This file is indexed.

/usr/include/smartcardpp/esteid/EstEidCard.h is in libsmartcardpp-dev 0.3.0-0ubuntu7.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
/*
* SMARTCARDPP
* 
* This software is released under either the GNU Library General Public
* License (see LICENSE.LGPL) or the BSD License (see LICENSE.BSD).
* 
* Note that the only valid version of the LGPL license as far as this
* project is concerned is the original GNU Library General Public License
* Version 2.1, February 1999
*
*/


#pragma once
#include "../CardBase.h"
#include "../PinString.h"

/// Estonian ID card class. Supplies most of the card functions
class EstEidCard:
	public CardBase
{
	friend class EstEidCardMaintainer;

protected:
	virtual FCI parseFCI(ByteVec fci);
	virtual void reIdentify();

	enum {
		FILEID_MASTER = 0x3F00,
		FILEID_APP	  =	0xEEEE,
		FILEID_RETRYCT =	0x0016,
		FILEID_KEYPOINTER  = 0x0033
	};

public:

	enum PinType {
		PUK = 0,
		PIN_AUTH = 1,
		PIN_SIGN = 2
	};

	enum CardVersion {
		VER_INVALID = -1,
		VER_1_0 = 0,
		VER_1_0_2007,
		VER_1_1,
		VER_3_0
	};

	enum KeyType {
		AUTH = 0,
		SIGN = 1
	};

	enum AlgType {
		MD5,
		SHA1,
		SSL
	};

	enum RecordNames {
		SURNAME = 1,
		FIRSTNAME,
		MIDDLENAME,
		SEX,
		CITIZEN,
		BIRTHDATE,
		ID,
		DOCUMENTID,
		EXPIRY,
		BIRTHPLACE,
		ISSUEDATE,
		RESIDENCEPERMIT,
		COMMENT1,
		COMMENT2,
		COMMENT3,
		COMMENT4
	};

private:
	void prepareSign_internal(KeyType keyId,PinString pin);
	ByteVec calcSign_internal(AlgType type,KeyType keyId, ByteVec hash,bool withOID = true);
	ByteVec RSADecrypt_internal(ByteVec cipher);
	void readPersonalData_internal(vector<std::string>& data, int firstRecord,int lastRecord );
	bool validatePin_internal(PinType pinType,PinString pin, byte &retriesLeft, bool forceUnsecure = false);
	bool changePin_internal(PinType pinType,PinString newPin,PinString oldPin,bool useUnblockCommand=false);
	void checkProtocol();
	bool getRetryCounts_internal(byte &puk,byte &pinAuth,byte &pinSign);
	ByteVec readEFAndTruncate(unsigned int fileLen);
	void setVersion();

	CardVersion _card_version;

public:
	EstEidCard(ManagerInterface &ref) :
		CardBase(ref), _card_version(VER_INVALID) {}
	EstEidCard(ManagerInterface &ref, unsigned int idx) :
		CardBase(ref, idx), _card_version(VER_INVALID) {}
	EstEidCard(ManagerInterface &ref, ConnectionBase *conn) :
		CardBase(ref, conn), _card_version(VER_INVALID) {}

	~EstEidCard() {}

	bool isInReader(unsigned int idx);
	bool isSecureConnection();
	void reconnectWithT0();

	/// performs PIN code verification
	void enterPin(PinType pinType, PinString pin, bool forceUnsecure = false);
	/// Returns the card version
	CardVersion getCardVersion() { return _card_version; }
	/// Returns the key size in bits
	virtual unsigned int getKeySize();
	/// Reads the card holder identification code from personal data file
	std::string readCardID();
	/// Reads the card holder card number from personal data file
	std::string readDocumentID();
	/// Reads the card holder name from personal data file, bool flag flips display order
	std::string readCardName(bool firstNameFirst = false);
	/// Reads entire or parts of personal data file from firstRecord to LastRecord
	bool readPersonalData(std::vector<std::string>& data, int firstRecord=SURNAME, int lastRecord=EXPIRY);
	/// gets accumulated key usage counters from the card
	bool getKeyUsageCounters(dword &authKey,dword &signKey);
	/// gets PIN entry retry counts for all three PINs
	bool getRetryCounts(byte &puk,byte &pinAuth,byte &pinSign);
	/// retrieve Authentication certificate
	ByteVec getAuthCert();
	/// retrieve Signature certificate
	ByteVec getSignCert();
	/// calculate SSL signature for SHA1+MD5 hash. PIN needs to be entered before
	ByteVec calcSSL(ByteVec hash);
	/// calculate SSL signature with PIN supplied, supply empty pin if cardmanager supports pin entry
	ByteVec calcSSL(ByteVec hash, PinString pin);
	/// calculate signature over SHA1 hash, keyid =0 selects auhtentication key, other values signature key. withOID=false calculates without SHA1 signatures, used for VPN
	ByteVec calcSignSHA1(ByteVec hash, KeyType keyId, bool withOID = true);
	/// calculate SHA1 signature with pin
	ByteVec calcSignSHA1(ByteVec hash, KeyType keyId, PinString pin, bool withOID = true);
	/// calculate signature over MD5 hash, keyid =0 selects auhtentication key
	ByteVec calcSignMD5(ByteVec hash, KeyType keyId, bool withOID = true);
	/// calculate signature over MD5 hash, with pin
	ByteVec calcSignMD5(ByteVec hash, KeyType keyId, PinString pin, bool withOID = true);
	/// decrypt RSA bytes, from 1024 bit/128 byte input vector, using authentication key
	ByteVec RSADecrypt(ByteVec cipher);
	/// decrypt RSA with authentication key, with pin supplied
	ByteVec RSADecrypt(ByteVec cipher, PinString pin);

	/// enter and validate authentication PIN. AuthError will be thrown if invalid
	bool validateAuthPin(PinString pin, byte &retriesLeft);
	/// enter and validate signature PIN
	bool validateSignPin(PinString pin, byte &retriesLeft);
	/// enter and validate PUK code
	bool validatePuk(PinString puk, byte &retriesLeft);

	/// change authentication PIN. For secure pin entry, specify pin lengths in "04" format, i.e. two-byte decimal string
	bool changeAuthPin(PinString newPin, PinString oldPin, byte &retriesLeft);
	/// change signature PIN
	bool changeSignPin(PinString newPin, PinString oldPin, byte &retriesLeft);
	/// change PUK
	bool changePUK(PinString newPUK, PinString oldPUK, byte &retriesLeft);
	/// unblock signature PIN using PUK. if correct PUK is supplied, the PIN will be first blocked and then unblocked
	bool unblockAuthPin(PinString newPin, PinString PUK, byte &retriesLeft);
	/// unblock signature PIN
	bool unblockSignPin(PinString newPin, PinString PUK, byte &retriesLeft);
	
	/// set security environment for the card. This does not need to be called directly, normally
	void setSecEnv(byte env);
	/// reset authentication, so next crypto operations will require new pin entry
	void resetAuth();
	/// get random challenge number
	ByteVec cardChallenge();
	/// execute a command (transmit an APDU)
	ByteVec runCommand(ByteVec vec);

	std::string getMD5KeyContainerName(int type);
};