
|
|
5831fa |
+ iccc = piv_process_ccc(card);
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d iccc:%d ccc_flags:%08x CI:%08x r:%d\n",
|
|
|
5831fa |
+ card->type, iccc, priv->ccc_flags, priv->card_issues, r);
|
|
|
5831fa |
+ /* ignore an error? */
|
|
|
5831fa |
+ /* if CCC says it has CAC with PKI on card set to one of the SC_CARD_TYPE_PIV_II_*_DUAL_CAC */
|
|
|
5831fa |
+ if (priv->ccc_flags & PIV_CCC_F3_CAC_PKI) {
|
|
|
5831fa |
+ switch (card->type) {
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GENERIC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_HIST:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ card->type = SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC;
|
|
|
5831fa |
+ priv->card_issues |= CI_DISCOVERY_USELESS;
|
|
|
5831fa |
+ priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO:
|
|
|
5831fa |
+ card->type = SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC;
|
|
|
5831fa |
+ priv->card_issues |= CI_DISCOVERY_USELESS;
|
|
|
5831fa |
+ priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR:
|
|
|
5831fa |
+ card->type = SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC;
|
|
|
5831fa |
+ priv->card_issues |= CI_DISCOVERY_USELESS;
|
|
|
5831fa |
+ priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ /* if user forced it to be one of the CAC types, assume it is CAC */
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC:
|
|
|
5831fa |
+ priv->card_issues |= CI_DISCOVERY_USELESS;
|
|
|
5831fa |
+ priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ }
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i:%d CI:%08x r:%d\n", card->type, i, priv->card_issues, r);
|
|
|
5831fa |
+ if (i >= 0 && (priv->card_issues & CI_DISCOVERY_USELESS) == 0) {
|
|
|
5831fa |
/*
|
|
|
5831fa |
- * We now know PIV AID is active, test DISCOVERY object
|
|
|
5831fa |
- * Some CAC cards with PIV don't support DISCOVERY and return
|
|
|
5831fa |
- * SC_ERROR_INCORRECT_PARAMETERS. Any error other then
|
|
|
5831fa |
- * SC_ERROR_FILE_NOT_FOUND means we cannot use discovery
|
|
|
5831fa |
+ * We now know PIV AID is active, test DISCOVERY object again
|
|
|
5831fa |
+ * Some PIV don't support DISCOVERY and return
|
|
|
5831fa |
+ * SC_ERROR_INCORRECT_PARAMETERS. Any error
|
|
|
5831fa |
+ * including SC_ERROR_FILE_NOT_FOUND means we cannot use discovery
|
|
|
5831fa |
* to test for active AID.
|
|
|
5831fa |
*/
|
|
|
5831fa |
int i7e = piv_find_discovery(card);
|
|
|
5831fa |
|
|
|
5831fa |
- if (i7e != 0 && i7e != SC_ERROR_FILE_NOT_FOUND) {
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i7e:%d CI:%08x r:%d\n", card->type, i7e, priv->card_issues, r);
|
|
|
5831fa |
+ if (i7e != 0) {
|
|
|
5831fa |
priv->card_issues |= CI_DISCOVERY_USELESS;
|
|
|
5831fa |
priv->obj_cache[PIV_OBJ_DISCOVERY].flags |= PIV_OBJ_CACHE_NOT_PRESENT;
|
|
|
5831fa |
}
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
-
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i:%d CI:%08x r:%d\n", card->type, i, priv->card_issues, r);
|
|
|
5831fa |
if (i < 0) {
|
|
|
5831fa |
/* don't match. Does not have a PIV applet. */
|
|
|
5831fa |
sc_unlock(card);
|
|
|
5831fa |
@@ -3104,6 +3332,7 @@ static int piv_match_card_continued(sc_card_t *card)
|
|
|
5831fa |
return 0;
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d i:%d CI:%08x r:%d\n", card->type, i, priv->card_issues, r);
|
|
|
5831fa |
/* Matched, caller will use or free priv and sc_lock as needed */
|
|
|
5831fa |
priv->pstate=PIV_STATE_INIT;
|
|
|
5831fa |
return 1; /* match */
|
|
|
5831fa |
@@ -3124,7 +3353,7 @@ static int piv_init(sc_card_t *card)
|
|
|
5831fa |
/* continue the matching get a lock and the priv */
|
|
|
5831fa |
r = piv_match_card_continued(card);
|
|
|
5831fa |
if (r != 1) {
|
|
|
5831fa |
- sc_log(card->ctx,"piv_match_card_continued failed");
|
|
|
5831fa |
+ sc_log(card->ctx,"piv_match_card_continued failed card->type:%d", card->type);
|
|
|
5831fa |
piv_finish(card);
|
|
|
5831fa |
/* tell sc_connect_card to try other drivers */
|
|
|
5831fa |
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_CARD);
|
|
|
5831fa |
@@ -3147,6 +3376,7 @@ static int piv_init(sc_card_t *card)
|
|
|
5831fa |
* Set card_issues based on card type either set by piv_match_card or by opensc.conf
|
|
|
5831fa |
*/
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d CI:%08x r:%d\n", card->type, priv->card_issues, r);
|
|
|
5831fa |
switch(card->type) {
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_NEO:
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_YUBIKEY4:
|
|
|
5831fa |
@@ -3178,6 +3408,7 @@ static int piv_init(sc_card_t *card)
|
|
|
5831fa |
* may be set earlier or later then in the following code.
|
|
|
5831fa |
*/
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d CI:%08x r:%d\n", card->type, priv->card_issues, r);
|
|
|
5831fa |
switch(card->type) {
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_NEO:
|
|
|
5831fa |
priv->card_issues |= CI_NO_EC384
|
|
|
5831fa |
@@ -3196,30 +3427,53 @@ static int piv_init(sc_card_t *card)
|
|
|
5831fa |
priv->card_issues |= CI_VERIFY_LC0_FAIL;
|
|
|
5831fa |
break;
|
|
|
5831fa |
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO:
|
|
|
5831fa |
+ priv->card_issues |= 0; /* could add others here */
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_HIST:
|
|
|
5831fa |
- priv->card_issues |= 0;
|
|
|
5831fa |
+ priv->card_issues |= 0; /* could add others here */
|
|
|
5831fa |
break;
|
|
|
5831fa |
|
|
|
5831fa |
- case SC_CARD_TYPE_PIV_II_GI_DE:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC:
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC:
|
|
|
5831fa |
priv->card_issues |= CI_VERIFY_LC0_FAIL
|
|
|
5831fa |
| CI_PIV_AID_LOSE_STATE
|
|
|
5831fa |
- | CI_OTHER_AID_LOSE_STATE;;
|
|
|
5831fa |
+ | CI_NO_RANDOM
|
|
|
5831fa |
+ | CI_OTHER_AID_LOSE_STATE;
|
|
|
5831fa |
/* TODO may need more research */
|
|
|
5831fa |
break;
|
|
|
5831fa |
|
|
|
5831fa |
+
|
|
|
5831fa |
case SC_CARD_TYPE_PIV_II_GENERIC:
|
|
|
5831fa |
priv->card_issues |= CI_VERIFY_LC0_FAIL
|
|
|
5831fa |
| CI_OTHER_AID_LOSE_STATE;
|
|
|
5831fa |
/* TODO may need more research */
|
|
|
5831fa |
break;
|
|
|
5831fa |
|
|
|
5831fa |
+ case SC_CARD_TYPE_PIV_II_PIVKEY:
|
|
|
5831fa |
+ priv->card_issues |= CI_VERIFY_LC0_FAIL
|
|
|
5831fa |
+ | CI_PIV_AID_LOSE_STATE /* be conservative */
|
|
|
5831fa |
+ | CI_NO_EC384 | CI_NO_EC
|
|
|
5831fa |
+ | CI_NO_RANDOM; /* does not have 9B key */
|
|
|
5831fa |
+ /* Discovery object returns 6A 82 so is not on card by default */
|
|
|
5831fa |
+ /* TODO may need more research */
|
|
|
5831fa |
+ break;
|
|
|
5831fa |
+
|
|
|
5831fa |
default:
|
|
|
5831fa |
- priv->card_issues = 0; /* opensc.conf may have it wrong, continue anyway */
|
|
|
5831fa |
- sc_log(card->ctx, "Unknown PIV card->type %d", card->type);
|
|
|
5831fa |
- card->type = SC_CARD_TYPE_PIV_II_BASE;
|
|
|
5831fa |
+ priv->card_issues |= CI_VERIFY_LC0_FAIL
|
|
|
5831fa |
+ | CI_OTHER_AID_LOSE_STATE;
|
|
|
5831fa |
+ /* opensc.conf may have it wrong, continue anyway */
|
|
|
5831fa |
+ sc_log(card->ctx, "Unknown PIV card->type %d", card->type);
|
|
|
5831fa |
+ card->type = SC_CARD_TYPE_PIV_II_GENERIC;
|
|
|
5831fa |
}
|
|
|
5831fa |
sc_log(card->ctx, "PIV card-type=%d card_issues=0x%08x", card->type, priv->card_issues);
|
|
|
5831fa |
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH card->type:%d CI:%08x r:%d\n", card->type, priv->card_issues, r);
|
|
|
5831fa |
+
|
|
|
5831fa |
priv->enumtag = piv_aids[0].enumtag;
|
|
|
5831fa |
|
|
|
5831fa |
/* PKCS#11 may try to generate session keys, and get confused
|
|
|
5831fa |
@@ -3233,15 +3487,20 @@ static int piv_init(sc_card_t *card)
|
|
|
5831fa |
_sc_card_add_rsa_alg(card, 2048, flags, 0); /* optional */
|
|
|
5831fa |
_sc_card_add_rsa_alg(card, 3072, flags, 0); /* optional */
|
|
|
5831fa |
|
|
|
5831fa |
- flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ECDSA_HASH_NONE;
|
|
|
5831fa |
- ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
|
|
|
5831fa |
+ if (!(priv->card_issues & CI_NO_EC)) {
|
|
|
5831fa |
+ flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ECDSA_HASH_NONE;
|
|
|
5831fa |
+ ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
|
|
|
5831fa |
+
|
|
|
5831fa |
+ _sc_card_add_ec_alg(card, 256, flags, ext_flags, NULL);
|
|
|
5831fa |
+ if (!(priv->card_issues & CI_NO_EC384))
|
|
|
5831fa |
+ _sc_card_add_ec_alg(card, 384, flags, ext_flags, NULL);
|
|
|
5831fa |
+ }
|
|
|
5831fa |
|
|
|
5831fa |
- _sc_card_add_ec_alg(card, 256, flags, ext_flags, NULL);
|
|
|
5831fa |
- if (!(priv->card_issues & CI_NO_EC384))
|
|
|
5831fa |
- _sc_card_add_ec_alg(card, 384, flags, ext_flags, NULL);
|
|
|
5831fa |
+ if (!(priv->card_issues & CI_NO_RANDOM))
|
|
|
5831fa |
+ card->caps |= SC_CARD_CAP_RNG;
|
|
|
5831fa |
|
|
|
5831fa |
- /* TODO may turn off SC_CARD_CAP_ISO7816_PIN_INFO later */
|
|
|
5831fa |
- card->caps |= SC_CARD_CAP_RNG | SC_CARD_CAP_ISO7816_PIN_INFO;
|
|
|
5831fa |
+ /* May turn off SC_CARD_CAP_ISO7816_PIN_INFO later */
|
|
|
5831fa |
+ card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
|
|
5831fa |
|
|
|
5831fa |
/*
|
|
|
5831fa |
* 800-73-3 cards may have a history object and/or a discovery object
|
|
|
5831fa |
@@ -3565,11 +3824,13 @@ static int piv_card_reader_lock_obtained(sc_card_t *card, int was_reset)
|
|
|
5831fa |
r = SC_ERROR_NO_CARD_SUPPORT;
|
|
|
5831fa |
} else {
|
|
|
5831fa |
r = piv_find_discovery(card);
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH piv_find_discovery card->type:%d r:%d\n", card->type, r);
|
|
|
5831fa |
}
|
|
|
5831fa |
|
|
|
5831fa |
if (r < 0) {
|
|
|
5831fa |
if (was_reset > 0 || !(priv->card_issues & CI_PIV_AID_LOSE_STATE)) {
|
|
|
5831fa |
r = piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, temp, &templen);
|
|
|
5831fa |
+ sc_debug(card->ctx,SC_LOG_DEBUG_MATCH, "PIV_MATCH piv_select_aid card->type:%d r:%d\n", card->type, r);
|
|
|
5831fa |
} else {
|
|
|
5831fa |
r = 0; /* cant do anything with this card, hope there was no interference */
|
|
|
5831fa |
}
|
|
|
5831fa |
diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
|
|
|
5831fa |
index f4df17fb04..121182bb6a 100644
|
|
|
5831fa |
--- a/src/libopensc/cards.h
|
|
|
5831fa |
+++ b/src/libopensc/cards.h
|
|
|
5831fa |
@@ -136,7 +136,13 @@ enum {
|
|
|
5831fa |
SC_CARD_TYPE_PIV_II_HIST,
|
|
|
5831fa |
SC_CARD_TYPE_PIV_II_NEO,
|
|
|
5831fa |
SC_CARD_TYPE_PIV_II_YUBIKEY4,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_GI_DE_DUAL_CAC,
|
|
|
5831fa |
SC_CARD_TYPE_PIV_II_GI_DE,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_GEMALTO_DUAL_CAC,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_GEMALTO,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_OBERTHUR_DUAL_CAC,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_OBERTHUR,
|
|
|
5831fa |
+ SC_CARD_TYPE_PIV_II_PIVKEY,
|
|
|
5831fa |
|
|
|
5831fa |
/* MuscleApplet */
|
|
|
5831fa |
SC_CARD_TYPE_MUSCLE_BASE = 15000,
|
|
|
5831fa |
|