From 17332ea10ee0ae6fcfd9e05eee9d91adfe35faa5 Mon Sep 17 00:00:00 2001 From: jey Date: Thu, 24 Jan 2002 18:37:12 +0000 Subject: [PATCH] - last minute changes before the new release git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@194 c6295689-39f2-0310-b995-f0e70906c6a9 --- Makefile.am | 2 +- NEWS | 10 ++++++++++ README.Cryptoflex | 4 +++- src/libopensc/pkcs15-prkey.c | 28 +++++++++++++++++++++++++--- src/libopensc/pkcs15.c | 5 ++++- src/tests/sc-test.c | 3 ++- src/tools/cryptoflex-tool.c | 20 +++++++++++++++----- 7 files changed, 60 insertions(+), 12 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1e476293..fdf454ed 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = . aclocal src -EXTRA_DIST = bootstrap +EXTRA_DIST = bootstrap README.Cryptoflex # require automake 1.5 AUTOMAKE_OPTIONS = 1.5 diff --git a/NEWS b/NEWS index eaf18ad7..600af019 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,15 @@ NEWS for OpenSC -- History of user visible changes +New in 0.5.0; 2002-01-24; Juha Yrjölä: +* PKCS #15 generation support +* PKCS #11 module almost completely rewritten +* Implemented opensc-explorer; a tool for browsing and modifying + the card file system +* Almost complete support for Cryptoflex 16k; implemented cryptoflex-tool +* Started writing some API documentation using Doxygen +* Much improved object handling code in PKCS #15 framework +* Lots of bugs fixed, lots of new ones introduced + New in 0.4.0; 2001-12-29; Juha Yrjölä: * Finished migrating to Autotools * Rewritten ASN.1 decoder (should work better on all PKCS #15 cards) diff --git a/README.Cryptoflex b/README.Cryptoflex index cf5aa636..442a68bb 100644 --- a/README.Cryptoflex +++ b/README.Cryptoflex @@ -14,7 +14,9 @@ WARNING: You should be using a very safe terminal when issuing the 0. If you don't have a Cryptoflex 16k, you will have to add the ATR of your card manually to the flex_atrs structure at the top of card-flex.c. - The ATR can be found with 'opensc-tool -a' command. + The ATR can be found with 'opensc-tool -a' command. You should mail + the ATR string to , so it can be added in the + official distribution. 1. Verify the AAK key and CHV2: diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c index 6ab3cc9b..4e0918e2 100644 --- a/src/libopensc/pkcs15-prkey.c +++ b/src/libopensc/pkcs15-prkey.c @@ -30,10 +30,32 @@ void sc_pkcs15_print_prkey_info(const struct sc_pkcs15_prkey_info *prkey) { int i; + const char *usages[] = { + "encrypt", "decrypt", "sign", "signRecover", + "wrap", "unwrap", "verify", "verifyRecover", + "derive", "nonRepudiation" + }; + const int usage_count = sizeof(usages)/sizeof(usages[0]); + const char *access_flags[] = { + "sensitive", "extract", "alwaysSensitive", + "neverExtract", "local" + }; + const int af_count = sizeof(access_flags)/sizeof(access_flags[0]); + printf("Private RSA Key [%s]\n", prkey->com_attr.label); - printf("\tFlags : %X\n", prkey->com_attr.flags); - printf("\tUsage : %X\n", prkey->usage); - printf("\tAccessFlags : %X\n", prkey->access_flags); + printf("\tCom. Flags : %X\n", prkey->com_attr.flags); + printf("\tUsage : [0x%X]", prkey->usage); + for (i = 0; i < usage_count; i++) + if (prkey->usage & (1 << i)) { + printf(", %s", usages[i]); + } + printf("\n"); + printf("\tAccess Flags: [0x%X]", prkey->access_flags); + for (i = 0; i < af_count; i++) + if (prkey->access_flags & (1 << i)) { + printf(", %s", access_flags[i]); + } + printf("\n"); printf("\tModLength : %d\n", prkey->modulus_length); printf("\tKey ref : %d\n", prkey->key_reference); printf("\tNative : %s\n", prkey->native ? "yes" : "no"); diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c index 31a87223..bf5731d0 100644 --- a/src/libopensc/pkcs15.c +++ b/src/libopensc/pkcs15.c @@ -461,6 +461,7 @@ struct sc_pkcs15_card * sc_pkcs15_card_new() memset(p15card, 0, sizeof(struct sc_pkcs15_card)); for (i = 0; i < SC_PKCS15_DF_TYPE_COUNT; i++) p15card->df[i].type = i; + p15card->magic = SC_PKCS15_CARD_MAGIC; return p15card; } @@ -468,6 +469,7 @@ void sc_pkcs15_card_free(struct sc_pkcs15_card *p15card) { int i, j; + assert(p15card != NULL && p15card->magic == SC_PKCS15_CARD_MAGIC); for (j = 0; j < SC_PKCS15_DF_TYPE_COUNT; j++) for (i = 0; i < p15card->df[j].count; i++) { struct sc_pkcs15_object *p; @@ -482,6 +484,7 @@ void sc_pkcs15_card_free(struct sc_pkcs15_card *p15card) p = p2; } } + p15card->magic = 0; free(p15card->label); free(p15card->serial_number); free(p15card->manufacturer_id); @@ -600,7 +603,7 @@ int sc_pkcs15_detect(struct sc_card *card) int sc_pkcs15_unbind(struct sc_pkcs15_card *p15card) { - assert(p15card != NULL); + assert(p15card != NULL && p15card->magic == SC_PKCS15_CARD_MAGIC); SC_FUNC_CALLED(p15card->card->ctx, 1); sc_pkcs15_card_free(p15card); return 0; diff --git a/src/tests/sc-test.c b/src/tests/sc-test.c index 4478671c..bb2184ad 100644 --- a/src/tests/sc-test.c +++ b/src/tests/sc-test.c @@ -22,7 +22,8 @@ int sc_test_init(int *argc, char *argv[]) printf("sc_establish_context() failed (%d)\n", i); return i; } - ctx->use_std_output = 1; + ctx->error_file = stderr; + ctx->debug_file = stdout; i = sc_detect_card(ctx, 0); printf("Card %s.\n", i == 1 ? "present" : "absent"); if (i < 0) { diff --git a/src/tools/cryptoflex-tool.c b/src/tools/cryptoflex-tool.c index ce0e47c2..fef9dc37 100644 --- a/src/tools/cryptoflex-tool.c +++ b/src/tools/cryptoflex-tool.c @@ -1116,42 +1116,51 @@ int create_pkcs15() memset(&cert, 0, sizeof(cert)); strcpy(cert.com_attr.label, "Authentication certificate"); - sc_pkcs15_format_id("41", &cert.id); + sc_pkcs15_format_id("45", &cert.id); sc_format_path("3F0050154301", &cert.path); add_object(p15card, &p15card->df[SC_PKCS15_CDF], file_no, SC_PKCS15_TYPE_CERT_X509, &cert, sizeof(cert)), strcpy(cert.com_attr.label, "Non-repudiation certificate"); - sc_pkcs15_format_id("42", &cert.id); + sc_pkcs15_format_id("46", &cert.id); sc_format_path("3F0050154302", &cert.path); add_object(p15card, &p15card->df[SC_PKCS15_CDF], file_no, SC_PKCS15_TYPE_CERT_X509, &cert, sizeof(cert)), memset(&prkey, 0, sizeof(prkey)); - prkey.modulus_length = 1024; + prkey.modulus_length = opt_mod_length; + prkey.com_attr.flags = 1; + prkey.native = 1; strcpy(prkey.com_attr.label, "Authentication key"); - sc_pkcs15_format_id("41", &prkey.id); + sc_pkcs15_format_id("45", &prkey.id); sc_pkcs15_format_id("01", &prkey.com_attr.auth_id); sc_format_path("0012", &prkey.path); prkey.key_reference = 0; + prkey.usage = SC_PKCS15_PRKEY_USAGE_SIGN; + prkey.access_flags = 0x1D; add_object(p15card, &p15card->df[SC_PKCS15_PRKDF], file_no, SC_PKCS15_TYPE_PRKEY_RSA, &prkey, sizeof(prkey)), strcpy(prkey.com_attr.label, "Non-repudiation key"); - sc_pkcs15_format_id("42", &prkey.id); + sc_pkcs15_format_id("46", &prkey.id); sc_pkcs15_format_id("02", &prkey.com_attr.auth_id); sc_format_path("3F004B020012", &prkey.path); prkey.key_reference = 0; + prkey.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; + prkey.access_flags = 0x1D; add_object(p15card, &p15card->df[SC_PKCS15_PRKDF], file_no, SC_PKCS15_TYPE_PRKEY_RSA, &prkey, sizeof(prkey)), memset(&pin, 0, sizeof(pin)); + pin.com_attr.flags = 0x03; pin.magic = SC_PKCS15_PIN_MAGIC; + strcpy(pin.com_attr.label, "Authentication PIN"); sc_pkcs15_format_id("01", &pin.auth_id); sc_format_path("3F005015", &pin.path); pin.reference = 1; + pin.flags = 0x32; pin.min_length = 4; pin.stored_length = 8; pin.pad_char = 0x00; @@ -1163,6 +1172,7 @@ int create_pkcs15() sc_pkcs15_format_id("02", &pin.auth_id); sc_format_path("3F004B02", &pin.path); pin.reference = 1; + pin.flags = 0x32; pin.min_length = 4; pin.stored_length = 8; pin.pad_char = 0x00;