removing unneeded keyLength option, fix defautl value keyind for dele…

…te_key
kaoh · Sep 9, 2020 · 3316d99 · 3316d99
1 parent b2693b7
commit 3316d99
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 27 deletions.
diff --git a/globalplatform/src/globalplatform.c b/globalplatform/src/globalplatform.c
@@ -1191,7 +1191,7 @@ OPGP_ERROR_STATUS delete_key(OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardI
 	BYTE recvBuffer[3];
 	DWORD i=0;
 	OPGP_LOG_START(_T("delete_key"));
-	if ((keySetVersion == 0x00) && (keyIndex == 0x00))
+	if ((keySetVersion == 0x00) && (keyIndex == 0xFF))
 		{ OPGP_ERROR_CREATE_ERROR(status, OPGP_ERROR_INVALID_COMBINATION_KEY_SET_VERSION_KEY_INDEX, OPGP_stringify_error(OPGP_ERROR_INVALID_COMBINATION_KEY_SET_VERSION_KEY_INDEX)); goto end; }
 	//if (keySetVersion > 0x7f)
 	//	{ status = OPGP_ERROR_WRONG_KEY_VERSION; goto end; }
@@ -5091,7 +5091,7 @@ OPGP_ERROR_STATUS OP201_put_delegated_management_keys(OPGP_CARD_CONTEXT cardCont
 }
 
 /**
- * If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted.
+ * If keyIndex is 0xFF all keys within a keySetVersion are deleted.
  * If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.
  * \param cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
  * \param cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().

diff --git a/gpshell/src/gpshell.1.md b/gpshell/src/gpshell.1.md
@@ -59,7 +59,7 @@ __card_connect__ -readerNumber *x*
 
 :    Connect to card in the *x* th reader in the system
 
-__open_sc__ -keyind *x* -keyver *x* -key *key* -mac_key *mac-key* -enc_key *enc-key* -kek_key *kek-key* -security *securityLevel* -scp *protocol* -scpimpl *impl* -keyDerivation *derivation* -keyLength *keyLength*
+__open_sc__ -keyind *x* -keyver *x* -key *key* -mac_key *mac-key* -enc_key *enc-key* -kek_key *kek-key* -security *securityLevel* -scp *protocol* -scpimpl *impl* -keyDerivation *derivation* 
 
 :    Open a secure channel
 
@@ -72,8 +72,6 @@ If the card supports a Secure Channel Protocol Implementation with only one base
 If the card uses a key derivation mechanism you must enable the derivation mode with the -keyDerivation option and you must specify with -key the master (mother) key. -kek_key, -mac_key and -enc_key are not relevant is this case. See the section Options and Key Derivation.
 __NOTE:__ If the secure channel is going to be opened when no security domain is selected then the command  get_secure_channel_protocol_details must be executed before to be able to get the Secure Channel Protocol Implementation.
 
--keyLength is only needed for SCP03 and only if a AES-256 or AES-192 bit key is used.
-
 __select__ -AID *AID*
 
 :    Select AID instance
@@ -130,21 +128,17 @@ __release_context__
 
 :    Release context
 
-__put_sc_key__ -keyver *keyver* -newkeyver *newkeyver* -keyLength *keyLength* -mac_key *new_MAC_key* -enc_key *new_ENC_key* -kek_key *new_KEK_key*
+__put_sc_key__ -keyver *keyver* -newkeyver *newkeyver* -mac_key *new_MAC_key* -enc_key *new_ENC_key* -kek_key *new_KEK_key*
 
 :    Add or replace a key set version
 
 If a new key set version is to be added *keyver* must be set to 0.
 If *keyver* equals *newkeyver* an existing key version is replaced.
 
--keyLength is only needed for SCP03 and only if a AES-256 or AES-192 bit key is used.
-
-__put_sc_key__ -keyver *keyver* -newkeyver *newkeyver* -keyLength *keyLength* -key *key* -keyDerivation "derivation"
+__put_sc_key__ -keyver *keyver* -newkeyver *newkeyver* -key *key* -keyDerivation "derivation"
 
 :    Replace key set version *keyver* using key derivation *derivation* using the master (mother) key *y*
 
--keyLength is only needed for SCP03 and only if a AES-256 or AES-192 bit key is used.
-
 __put_dm_keys__ -keyver *keyver* -newkeyver *newkeyver* -file *public_rsa_key_file* -pass *password* -key *new_receipt_generation_key*
 
 :     Add a RSA delegated management key in version *newkeyver*
@@ -193,7 +187,7 @@ __delete_key__ -keyver *keyver* -keyind *keyind*
 
 :     Deletes a key set version with a DELETE command. 
 If only the keyver is passed the complete key set version is deleted.
-By default keyind is 0xFF. If keyver is 0 all key set with keyind are deleted.
+By default keyind is 0xFF to delete the complete key set version. If keyver is 0 all key set with the passed keyind are deleted.
 
 # OPTIONS
 
@@ -228,10 +222,6 @@ __-security__ *x*
 
 :    0: clear, 1: MAC, 3: MAC+ENC, 51: MAC+ENC+R-MAC+E-ENC (SCP03 only), 19: MAC+ENC-R-MAC (SCP02+SCP03 only), 17: MAC+R-MAC (SCP02+SCP03 only)
 
-__-keyLength__ *x*
-
-:    The key length of the key, enc_key, mac_key and kex_key in case SCP03 is used. The default are 16 bytes (AES-128), but SCP03 can also use 24 (AES-192) and 32 bytes (AES-256)
-
 __-reader__ *readerName*
 
 :    Smart card reader name

diff --git a/gpshell/src/gpshell.c b/gpshell/src/gpshell.c
@@ -517,7 +517,8 @@ static int handleOptions(OptionStr *pOptionStr)
     int rv = EXIT_SUCCESS;
     TCHAR *token;
 
-    pOptionStr->keyIndex = 0xFF;
+    //handle default for delete_key
+    pOptionStr->keyIndex = pOptionStr->keyIndex != 0xFF ? 0 : 0xFF;
     pOptionStr->keySetVersion = 0;
     pOptionStr->newKeySetVersion = 0;
     pOptionStr->securityLevel = 0;
@@ -574,11 +575,6 @@ static int handleOptions(OptionStr *pOptionStr)
 			CHECK_TOKEN(token, _T("-keyTemplate"));
 			pOptionStr->keyTemplate = _tstoi(token);
 		}
-        else if (_tcscmp(token, _T("-keyLength")) == 0)
-		{
-			CHECK_TOKEN(token, _T("-keyLength"));
-			pOptionStr->keyLength = _tstoi(token);
-		}
         else if (_tcscmp(token, _T("-keyind")) == 0)
         {
         	CHECK_TOKEN(token, _T("-keyind"));
@@ -654,22 +650,22 @@ static int handleOptions(OptionStr *pOptionStr)
         else if (_tcscmp(token, _T("-key")) == 0)
         {
         	CHECK_TOKEN(token, _T("-key"));
-        	ConvertStringToByteArray(token, KEY_LEN, pOptionStr->key);
+        	pOptionStr->keyLength = ConvertStringToByteArray(token, KEY_LEN, pOptionStr->key);
         }
         else if (_tcscmp(token, _T("-mac_key")) == 0)
         {
         	CHECK_TOKEN(token, _T("-mac_key"));
-            ConvertStringToByteArray(token, KEY_LEN, pOptionStr->mac_key);
+        	pOptionStr->keyLength = ConvertStringToByteArray(token, KEY_LEN, pOptionStr->mac_key);
         }
         else if (_tcscmp(token, _T("-enc_key")) == 0)
         {
         	CHECK_TOKEN(token, _T("-enc_key"));
-            ConvertStringToByteArray(token, KEY_LEN, pOptionStr->enc_key);
+        	pOptionStr->keyLength = ConvertStringToByteArray(token, KEY_LEN, pOptionStr->enc_key);
         }
         else if (_tcscmp(token, _T("-kek_key")) == 0)
         {
         	CHECK_TOKEN(token, _T("-kek_key"));
-            ConvertStringToByteArray(token, KEY_LEN, pOptionStr->kek_key);
+        	pOptionStr->keyLength = ConvertStringToByteArray(token, KEY_LEN, pOptionStr->kek_key);
         }
         else if (_tcscmp(token, _T("-AID")) == 0)
         {
@@ -1308,7 +1304,8 @@ static int handleCommands(FILE *fd)
             /* Augusto: added delete_key command support */
             else if (_tcscmp(token, _T("delete_key")) == 0)
             {
-
+            	// 0xFF means that all key index for a key set version are deleted
+            	optionStr.keyIndex = 0xFF;
                 rv = handleOptions(&optionStr);
                 if (rv != EXIT_SUCCESS)
                 {