From d01e06aa11acddb37282692acba81620562a053a Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 27 Mar 2022 18:15:06 +0200
Subject: [PATCH] 2F02 returns terminal's cvcert and DICA.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/fs/file.c    |  40 +-----------------
 src/hsm/sc_hsm.c | 105 ++++++++++++++++++++++++++---------------------
 2 files changed, 60 insertions(+), 85 deletions(-)

diff --git a/src/fs/file.c b/src/fs/file.c
index 7db74de..39d0fea 100644
--- a/src/fs/file.c
+++ b/src/fs/file.c
@@ -78,51 +78,15 @@ void process_fci(const file_t *pe) {
     res_APDU[1] = res_APDU_size-2;
 }
 
-const uint8_t cvca[] = {
-    0x6A, 0x01,
-    0x7f, 0x21, 0x82, 0x01, 0x65, 0x7f, 0x4e, 0x82, 0x01, 0x2d, 0x5f, 
-	0x29, 0x01, 0x00, 0x42, 0x0e, 0x45, 0x53, 0x48, 0x53, 0x4d, 0x43, 
-	0x56, 0x43, 0x41, 0x32, 0x30, 0x34, 0x30, 0x31, 0x7f, 0x49, 0x81, 
-	0xdd, 0x06, 0x0a, 0x04, 0x00, 0x7f, 0x00, 0x07, 0x02, 0x02, 0x02, 
-	0x02, 0x03, 0x81, 0x18, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 
-	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x82, 0x18, 0xff, 0xff, 0xff, 
-	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-	0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x83, 
-	0x18, 0x64, 0x21, 0x05, 0x19, 0xe5, 0x9c, 0x80, 0xe7, 0x0f, 0xa7, 
-	0xe9, 0xab, 0x72, 0x24, 0x30, 0x49, 0xfe, 0xb8, 0xde, 0xec, 0xc1, 
-	0x46, 0xb9, 0xb1, 0x84, 0x31, 0x04, 0x18, 0x8d, 0xa8, 0x0e, 0xb0, 
-	0x30, 0x90, 0xf6, 0x7c, 0xbf, 0x20, 0xeb, 0x43, 0xa1, 0x88, 0x00, 
-	0xf4, 0xff, 0x0a, 0xfd, 0x82, 0xff, 0x10, 0x12, 0x07, 0x19, 0x2b, 
-	0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, 0x6b, 0x24, 
-	0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, 0x85, 
-	0x18, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
-	0xff, 0xff, 0x99, 0xde, 0xf8, 0x36, 0x14, 0x6b, 0xc9, 0xb1, 0xb4, 
-	0xd2, 0x28, 0x31, 0x86, 0x31, 0x04, 0x4d, 0x28, 0x34, 0x67, 0xb5, 
-	0x43, 0xfd, 0x84, 0x22, 0x09, 0xbd, 0xd2, 0xd6, 0x26, 0x27, 0x2d, 
-	0x53, 0xa7, 0xdf, 0x52, 0x8f, 0xc2, 0xde, 0x7c, 0x9a, 0xcd, 0x1f, 
-	0xf2, 0x10, 0x42, 0x7c, 0x13, 0x44, 0x03, 0xb0, 0xa5, 0xdf, 0x8a, 
-	0xd4, 0x59, 0xd1, 0x86, 0x4b, 0xde, 0x33, 0xb1, 0x60, 0x17, 0x87, 
-	0x01, 0x01, 0x5f, 0x20, 0x0e, 0x45, 0x53, 0x48, 0x53, 0x4d, 0x43, 
-	0x56, 0x43, 0x41, 0x32, 0x30, 0x34, 0x30, 0x31, 0x7f, 0x4c, 0x12, 
-	0x06, 0x09, 0x04, 0x00, 0x7f, 0x00, 0x07, 0x03, 0x01, 0x02, 0x02, 
-	0x53, 0x05, 0xc0, 0x00, 0x00, 0x00, 0x04, 0x5f, 0x25, 0x06, 0x02, 
-	0x02, 0x00, 0x02, 0x01, 0x09, 0x5f, 0x24, 0x06, 0x03, 0x00, 0x01, 
-	0x02, 0x03, 0x01, 0x5f, 0x37, 0x30, 0x26, 0x2d, 0x6f, 0xa6, 0xd0, 
-	0x52, 0x01, 0xf1, 0x41, 0x1e, 0xe9, 0x33, 0x29, 0x19, 0x42, 0x42, 
-	0x9b, 0xb0, 0xeb, 0xf7, 0x46, 0x20, 0xcb, 0x81, 0xfe, 0xda, 0xd7, 
-	0xab, 0x2b, 0xdc, 0xa7, 0x38, 0xf4, 0xc8, 0xec, 0x4c, 0x66, 0xb4, 
-	0x0a, 0x2d, 0x16, 0xfb, 0xf3, 0x79, 0xe9, 0x93, 0xc8, 0x25 
-};
-
 extern const uint8_t sc_hsm_aid[];
 extern int parse_token_info(const file_t *f, int mode);
+extern int parse_cvca(const file_t *f, int mode);
 
 file_t file_entries[] = {
     /*  0 */ { .fid = 0x3f00    , .parent = 0xff, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = {0} }, // MF
     /*  1 */ { .fid = 0x2f00    , .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.DIR
     /*  2 */ { .fid = 0x2f01    , .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.ATR
-    /*  3 */ { .fid = 0x2f02    , .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF,.data = (uint8_t *)cvca, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.GDO
+    /*  3 */ { .fid = 0x2f02    , .parent = 0, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC,.data = (uint8_t *)parse_cvca, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.GDO
     /*  4 */ { .fid = 0x2f03    , .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF | FILE_DATA_FUNC,.data = (uint8_t *)parse_token_info, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.TokenInfo
     /*  5 */ { .fid = 0x5015    , .parent = 0, .name = NULL, .type = FILE_TYPE_DF, .data = NULL, .ef_structure = 0, .acl = {0} }, //DF.PKCS15
     /*  6 */ { .fid = 0x5031    , .parent = 5, .name = NULL, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, //EF.ODF
diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index 89178a8..63a08c9 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -29,6 +29,7 @@
 #include "mbedtls/cmac.h"
 #include "mbedtls/hkdf.h"
 #include "version.h"
+#include "cvcerts.h"
 
 const uint8_t sc_hsm_aid[] = {
     11, 
@@ -222,6 +223,53 @@ static int cmd_select() {
     return SW_OK ();
 }
 
+sc_context_t *create_context() {
+    sc_context_t *ctx;
+    sc_context_param_t ctx_opts;
+    memset(&ctx_opts, 0, sizeof(sc_context_param_t));
+    ctx_opts.ver      = 0;
+	ctx_opts.app_name = "hsm2040";
+    sc_context_create(&ctx, &ctx_opts);
+    ctx->debug = 0;
+    sc_ctx_log_to_file(ctx, "stdout");
+    return ctx;
+}
+
+void cvc_init_common(sc_cvc_t *cvc, sc_context_t *ctx) {
+    memset(cvc, 0, sizeof(sc_cvc_t));
+
+    size_t lencar = 0, lenchr = 0;
+    const unsigned char *car = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x42, &lencar);
+    const unsigned char *chr = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x5f20, &lenchr);
+    if (car && lencar > 0)
+        strlcpy(cvc->car, car, MIN(lencar,sizeof(cvc->car)));
+    else
+        strlcpy(cvc->car, "UTSRCACC100001", sizeof(cvc->car));
+    if (chr && lenchr > 0)
+        strlcpy(cvc->chr, chr, MIN(lenchr, sizeof(cvc->chr)));
+    else
+	    strlcpy(cvc->chr, "ESHSMCVCA00001", sizeof(cvc->chr));
+	strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car));	
+}
+
+int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) {
+    uint8_t *cvcbin;
+    size_t cvclen;
+    cvc->signatureLen = sig_len;
+    cvc->signature = (uint8_t *)calloc(1, sig_len);
+    cvc->outerSignatureLen = 4;
+    cvc->outerSignature = (uint8_t *)calloc(1, sig_len);
+    int r = sc_pkcs15emu_sc_hsm_encode_cvc(p15card, cvc, &cvcbin, &cvclen);
+    if (r != SC_SUCCESS) {
+        if (cvcbin)
+            free(cvcbin);
+        return r;
+    }
+    hash(cvcbin, cvclen, hsh);
+    free(cvcbin);
+    return HSM_OK;
+}
+
 int parse_token_info(const file_t *f, int mode) {
     char *label = "Pico-HSM";
     char *manu = "Pol Henarejos";
@@ -247,6 +295,16 @@ int parse_token_info(const file_t *f, int mode) {
     return len;
 }
 
+int parse_cvca(const file_t *f, int mode) {
+    size_t termca_len = file_read_uint16(termca);
+    size_t dica_len = file_read_uint16(dica);
+    if (mode == 1) {
+        memcpy(res_APDU, termca+2, termca_len);
+        memcpy(res_APDU+termca_len, dica+2, dica_len);
+        res_APDU_size = termca_len+dica_len;
+    }
+    return termca_len+dica_len;
+}
 
 static int cmd_list_keys()
 {
@@ -720,53 +778,6 @@ int store_keys(void *key_ctx, int type, uint8_t key_id, sc_context_t *ctx) {
     return HSM_OK;
 }
 
-sc_context_t *create_context() {
-    sc_context_t *ctx;
-    sc_context_param_t ctx_opts;
-    memset(&ctx_opts, 0, sizeof(sc_context_param_t));
-    ctx_opts.ver      = 0;
-	ctx_opts.app_name = "hsm2040";
-    sc_context_create(&ctx, &ctx_opts);
-    ctx->debug = 0;
-    sc_ctx_log_to_file(ctx, "stdout");
-    return ctx;
-}
-
-void cvc_init_common(sc_cvc_t *cvc, sc_context_t *ctx) {
-    memset(cvc, 0, sizeof(sc_cvc_t));
-
-    size_t lencar = 0, lenchr = 0;
-    const unsigned char *car = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x42, &lencar);
-    const unsigned char *chr = sc_asn1_find_tag(ctx, (const uint8_t *)apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, 0x5f20, &lenchr);
-    if (car && lencar > 0)
-        strlcpy(cvc->car, car, MIN(lencar,sizeof(cvc->car)));
-    else
-        strlcpy(cvc->car, "UTCA00001", sizeof(cvc->car));
-    if (chr && lenchr > 0)
-        strlcpy(cvc->chr, chr, MIN(lenchr, sizeof(cvc->chr)));
-    else
-	    strlcpy(cvc->chr, "ESHSMCVCA00001", sizeof(cvc->chr));
-	strlcpy(cvc->outer_car, "ESHSM00001", sizeof(cvc->outer_car));	
-}
-
-int cvc_prepare_signatures(sc_pkcs15_card_t *p15card, sc_cvc_t *cvc, size_t sig_len, uint8_t *hsh) {
-    uint8_t *cvcbin;
-    size_t cvclen;
-    cvc->signatureLen = sig_len;
-    cvc->signature = (uint8_t *)calloc(1, sig_len);
-    cvc->outerSignatureLen = 4;
-    cvc->outerSignature = (uint8_t *)calloc(1, sig_len);
-    int r = sc_pkcs15emu_sc_hsm_encode_cvc(p15card, cvc, &cvcbin, &cvclen);
-    if (r != SC_SUCCESS) {
-        if (cvcbin)
-            free(cvcbin);
-        return r;
-    }
-    hash(cvcbin, cvclen, hsh);
-    free(cvcbin);
-    return HSM_OK;
-}
-
 static int cmd_keypair_gen() {
     uint8_t key_id = P1(apdu);
     uint8_t auth_key_id = P2(apdu);