mirror of
https://github.com/polhenarejos/pico-hsm.git
synced 2026-01-23 03:58:06 +00:00
dba614ed36
and add the Enterprise / Commercial licensing option.
Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
* Community Edition: AGPLv3 (strong copyleft, including network use).
* Enterprise / Commercial Edition: proprietary license for production /
multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
ENTERPRISE.md and clarifying how companies can obtain a commercial license.
Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
alternative proprietary license that allows internal, large-scale, or OEM
use (bulk provisioning, policy enforcement, inventory / revocation,
custom attestation, signed builds) without AGPL disclosure obligations.
This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
134 lines
4.4 KiB
C
134 lines
4.4 KiB
C
/*
|
|
* This file is part of the Pico HSM distribution (https://github.com/polhenarejos/pico-hsm).
|
|
* Copyright (c) 2022 Pol Henarejos.
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, version 3.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "sc_hsm.h"
|
|
#include "version.h"
|
|
|
|
void select_file(file_t *pe) {
|
|
if (!pe) {
|
|
currentDF = (file_t *) MF;
|
|
currentEF = NULL;
|
|
}
|
|
else if (pe->type & (FILE_TYPE_INTERNAL_EF|FILE_TYPE_WORKING_EF)) {
|
|
currentEF = pe;
|
|
currentDF = &file_entries[pe->parent];
|
|
}
|
|
else {
|
|
currentDF = pe;
|
|
}
|
|
if (currentEF == file_openpgp || currentEF == file_sc_hsm) {
|
|
selected_applet = currentEF;
|
|
//sc_hsm_unload(); //reset auth status
|
|
}
|
|
}
|
|
|
|
int cmd_select() {
|
|
uint8_t p1 = P1(apdu);
|
|
uint8_t p2 = P2(apdu);
|
|
file_t *pe = NULL;
|
|
uint16_t fid = 0x0;
|
|
|
|
// Only "first or only occurence" supported
|
|
//if ((p2 & 0xF3) != 0x00) {
|
|
// return SW_INCORRECT_P1P2();
|
|
//}
|
|
|
|
if (apdu.nc == 2) {
|
|
fid = get_uint16_t_be(apdu.data);
|
|
}
|
|
|
|
//if ((fid & 0xff00) == (KEY_PREFIX << 8))
|
|
// fid = (PRKD_PREFIX << 8) | (fid & 0xff);
|
|
|
|
/*uint8_t pfx = fid >> 8;*/
|
|
/*if (pfx == PRKD_PREFIX ||
|
|
pfx == CD_PREFIX ||
|
|
pfx == CA_CERTIFICATE_PREFIX ||
|
|
pfx == KEY_PREFIX ||
|
|
pfx == EE_CERTIFICATE_PREFIX ||
|
|
pfx == DCOD_PREFIX ||
|
|
pfx == DATA_PREFIX ||
|
|
pfx == PROT_DATA_PREFIX) {*/
|
|
if (fid != 0x0 && !(pe = search_file(fid))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
/*}*/
|
|
if (!pe) {
|
|
if (p1 == 0x0) { //Select MF, DF or EF - File identifier or absent
|
|
if (apdu.nc == 0) {
|
|
pe = (file_t *) MF;
|
|
//ac_fini();
|
|
}
|
|
else if (apdu.nc == 2) {
|
|
if (!(pe = search_by_fid(fid, NULL, SPECIFY_ANY))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
}
|
|
else if (p1 == 0x01) { //Select child DF - DF identifier
|
|
if (!(pe = search_by_fid(fid, currentDF, SPECIFY_DF))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
else if (p1 == 0x02) { //Select EF under the current DF - EF identifier
|
|
if (!(pe = search_by_fid(fid, currentDF, SPECIFY_EF))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
else if (p1 == 0x03) { //Select parent DF of the current DF - Absent
|
|
if (apdu.nc != 0) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
else if (p1 == 0x04) { //Select by DF name - e.g., [truncated] application identifier
|
|
if (!(pe = search_by_name(apdu.data, (uint16_t)apdu.nc))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
if (card_terminated) {
|
|
return set_res_sw(0x62, 0x85);
|
|
}
|
|
}
|
|
else if (p1 == 0x08) { //Select from the MF - Path without the MF identifier
|
|
if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, MF))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
else if (p1 == 0x09) { //Select from the current DF - Path without the current DF identifier
|
|
if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, currentDF))) {
|
|
return SW_FILE_NOT_FOUND();
|
|
}
|
|
}
|
|
}
|
|
if ((p2 & 0xfc) == 0x00 || (p2 & 0xfc) == 0x04) {
|
|
process_fci(pe, 0);
|
|
if (pe == file_sc_hsm) {
|
|
res_APDU[res_APDU_size++] = 0x85;
|
|
res_APDU[res_APDU_size++] = 5;
|
|
uint16_t opts = get_device_options();
|
|
res_APDU_size += put_uint16_t_be(opts, res_APDU + res_APDU_size);
|
|
res_APDU[res_APDU_size++] = 0xFF;
|
|
res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR;
|
|
res_APDU[res_APDU_size++] = HSM_VERSION_MINOR;
|
|
res_APDU[1] = (uint8_t)res_APDU_size - 2;
|
|
}
|
|
}
|
|
else {
|
|
return SW_INCORRECT_P1P2();
|
|
}
|
|
select_file(pe);
|
|
return SW_OK();
|
|
}
|