From 56fb57603b58117e2acc94b51328941e1eb635e5 Mon Sep 17 00:00:00 2001 From: martin Date: Thu, 22 Oct 2009 09:18:16 +0000 Subject: [PATCH] Merge [3758:3783/trunk] git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3785 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/libopensc/Makefile.mak | 3 +- src/libopensc/card-entersafe.c | 2 +- src/libopensc/card-myeid.c | 5 +- src/libopensc/card-piv.c | 12 +-- src/libopensc/card-rutoken.c | 8 -- src/libopensc/card-tcos.c | 5 +- src/libopensc/card-westcos.c | 154 ++++++-------------------- src/libopensc/cardctl.h | 2 +- src/libopensc/muscle.c | 5 +- src/libopensc/muscle.h | 2 +- src/libopensc/opensc.h | 9 -- src/libopensc/pkcs15-esinit.c | 4 +- src/libopensc/reader-pcsc.c | 4 + src/pkcs11/framework-pkcs15.c | 184 +++++++++++++++++++------------- src/pkcs11/pkcs11-global.c | 5 +- src/pkcs11/pkcs11-opensc.h | 4 - src/pkcs15init/keycache.c | 4 - src/pkcs15init/pkcs15-cardos.c | 4 +- src/pkcs15init/pkcs15-myeid.c | 5 +- src/pkcs15init/pkcs15-westcos.c | 118 ++++++-------------- src/pkcs15init/rutoken.profile | 5 +- src/tools/opensc-explorer.c | 2 +- src/tools/pkcs11-tool.c | 1 - src/tools/util.c | 2 +- src/tools/westcos-tool.c | 36 +++++-- 25 files changed, 227 insertions(+), 358 deletions(-) diff --git a/src/libopensc/Makefile.mak b/src/libopensc/Makefile.mak index 43f65b1f..c7b06c6d 100644 --- a/src/libopensc/Makefile.mak +++ b/src/libopensc/Makefile.mak @@ -22,14 +22,13 @@ OBJECTS = \ \ ctbcs.obj reader-ctapi.obj reader-pcsc.obj reader-openct.obj \ \ - card-westcos.obj crc_AetB.obj \ card-setcos.obj card-miocos.obj card-flex.obj card-gpk.obj \ card-cardos.obj card-tcos.obj card-emv.obj card-default.obj \ card-mcrd.obj card-starcos.obj card-openpgp.obj card-jcop.obj \ card-oberthur.obj card-belpic.obj card-atrust-acos.obj card-entersafe.obj \ card-incrypto34.obj card-piv.obj card-muscle.obj card-acos5.obj \ card-asepcos.obj card-akis.obj card-gemsafeV1.obj card-rutoken.obj \ - card-rtecp.obj card-myeid.obj card-ias.obj \ + card-rtecp.obj card-westcos.obj card-myeid.obj card-ias.obj \ \ p15emu-westcos.obj \ pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \ diff --git a/src/libopensc/card-entersafe.c b/src/libopensc/card-entersafe.c index 92a1d792..7d7e67f0 100644 --- a/src/libopensc/card-entersafe.c +++ b/src/libopensc/card-entersafe.c @@ -538,7 +538,7 @@ static int entersafe_select_path(sc_card_t *card, const u8 *path=pathbuf; size_t pathlen=len; int bMatch = -1; - int i; + unsigned int i; int r; if (pathlen%2 != 0 || pathlen > 6 || pathlen <= 0) diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c index 162a7327..c622d479 100644 --- a/src/libopensc/card-myeid.c +++ b/src/libopensc/card-myeid.c @@ -40,7 +40,8 @@ static struct sc_card_operations myeid_ops; static struct sc_card_driver myeid_drv = { "MyEID cards with PKCS#15 applet", "myeid", - &myeid_ops + &myeid_ops, + NULL, 0, NULL }; static const char *myeid_atrs[] = { @@ -202,7 +203,7 @@ static int myeid_read_binary(struct sc_card *card, unsigned int idx, static int myeid_list_files(struct sc_card *card, u8 *buf, size_t buflen) { struct sc_apdu apdu; - int r,i; + int r; sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xCA, 0x01, 0xA1); apdu.resp = buf; diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c index 94565aef..790e2887 100644 --- a/src/libopensc/card-piv.c +++ b/src/libopensc/card-piv.c @@ -887,8 +887,6 @@ static int piv_cache_internal_data(sc_card_t *card, int enumtag) priv->obj_cache[enumtag].internal_obj_data, priv->obj_cache[enumtag].internal_obj_len); - -ok: SC_FUNC_RETURN(card->ctx, 1, 0); } @@ -906,8 +904,6 @@ static int piv_read_binary(sc_card_t *card, unsigned int idx, int r; u8 *rbuf = NULL; size_t rbuflen = 0; - u8 *tag; - size_t taglen; u8 *body; size_t bodylen; @@ -950,11 +946,6 @@ static int piv_read_binary(sc_card_t *card, unsigned int idx, if (r < 0) goto err; } - if (tag == NULL) { - r = SC_ERROR_OBJECT_NOT_VALID; - goto err; - } - } priv->rb_state = 0; @@ -1101,7 +1092,7 @@ static int piv_get_3des_key(sc_card_t *card, u8 *key) int r; int f = -1; - char keybuf[24*3-1]; /* 3des key as three sets of xx:xx:xx:xx:xx:xx:xx:xx + char keybuf[24*3]; /* 3des key as three sets of xx:xx:xx:xx:xx:xx:xx:xx * with a : between which is 71 bytes */ char * keyfilename = NULL; size_t outlen; @@ -1128,6 +1119,7 @@ static int piv_get_3des_key(sc_card_t *card, u8 *key) } keybuf[23] = '\0'; keybuf[47] = '\0'; + keybuf[71] = '\0'; outlen = 8; r = sc_hex_to_bin(keybuf, key, &outlen); if (r) goto err; diff --git a/src/libopensc/card-rutoken.c b/src/libopensc/card-rutoken.c index 5d1fcc8c..af1e8025 100644 --- a/src/libopensc/card-rutoken.c +++ b/src/libopensc/card-rutoken.c @@ -138,7 +138,6 @@ static int rutoken_match_card(sc_card_t *card) static int token_init(sc_card_t *card, const char *card_name) { unsigned int flags; - sc_algorithm_info_t info; SC_FUNC_CALLED(card->ctx, 3); @@ -155,13 +154,6 @@ static int token_init(sc_card_t *card, const char *card_name) _sc_card_add_rsa_alg(card, 1024, flags, 0); _sc_card_add_rsa_alg(card, 2048, flags, 0); - memset(&info, 0, sizeof(info)); - info.algorithm = SC_ALGORITHM_GOST; - info.flags = SC_ALGORITHM_GOST_CRYPT_PZ | SC_ALGORITHM_GOST_CRYPT_GAMM - | SC_ALGORITHM_GOST_CRYPT_GAMMOS; - info.key_length = 32; - _sc_card_add_algorithm(card, &info); - SC_FUNC_RETURN(card->ctx, 3, SC_SUCCESS); } diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c index fc0e50fb..dca3c5f1 100644 --- a/src/libopensc/card-tcos.c +++ b/src/libopensc/card-tcos.c @@ -337,7 +337,8 @@ static int tcos_select_file(sc_card_t *card, sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; - int i, r, pathlen; + unsigned int i; + int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; @@ -653,7 +654,7 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len, if (apdu.sw1==0x90 && apdu.sw2==0x00) { size_t len= (apdu.resplen>outlen) ? outlen : apdu.resplen; - int offset=0; + unsigned int offset=0; if(tcos3 && (data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) && apdu.resp[0]==0 && apdu.resp[1]==2){ offset=2; while(offset(b))?(a):(b)) -#endif - #define DEFAULT_TRANSPORT_KEY "6f:59:b0:ed:6e:62:46:4a:5d:25:37:68:23:a8:a2:2d" #define JAVACARD (0x01) @@ -50,7 +46,7 @@ #ifdef ENABLE_OPENSSL #define DEBUG_SSL #ifdef DEBUG_SSL -static void print_openssl_erreur(void) +static void print_openssl_error(void) { static int charge = 0; long r; @@ -276,100 +272,11 @@ static int westcos_init(sc_card_t * card) static int westcos_select_file(sc_card_t * card, const sc_path_t * in_path, sc_file_t ** file_out) { - sc_context_t *ctx; - sc_apdu_t apdu; - u8 buf[SC_MAX_APDU_BUFFER_SIZE]; - u8 pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; - int r, pathlen; - sc_file_t *file = NULL; - priv_data_t *priv_data = NULL; - if (card->ctx->debug >= 1) - sc_debug(card->ctx, "westcos_select_file\n"); - if (card == NULL) - return SC_ERROR_INVALID_ARGUMENTS; - priv_data = (priv_data_t *) card->drv_data; - priv_data->file_id = 0; - ctx = card->ctx; - memcpy(path, in_path->value, in_path->len); - pathlen = (int)in_path->len; - sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0); - switch (in_path->type) { - case SC_PATH_TYPE_FILE_ID: - apdu.p1 = 0; - if (pathlen != 2) - return SC_ERROR_INVALID_ARGUMENTS; - break; - case SC_PATH_TYPE_DF_NAME: - apdu.p1 = 4; - break; - case SC_PATH_TYPE_PATH: - apdu.p1 = 9; - if (pathlen == 2 && memcmp(path, "\x3F\x00", 2) == 0) { - apdu.p1 = 0; - } + priv_data_t *priv_data = (priv_data_t *) card->drv_data; - else if (pathlen > 2 && memcmp(path, "\x3F\x00", 2) == 0) { - apdu.p1 = 8; - pathlen -= 2; - memcpy(path, &in_path->value[2], pathlen); - } - break; - case SC_PATH_TYPE_FROM_CURRENT: - apdu.p1 = 9; - break; - case SC_PATH_TYPE_PARENT: - apdu.p1 = 3; - pathlen = 0; - apdu.cse = SC_APDU_CASE_3_SHORT; - break; - default: - return SC_ERROR_INVALID_ARGUMENTS; - } - apdu.p2 = 0; /* first record, return FCI */ - apdu.lc = pathlen; - apdu.data = path; - apdu.datalen = pathlen; - if (file_out != NULL) { - apdu.resp = buf; - apdu.resplen = sizeof(buf); - apdu.le = 255; - } else { - apdu.resplen = 0; - apdu.le = 0; - apdu.cse = SC_APDU_CASE_3_SHORT; - } - r = sc_transmit_apdu(card, &apdu); - if (r) - return (r); - if (file_out == NULL) { - if (apdu.sw1 == 0x61) - return 0; - return sc_check_sw(card, apdu.sw1, apdu.sw2); - } - r = sc_check_sw(card, apdu.sw1, apdu.sw2); - if (r) - return (r); - switch (apdu.resp[0]) { - case 0x6F: - file = sc_file_new(); - if (file == NULL) - return SC_ERROR_OUT_OF_MEMORY; - file->path = *in_path; - if (card->ops->process_fci == NULL) { - sc_file_free(file); - return SC_ERROR_NOT_SUPPORTED; - } - if (apdu.resp[1] <= apdu.resplen) - card->ops->process_fci(card, file, apdu.resp + 2, - apdu.resp[1]); - *file_out = file; - break; - case 0x00: /* proprietary coding */ - return SC_ERROR_UNKNOWN_DATA_RECEIVED; - default: - return SC_ERROR_UNKNOWN_DATA_RECEIVED; - } - return 0; + assert(iso_ops && iso_ops->select_file); + priv_data->file_id = 0; + return iso_ops->select_file(card, in_path, file_out); } static int _westcos2opensc_ac(u8 flag) @@ -616,7 +523,7 @@ static int westcos_create_file(sc_card_t *card, struct sc_file *file) sc_debug(card->ctx, "westcos_create_file\n"); memset(buf, 0, sizeof(buf)); - /* clef de transport */ + /* transport key */ r = sc_card_ctl(card, SC_CARDCTL_WESTCOS_AUT_KEY, NULL); if (r) return (r); @@ -638,7 +545,7 @@ static int westcos_create_file(sc_card_t *card, struct sc_file *file) case SC_FILE_TYPE_WORKING_EF: switch (file->ef_structure) { case SC_FILE_EF_TRANSPARENT: - buf[0] |= 0x20; /* pas de support transaction */ + buf[0] |= 0x20; /* no transaction support */ buf[1] |= 0; _convertion_ac_methode(file, HIGH, SC_AC_OP_READ, &buf[2], &buf[2 + 4]); @@ -652,7 +559,7 @@ static int westcos_create_file(sc_card_t *card, struct sc_file *file) buf[11] = (u8) ((file->size) % 256); break; case SC_FILE_EF_LINEAR_FIXED: - buf[0] |= 0x40; /* pas de support transaction */ + buf[0] |= 0x40; /* no transaction support */ buf[1] |= 0; _convertion_ac_methode(file, HIGH, SC_AC_OP_READ, &buf[2], &buf[2 + 4]); @@ -664,7 +571,7 @@ static int westcos_create_file(sc_card_t *card, struct sc_file *file) buf[11] = file->record_length; break; case SC_FILE_EF_CYCLIC: - buf[0] |= 0x60; /* pas de support transaction */ + buf[0] |= 0x60; /* no transaction support */ buf[1] |= 0; _convertion_ac_methode(file, HIGH, SC_AC_OP_READ, &buf[2], &buf[2 + 4]); @@ -765,7 +672,9 @@ static int westcos_get_crypte_challenge(sc_card_t * card, const u8 * key, u8 * result, size_t * len) { int r; +#ifdef ENABLE_OPENSSL DES_key_schedule ks1, ks2; +#endif u8 buf[8]; if ((*len) < sizeof(buf)) return SC_ERROR_INVALID_ARGUMENTS; @@ -773,17 +682,21 @@ static int westcos_get_crypte_challenge(sc_card_t * card, const u8 * key, r = sc_get_challenge(card, buf, *len); if (r) return r; +#ifdef ENABLE_OPENSSL DES_set_key((const_DES_cblock *) & key[0], &ks1); DES_set_key((const_DES_cblock *) & key[8], &ks2); DES_ecb2_encrypt((const_DES_cblock *)buf, (DES_cblock*)result, &ks1, &ks2, DES_ENCRYPT); - return 0; + return SC_SUCCESS; +#else + return SC_ERROR_NOT_SUPPORTED; +#endif } static int westcos_pin_cmd(sc_card_t * card, struct sc_pin_cmd_data *data, int *tries_left) { int r; - u8 buf[20]; //, result[20]; + u8 buf[20]; sc_apdu_t apdu; size_t len = 0; int pad = 0, use_pin_pad = 0, ins, p1 = 0; @@ -953,6 +866,7 @@ static int sc_lock_phase(sc_card_t * card, u8 phase) static int westcos_card_ctl(sc_card_t * card, unsigned long cmd, void *ptr) { + unsigned int i; int r; size_t buflen; u8 buf[256]; @@ -1088,9 +1002,9 @@ static int westcos_card_ctl(sc_card_t * card, unsigned long cmd, void *ptr) memcpy(temp, ck->key_template, sizeof(temp)); westcos_compute_aetb_crc(CRC_A, ck->new_key.key_value, ck->new_key.key_len, &temp[5], &temp[6]); - for (r = 0, temp[4] = 0xAA, lrc = 0; r < sizeof(temp); - r++) - lrc += temp[r]; + for (i = 0, temp[4] = 0xAA, lrc = 0; i < sizeof(temp); + i++) + lrc += temp[i]; temp[4] = (lrc % 256); buflen = sizeof(buf); r = westcos_get_crypte_challenge(card, @@ -1172,11 +1086,12 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, priv_data_t *priv_data = NULL; int pad; -#ifdef ENABLE_OPENSSL +#ifndef ENABLE_OPENSSL + r = SC_ERROR_NOT_SUPPORTED; +#else RSA *rsa = NULL; BIO *mem = BIO_new(BIO_s_mem()); -#endif if (card == NULL) return SC_ERROR_INVALID_ARGUMENTS; if (card->ctx->debug >= 1) @@ -1186,10 +1101,6 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, r = SC_ERROR_OUT_OF_MEMORY; goto out; } -#ifndef ENABLE_OPENSSL - r = SC_ERROR_NOT_SUPPORTED; - -#else if ((priv_data->env.flags) & SC_ALGORITHM_RSA_PAD_PKCS1) pad = RSA_PKCS1_PADDING; @@ -1220,13 +1131,13 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, BIO_set_mem_eof_return(mem, -1); if (!d2i_RSAPrivateKey_bio(mem, &rsa)) { if (card->ctx->debug >= 5) - sc_debug(card->ctx, "RSA clef invalide, %d\n", + sc_debug(card->ctx, "RSA key invalid, %d\n", ERR_get_error()); r = SC_ERROR_UNKNOWN; goto out; } - /* pkcs11 reroute routine cryptage vers la carte */ + /* pkcs11 reset openssl functions */ rsa->meth = RSA_PKCS1_SSLeay(); if (RSA_size(rsa) > outlen) { if (card->ctx->debug >= 5) @@ -1240,7 +1151,7 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, if (r == -1) { #ifdef DEBUG_SSL - print_openssl_erreur(); + print_openssl_error(); #endif if (card->ctx->debug >= 5) @@ -1251,13 +1162,13 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, } } - else { /* signature */ + else { /* sign */ r = RSA_private_encrypt(data_len, data, out, rsa, pad); if (r == -1) { #ifdef DEBUG_SSL - print_openssl_erreur(); + print_openssl_error(); #endif if (card->ctx->debug >= 5) @@ -1279,15 +1190,12 @@ static int westcos_sign_decipher(int mode, sc_card_t *card, r = outlen; #endif -#endif /* ENABLE_OPENSSL */ - out: -#ifdef ENABLE_OPENSSL +out: if (mem) BIO_free(mem); if (rsa) RSA_free(rsa); - -#endif +#endif /* ENABLE_OPENSSL */ if (keyfile) sc_file_free(keyfile); return r; diff --git a/src/libopensc/cardctl.h b/src/libopensc/cardctl.h index 916728e8..5d6fe431 100644 --- a/src/libopensc/cardctl.h +++ b/src/libopensc/cardctl.h @@ -515,7 +515,7 @@ typedef struct { #define SC_RUTOKEN_DO_ALL_MIN_ID 0x1 /* MIN ID value of All DOs */ #define SC_RUTOKEN_DO_CHV_MAX_ID 0x1F /* MAX ID value of CHV-objects */ -#define SC_RUTOKEN_DO_NOCHV_MAX_ID 0xFE /* MAX ID value of All Other DOs */ +#define SC_RUTOKEN_DO_NOCHV_MAX_ID 0x7F /* MAX ID value of All Other DOs */ /* DO Default Lengths */ #define SC_RUTOKEN_DEF_LEN_DO_GOST 32 diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c index c9a8bc04..abfb4a0e 100644 --- a/src/libopensc/muscle.c +++ b/src/libopensc/muscle.c @@ -427,10 +427,11 @@ void msc_change_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, u8* buffer, size_t bu apdu->data = buffer; } -int msc_get_challenge(sc_card_t *card, short dataLength, short seedLength, u8 *seedData, u8* outputData) +int msc_get_challenge(sc_card_t *card, unsigned short dataLength, unsigned short seedLength, u8 *seedData, u8 *outputData) { sc_apdu_t apdu; - int r, location, cse, len; + int r, location, cse; + size_t len; u8 *buffer, *ptr; location = (dataLength < MSC_MAX_READ) ? 1 : 2; /* 1 == APDU, 2 == (seed in 0xFFFFFFFE, out in 0xFFFFFFFF) */ diff --git a/src/libopensc/muscle.h b/src/libopensc/muscle.h index e39cd533..746124fb 100644 --- a/src/libopensc/muscle.h +++ b/src/libopensc/muscle.h @@ -54,7 +54,7 @@ void msc_unblock_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, u8* buffer, size_t b int msc_change_pin(sc_card_t *card, int pinNumber, const u8 *pinValue, int pinLength, const u8 *newPin, int newPinLength, int *tries); void msc_change_pin_apdu(sc_card_t *card, sc_apdu_t *apdu, u8* buffer, size_t bufferLength, int pinNumber, const u8 *pinValue, int pinLength, const u8 *newPin, int newPinLength); -int msc_get_challenge(sc_card_t *card, short dataLength, short seedLength, u8 *seedData, u8* outputData); +int msc_get_challenge(sc_card_t *card, unsigned short dataLength, unsigned short seedLength, u8 *seedData, u8 *outputData); int msc_generate_keypair(sc_card_t *card, int privateKey, int publicKey, int algorithm, int keySize, int options); int msc_extract_rsa_public_key(sc_card_t *card, diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h index 0aab3660..39898914 100644 --- a/src/libopensc/opensc.h +++ b/src/libopensc/opensc.h @@ -158,10 +158,6 @@ extern "C" { #define SC_ALGORITHM_MD5 128 #define SC_ALGORITHM_SHA1 129 #define SC_ALGORITHM_GOSTR3411 130 -/* FIXME: */ -/* -#define SC_ALGORITHM_GOSTHASH 130 -*/ /* Key derivation algorithms */ #define SC_ALGORITHM_PBKDF2 192 @@ -200,11 +196,6 @@ extern "C" { #define SC_ALGORITHM_GOSTR3410_HASH_GOSTR3411 0x00008000 #define SC_ALGORITHM_GOSTR3410_HASHES 0x00008000 -/* FIXME: */ -#define SC_ALGORITHM_GOST_CRYPT_PZ 0x0 -#define SC_ALGORITHM_GOST_CRYPT_GAMM 0x1 -#define SC_ALGORITHM_GOST_CRYPT_GAMMOS 0x2 - /* Event masks for sc_wait_for_event() */ #define SC_EVENT_CARD_INSERTED 0x0001 #define SC_EVENT_CARD_REMOVED 0x0002 diff --git a/src/libopensc/pkcs15-esinit.c b/src/libopensc/pkcs15-esinit.c index c7d7c342..b53c6402 100644 --- a/src/libopensc/pkcs15-esinit.c +++ b/src/libopensc/pkcs15-esinit.c @@ -41,10 +41,8 @@ static int entersafe_detect_card( sc_pkcs15_card_t *p15card) static int sc_pkcs15emu_entersafe_init( sc_pkcs15_card_t *p15card) { - int r, i; + int r; char buf[256]; - sc_path_t path; - sc_file_t *file = NULL; sc_card_t *card = p15card->card; sc_serial_number_t serial; diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c index 5fc33e73..5d91cbc0 100644 --- a/src/libopensc/reader-pcsc.c +++ b/src/libopensc/reader-pcsc.c @@ -508,6 +508,10 @@ static int pcsc_connect(sc_reader_t *reader, sc_slot_info_t *slot) struct pcsc_private_data *priv = GET_PRIV_DATA(reader); struct pcsc_slot_data *pslot = GET_SLOT_DATA(slot); int r; + u8 feature_buf[256], rbuf[SC_MAX_APDU_BUFFER_SIZE]; + size_t rcount; + DWORD i, feature_len, display_ioctl = 0; + PCSC_TLV_STRUCTURE *pcsc_tlv; r = refresh_slot_attributes(reader, slot); if (r) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index dd31be62..bcbcec2a 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -75,6 +75,7 @@ struct pkcs15_cert_object { #define cert_p15obj base.p15_object #define cert_pubkey base.related_pubkey #define cert_issuer base.related_cert +#define cert_prvkey base.related_privkey struct pkcs15_prkey_object { struct pkcs15_any_object base; @@ -84,7 +85,6 @@ struct pkcs15_prkey_object { #define prv_flags base.base.flags #define prv_p15obj base.p15_object #define prv_pubkey base.related_pubkey -#define prv_cert base.related_cert #define prv_next base.related_privkey struct pkcs15_pubkey_object { @@ -95,7 +95,7 @@ struct pkcs15_pubkey_object { }; #define pub_flags base.base.flags #define pub_p15obj base.p15_object -#define pub_cert base.related_cert +#define pub_genfrom base.related_cert #define __p15_type(obj) (((obj) && (obj)->p15_object)? ((obj)->p15_object->type) : (unsigned int)-1) #define is_privkey(obj) (__p15_type(obj) == SC_PKCS15_TYPE_PRKEY_RSA || __p15_type(obj) == SC_PKCS15_TYPE_PRKEY_GOSTR3410) @@ -350,7 +350,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, } else obj2->pub_data = NULL; /* will copy from cert when cert is read */ - obj2->pub_cert = object; + obj2->pub_genfrom = object; object->cert_pubkey = obj2; if (cert_object != NULL) @@ -470,6 +470,9 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_ sc_pkcs15_id_t *id = &pk->prv_info->id; unsigned int i; + sc_debug(context, "Object is a private key and has id %s", + sc_pkcs15_print_id(id)); + for (i = 0; i < fw_data->num_objects; i++) { struct pkcs15_any_object *obj = fw_data->objects[i]; @@ -488,18 +491,12 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_ *pp = (struct pkcs15_prkey_object *) obj; } } else - if (is_cert(obj) && !pk->prv_cert) { - struct pkcs15_cert_object *cert; - - cert = (struct pkcs15_cert_object *) obj; - if (sc_pkcs15_compare_id(&cert->cert_info->id, id)) - pk->prv_cert = cert; - } else if (is_pubkey(obj) && !pk->prv_pubkey) { struct pkcs15_pubkey_object *pubkey; pubkey = (struct pkcs15_pubkey_object *) obj; if (sc_pkcs15_compare_id(&pubkey->pub_info->id, id)) { + sc_debug(context, "Associating object %d as public key", i); pk->prv_pubkey = pubkey; if (pk->prv_info->modulus_length == 0) pk->prv_info->modulus_length = pubkey->pub_info->modulus_length; @@ -511,25 +508,43 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_ static void __pkcs15_cert_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_cert_object *cert) { - struct sc_pkcs15_cert *c1 = cert->cert_data, *c2; + struct sc_pkcs15_cert *c1 = cert->cert_data; + sc_pkcs15_id_t *id = &cert->cert_info->id; unsigned int i; - /* Loop over all certificates see if we find the certificate of - * the issuer */ + sc_debug(context, "Object is a certificate and has id %s", + sc_pkcs15_print_id(id)); + + /* Loop over all objects to see if we find the certificate of + * the issuer and the associated private key */ for (i = 0; i < fw_data->num_objects; i++) { struct pkcs15_any_object *obj = fw_data->objects[i]; - if (!is_cert(obj) || obj == (struct pkcs15_any_object *) cert) - continue; + if (is_cert(obj) && obj != (struct pkcs15_any_object *) cert) { + struct pkcs15_cert_object *cert2; + struct sc_pkcs15_cert *c2; - c2 = ((struct pkcs15_cert_object *) obj)->cert_data; + cert2 = (struct pkcs15_cert_object *) obj; + c2 = cert2->cert_data; - if (!c1 || !c2 || !c1->issuer_len || !c2->subject_len) - continue; - if (c1->issuer_len == c2->subject_len - && !memcmp(c1->issuer, c2->subject, c1->issuer_len)) { - cert->cert_issuer = (struct pkcs15_cert_object *) obj; - return; + if (!c1 || !c2 || !c1->issuer_len || !c2->subject_len) + continue; + if (c1->issuer_len == c2->subject_len + && !memcmp(c1->issuer, c2->subject, c1->issuer_len)) { + sc_debug(context, "Associating object %d (id %s) as issuer", + i, sc_pkcs15_print_id(&cert2->cert_info->id)); + cert->cert_issuer = (struct pkcs15_cert_object *) obj; + return; + } + } else + if (is_privkey(obj) && !cert->cert_prvkey) { + struct pkcs15_prkey_object *pk; + + pk = (struct pkcs15_prkey_object *) obj; + if (sc_pkcs15_compare_id(&pk->prv_info->id, id)) { + sc_debug(context, "Associating object %d as private key", i); + cert->cert_prvkey = pk; + } } } } @@ -547,6 +562,9 @@ pkcs15_bind_related_objects(struct pkcs15_fw_data *fw_data) if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN) continue; + + sc_debug(context, "Looking for objects related to object %d", i); + if (is_privkey(obj)) { __pkcs15_prkey_bind_related(fw_data, (struct pkcs15_prkey_object *) obj); } else if (is_cert(obj)) { @@ -578,7 +596,7 @@ check_cert_data_read(struct pkcs15_fw_data *fw_data, /* update the related public key object */ obj2 = cert->cert_pubkey; - obj2->pub_data = (sc_pkcs15_pubkey_t *)calloc(1, sizeof(sc_pkcs15_pubkey_t)); + obj2->pub_data = (sc_pkcs15_pubkey_t *)calloc(1, sizeof(sc_pkcs15_pubkey_t)); if (!obj2->pub_data) return SC_ERROR_OUT_OF_MEMORY; memcpy(obj2->pub_data, &cert->cert_data->key, sizeof(sc_pkcs15_pubkey_t)); @@ -613,6 +631,9 @@ pkcs15_add_object(struct sc_pkcs11_slot *slot, struct pkcs15_any_object *obj, CK_OBJECT_HANDLE_PTR pHandle) { + unsigned int i; + struct pkcs15_fw_data *card_fw_data; + if (obj == NULL || (obj->base.flags & (SC_PKCS11_OBJECT_HIDDEN | SC_PKCS11_OBJECT_RECURS))) return; @@ -632,14 +653,23 @@ pkcs15_add_object(struct sc_pkcs11_slot *slot, switch (__p15_type(obj)) { case SC_PKCS15_TYPE_PRKEY_RSA: - if (obj->related_cert == NULL) - pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); - pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_cert, NULL); - break; case SC_PKCS15_TYPE_PRKEY_GOSTR3410: - if (obj->related_cert == NULL) - pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); - pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_cert, NULL); + pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); + card_fw_data = (struct pkcs15_fw_data *) slot->card->fw_data; + for (i = 0; i < card_fw_data->num_objects; i++) { + struct pkcs15_any_object *obj2 = card_fw_data->objects[i]; + struct pkcs15_cert_object *cert; + + if (!is_cert(obj2)) + continue; + + cert = (struct pkcs15_cert_object*) obj2; + + if ((struct pkcs15_any_object*)(cert->cert_prvkey) != obj) + continue; + + pkcs15_add_object(slot, obj2, NULL); + } break; case SC_PKCS15_TYPE_CERT_X509: pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_pubkey, NULL); @@ -818,9 +848,14 @@ static CK_RV pkcs15_create_tokens(struct sc_pkcs11_card *p11card) for (j=0; j < fw_data->num_objects; j++) { struct pkcs15_any_object *obj = fw_data->objects[j]; + /* "Fake" objects we've generated */ if (__p15_type(obj) == (unsigned int)-1) continue; - else if (!sc_pkcs15_compare_id(&pin_info->auth_id, &obj->p15_object->auth_id)) + /* Some objects have an auth_id even though they are + * not private. Just ignore those... */ + if (!(obj->p15_object->flags & SC_PKCS15_CO_FLAG_PRIVATE)) + continue; + if (!sc_pkcs15_compare_id(&pin_info->auth_id, &obj->p15_object->auth_id)) continue; if (is_privkey(obj)) { @@ -1020,7 +1055,7 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card, rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { - sc_lock(p11card->card); + sc_unlock(p11card->card); return sc_to_cryptoki_error(rc, p11card->reader); } @@ -1030,8 +1065,8 @@ static CK_RV pkcs15_init_pin(struct sc_pkcs11_card *p11card, args.pin_len = ulPinLen; rc = sc_pkcs15init_store_pin(fw_data->p15_card, profile, &args); - sc_lock(p11card->card); sc_pkcs15init_unbind(profile); + sc_unlock(p11card->card); if (rc < 0) return sc_to_cryptoki_error(rc, p11card->reader); @@ -1769,7 +1804,7 @@ static CK_RV pkcs15_set_attrib(struct sc_pkcs11_session *session, rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile); if (rc < 0) { - rc = sc_unlock(p11card->card); + sc_unlock(p11card->card); return sc_to_cryptoki_error(rc, p11card->reader); } @@ -2000,25 +2035,43 @@ static CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session, unsigned int usage; size_t len; - /* will use modulus from cert, or pubkey if possible */ - if (prkey->prv_cert && prkey->prv_cert->cert_pubkey) { - /* make sure we have read the cert to get modulus etc but only if needed. */ - switch(attr->type) { - case CKA_MODULUS: - case CKA_PUBLIC_EXPONENT: - case CKA_MODULUS_BITS: - if (check_cert_data_read(fw_data, prkey->prv_cert) != 0) { - /* no cert found, maybe we have a pub_key */ - if (prkey->prv_pubkey && prkey->prv_pubkey->pub_data) - key = prkey->prv_pubkey->pub_data; /* may be NULL */ - } else - key = prkey->prv_cert->cert_pubkey->pub_data; - break; - default: - key = prkey->prv_cert->cert_pubkey->pub_data; + /* PKCS#11 requires us to supply CKA_MODULUS for private keys, + * although that is not generally available from a smart card + * (the key is supposed to be safely locked away after all). + * + * To work around this, we hope that we either have an associated + * public key, or we try to find a certificate with the + * corresponding public key. + * + * Note: We do the same thing for CKA_PUBLIC_EXPONENT as some + * applications assume they can get that from the private + * key, something PKCS#11 doesn't guarantee. + */ + if ((attr->type == CKA_MODULUS) || (attr->type == CKA_PUBLIC_EXPONENT)) { + /* First see if we have a associated public key */ + if (prkey->prv_pubkey) + key = prkey->prv_pubkey->pub_data; + else { + /* Try to find a certificate with the public key */ + unsigned int i; + + for (i = 0; i < fw_data->num_objects; i++) { + struct pkcs15_any_object *obj = fw_data->objects[i]; + struct pkcs15_cert_object *cert; + + if (!is_cert(obj)) + continue; + + cert = (struct pkcs15_cert_object*) obj; + + if (cert->cert_prvkey != prkey) + continue; + + if (check_cert_data_read(fw_data, cert) == 0) + key = cert->cert_pubkey->pub_data; + } } - } else if (prkey->prv_pubkey) - key = prkey->prv_pubkey->pub_data; + } switch (attr->type) { case CKA_CLASS: @@ -2053,7 +2106,7 @@ static CK_RV pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session, break; case CKA_KEY_TYPE: check_attribute_buffer(attr, sizeof(CK_KEY_TYPE)); - if (key && key->algorithm == SC_ALGORITHM_GOSTR3410) + if (prkey->prv_p15obj->type == SC_PKCS15_TYPE_PRKEY_GOSTR3410) *(CK_KEY_TYPE*)attr->pValue = CKK_GOSTR3410; else *(CK_KEY_TYPE*)attr->pValue = CKK_RSA; @@ -2157,9 +2210,6 @@ static CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj, case CKM_RSA_X_509: flags = SC_ALGORITHM_RSA_RAW; break; - case CKM_OPENSC_GOST: /* FIXME: */ - flags = SC_ALGORITHM_GOST; - break; case CKM_GOSTR3410: flags = SC_ALGORITHM_GOSTR3410_HASH_NONE; break; @@ -2235,10 +2285,8 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *ses, void *obj, case CKM_RSA_X_509: flags |= SC_ALGORITHM_RSA_RAW; break; - case CKM_OPENSC_GOST: - flags |= SC_ALGORITHM_GOST; default: - return CKR_MECHANISM_INVALID; + return CKR_MECHANISM_INVALID; } rv = sc_lock(ses->slot->card->card); @@ -2336,7 +2384,7 @@ static CK_RV pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, CK_ATTRIBUTE_PTR attr) { struct pkcs15_pubkey_object *pubkey = (struct pkcs15_pubkey_object*) object; - struct pkcs15_cert_object *cert = pubkey->pub_cert; + struct pkcs15_cert_object *cert = pubkey->pub_genfrom; struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) session->slot->card->fw_data; size_t len; @@ -2886,22 +2934,6 @@ static int register_mechanisms(struct sc_pkcs11_card *p11card) } if (alg_info->algorithm == SC_ALGORITHM_GOSTR3410) flags |= alg_info->flags; -#if 0 /* FIXME: */ - if (alg_info->algorithm == SC_ALGORITHM_GOST){ - mech_info.flags = CKF_HW | CKF_SIGN | CKF_ENCRYPT | CKF_DECRYPT; - #ifdef ENABLE_OPENSSL - mech_info.flags |= CKF_VERIFY; - #endif - mech_info.ulMinKeySize = 32; - mech_info.ulMaxKeySize = 32; - mt = sc_pkcs11_new_fw_mechanism(CKM_OPENSC_GOST, - &mech_info, CKK_RSA, NULL); - rc = sc_pkcs11_register_mechanism(p11card, mt); - sc_debug(card->ctx, "register GOST!!! %d", rc); - if(rc < 0) - return rc; - } -#endif alg_info++; } diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c index 4e17fca8..8039bdaa 100644 --- a/src/pkcs11/pkcs11-global.c +++ b/src/pkcs11/pkcs11-global.c @@ -175,7 +175,8 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs) #if !defined(_WIN32) pid_t current_pid = getpid(); #endif - int i, rc, rv; + unsigned int i; + int rc, rv; sc_context_param_t ctx_opts; /* Handle fork() exception */ @@ -323,7 +324,7 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese CK_ULONG_PTR pulCount) /* receives the number of slots */ { CK_SLOT_ID_PTR found = NULL; - int i; + unsigned int i; CK_ULONG numMatches; sc_pkcs11_slot_t *slot; CK_RV rv; diff --git a/src/pkcs11/pkcs11-opensc.h b/src/pkcs11/pkcs11-opensc.h index d6a00b45..6ab95303 100644 --- a/src/pkcs11/pkcs11-opensc.h +++ b/src/pkcs11/pkcs11-opensc.h @@ -3,8 +3,4 @@ /* OpenSC specific extensions */ -#define CKK_OPENSC_GOST (CKK_VENDOR_DEFINED+1) -#define CKA_OPENSC_GOST (CKA_VENDOR_DEFINED+1) -#define CKM_OPENSC_GOST (CKM_VENDOR_DEFINED+1) - #endif diff --git a/src/pkcs15init/keycache.c b/src/pkcs15init/keycache.c index 4c8eb135..017042eb 100644 --- a/src/pkcs15init/keycache.c +++ b/src/pkcs15init/keycache.c @@ -264,10 +264,6 @@ sc_keycache_set_pin_name(const sc_path_t *path, int ref, int name) s = new_entry(path, SC_AC_CHV, ref); if (s == NULL) return SC_ERROR_OUT_OF_MEMORY; - - s->len = sc_keycache_get_key(path, SC_AC_CHV, -1, s->value, MAX_SECRET); - if(s->len < 0) - return SC_ERROR_OBJECT_NOT_FOUND; } /* Set the pin name */ diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c index 72b014de..c9fab1ee 100644 --- a/src/pkcs15init/pkcs15-cardos.c +++ b/src/pkcs15init/pkcs15-cardos.c @@ -253,7 +253,7 @@ cardos_store_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; - int algorithm, r; + int algorithm = 0, r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { sc_debug(card->ctx, "CardOS supports RSA keys only."); @@ -306,7 +306,7 @@ cardos_generate_key(sc_profile_t *profile, sc_card_t *card, struct sc_cardctl_cardos_genkey_info args; struct sc_file *temp; u8 abignum[256]; - int algorithm, r, delete_it = 0, use_ext_rsa = 0; + int algorithm = 0, r, delete_it = 0, use_ext_rsa = 0; size_t keybits, rsa_max_size; int pin_id = -1; diff --git a/src/pkcs15init/pkcs15-myeid.c b/src/pkcs15init/pkcs15-myeid.c index 83f39ef1..b3417cde 100644 --- a/src/pkcs15init/pkcs15-myeid.c +++ b/src/pkcs15init/pkcs15-myeid.c @@ -232,10 +232,7 @@ static int myeid_generate_store_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_prkey_info_t *info) { struct sc_cardctl_myeid_gen_store_key_info args; - struct sc_cardctl_myeid_data_obj data_obj; - unsigned char raw_pubkey[256]; int r; - unsigned int mod_len; sc_file_t *prkf = NULL; /* Parameter check */ @@ -362,7 +359,7 @@ static int myeid_create_pin_internal(sc_profile_t *profile, sc_card_t *card, data[17] = 0x00; data[18] = 0x00; - data[19] = 0x00; + data[19] = 0x00; /* FIXME, array is only 0..18 */ data_obj.Data = data; data_obj.DataLen = 0x10; diff --git a/src/pkcs15init/pkcs15-westcos.c b/src/pkcs15init/pkcs15-westcos.c index 321647d7..efcef804 100644 --- a/src/pkcs15init/pkcs15-westcos.c +++ b/src/pkcs15init/pkcs15-westcos.c @@ -32,53 +32,16 @@ #include "profile.h" #ifdef ENABLE_OPENSSL +#include #include #include #include - - #include #include #endif extern int sc_check_sw(sc_card_t *card, unsigned int sw1, unsigned int sw2); -#if 0 -/* - * Get private and public key file - */ -static int _westcos_get_keyfiles(sc_profile_t *profile, sc_card_t *card, - const sc_path_t *df_path, - sc_file_t **prkf, sc_file_t **pukf) -{ - sc_path_t path = *df_path; - int r; - - /* Get the private key file */ - r = SC_ERROR_NOT_SUPPORTED; //sc_profile_get_file_by_path(profile, &path, prkf); - if (r < 0) { - char pbuf[SC_MAX_PATH_STRING_SIZE]; - - r = sc_path_print(pbuf, sizeof(pbuf), &path); - if (r != SC_SUCCESS) - pbuf[0] = '\0'; - - return r; - } - - /* Get the public key file */ - path.len -= 2; - sc_append_file_id(&path, 0x1012); - r = SC_ERROR_NOT_SUPPORTED; //sc_profile_get_file_by_path(profile, &path, pukf); - if (r < 0) { - sc_file_free(*prkf); - return r; - } - - return 0; -} -#endif /* currently unused */ - static int westcos_pkcs15init_init_card(sc_profile_t *profile, sc_card_t *card) { @@ -100,7 +63,6 @@ static int westcos_pkcs15init_create_dir(sc_profile_t *profile, /* Create the application DF */ r = sc_pkcs15init_create_file(profile, card, df); - //if(r) return r; r = sc_select_file(card, &df->path, NULL); if(r) return r; @@ -108,19 +70,6 @@ static int westcos_pkcs15init_create_dir(sc_profile_t *profile, return 0; } -#if 0 -/* -* Create a PIN domain (i.e. a sub-directory holding a user PIN) -*/ -static int westcos_pkcs15init_create_domain(sc_profile_t *profile, - sc_card_t *card, - const sc_pkcs15_id_t *id, - sc_file_t **ret) -{ - return SC_ERROR_NOT_SUPPORTED; //sc_pkcs15_create_pin_domain(profile, card, id, ret); -} -#endif /* currently unused */ - /* * Select the PIN reference */ @@ -151,7 +100,7 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile, sc_file_t *file = sc_file_new(); sc_path_t path; - if(pin_len>9 || puk_len>9 || pin_len<0 || puk_len<0) + if(pin_len>9 || puk_len>9) return SC_ERROR_INVALID_ARGUMENTS; file->type = SC_FILE_TYPE_INTERNAL_EF; @@ -179,8 +128,6 @@ static int westcos_pkcs15_create_pin(sc_profile_t *profile, if(r) return (r); } - //r = sc_pkcs15init_create_file(profile, card, file); - if(file) sc_file_free(file); @@ -308,24 +255,6 @@ static int westcos_pkcs15init_store_key(sc_profile_t *profile, sc_pkcs15_prkey_t *key) { return SC_ERROR_NOT_SUPPORTED; - -#if 0 - int r; - sc_file_t *keyfile; - sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; - - if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { - return SC_ERROR_NOT_SUPPORTED; - } - - r = SC_ERROR_NOT_SUPPORTED; //sc_profile_get_file_by_path(profile, &key_info->path, &keyfile); - if (r < 0) return r; - - //r = sc_pkcs15init_update_file(profile, card, keyfile, &key->der.data, &key->der.len); - - //sc_file_free(keyfile); - return r; -#endif } /* @@ -336,41 +265,56 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile, sc_pkcs15_object_t *obj, sc_pkcs15_pubkey_t *pubkey) { - int r = SC_ERROR_UNKNOWN; +#ifndef ENABLE_OPENSSL + return SC_ERROR_NOT_SUPPORTED; +#else + int r = SC_ERROR_UNKNOWN; long lg; char *p; sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; -#ifdef ENABLE_OPENSSL - RSA *rsa = RSA_new(); - BIGNUM *bn = BN_new(); - BIO *mem = BIO_new(BIO_s_mem()); -#endif + RSA *rsa = NULL; + BIGNUM *bn = NULL; + BIO *mem = NULL; -#ifndef ENABLE_OPENSSL - r = SC_ERROR_NOT_SUPPORTED; -#else sc_file_t *prkf = NULL; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { return SC_ERROR_NOT_SUPPORTED; } - if(/*keyfile == NULL ||*/ rsa == NULL || bn == NULL || mem == NULL) +#if OPENSSL_VERSION_NUMBER>=0x00908000L + rsa = RSA_new(); + bn = BN_new(); + mem = BIO_new(BIO_s_mem()); + + if(rsa == NULL || bn == NULL || mem == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto out; } /* pkcs11 re-route routine cryptage vers la carte fixe default to use openssl */ - rsa->meth = RSA_PKCS1_SSLeay(); - if(!BN_set_word(bn, RSA_F4) || !RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL)) +#else + mem = BIO_new(BIO_s_mem()); + + if(mem == NULL) + { + r = SC_ERROR_OUT_OF_MEMORY; + goto out; + } + + rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL); + if (!rsa) +#endif { r = SC_ERROR_UNKNOWN; goto out; } + rsa->meth = RSA_PKCS1_SSLeay(); + if(pubkey != NULL) { if(!i2d_RSAPublicKey_bio(mem, rsa)) @@ -386,7 +330,7 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile, r = sc_pkcs15_decode_pubkey(card->ctx, pubkey, p, lg); } - BIO_reset(mem); + (void) BIO_reset(mem); if(!i2d_RSAPrivateKey_bio(mem, rsa)) { @@ -421,9 +365,9 @@ out: RSA_free(rsa); if(prkf) sc_file_free(prkf); -#endif return r; +#endif } static int westcos_pkcs15init_finalize_card(sc_card_t *card) diff --git a/src/pkcs15init/rutoken.profile b/src/pkcs15init/rutoken.profile index ec8c7a36..9e32d99f 100644 --- a/src/pkcs15init/rutoken.profile +++ b/src/pkcs15init/rutoken.profile @@ -28,7 +28,7 @@ pkcs15 { # Default settings. # This option block will always be processed. -option default_32k { +option default { macros { ti-size = 128; odf-size = 128; @@ -43,8 +43,7 @@ option default_32k { # This option is for cards with very little memory. # It sets the size of various PKCS15 directory files # to 128 or 256, respectively. -#option small { -option default { +option small { macros { ti-size = 64; odf-size = 128; diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c index 309ae191..8d78e287 100644 --- a/src/tools/opensc-explorer.c +++ b/src/tools/opensc-explorer.c @@ -1563,7 +1563,7 @@ static int do_asn1(int argc, char **argv) goto err; } if ((size_t)r != len) { - printf("expecting %d, got only %d bytes.\n", len, r); + printf("expecting %ld, got only %d bytes.\n", len, r); goto err; } diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 14a00f70..36e95fdf 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -3579,7 +3579,6 @@ static struct mech_info p11_mechanisms[] = { { CKM_DSA_PARAMETER_GEN, "DSA-PARAMETER-GEN", NULL }, { CKM_DH_PKCS_PARAMETER_GEN,"DH-PKCS-PARAMETER-GEN", NULL }, { CKM_X9_42_DH_PARAMETER_GEN,"X9-42-DH-PARAMETER-GEN", NULL }, - { CKM_OPENSC_GOST, "GOST", NULL }, { NO_MECHANISM, NULL, NULL } }; diff --git a/src/tools/util.c b/src/tools/util.c index 9870f511..233a13d2 100644 --- a/src/tools/util.c +++ b/src/tools/util.c @@ -51,7 +51,7 @@ int util_connect_card(sc_context_t *ctx, sc_card_t **cardp, return 1; } if (reader_id < 0) { - int i; + unsigned int i; /* Automatically try to skip to a reader with a card if reader not specified */ for (i = 0; i < sc_ctx_get_reader_count(ctx); i++) { reader = sc_ctx_get_reader(ctx, i); diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c index 9b1852ca..cf4775c0 100644 --- a/src/tools/westcos-tool.c +++ b/src/tools/westcos-tool.c @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -358,15 +359,9 @@ int main(int argc, char *argv[]) sc_context_t *ctx = NULL; sc_file_t *file = NULL; sc_path_t path; - RSA *rsa = RSA_new(); - BIGNUM *bn = BN_new(); - BIO *mem = BIO_new(BIO_s_mem()); - - if(rsa == NULL || bn == NULL || mem == NULL) - { - fprintf(stderr,"Not enougth memory.\n"); - goto out; - } + RSA *rsa = NULL; + BIGNUM *bn = NULL; + BIO *mem = NULL; while(i=0x00908000L + rsa = RSA_new(); + bn = BN_new(); + mem = BIO_new(BIO_s_mem()); + + if(rsa == NULL || bn == NULL || mem == NULL) + { + fprintf(stderr,"Not enougth memory.\n"); + goto out; + } + if(!BN_set_word(bn, RSA_F4) || !RSA_generate_key_ex(rsa, keylen, bn, NULL)) +#else + rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL); + mem = BIO_new(BIO_s_mem()); + + if(mem == NULL) + { + fprintf(stderr,"Not enougth memory.\n"); + goto out; + } + + if (!rsa) +#endif { fprintf(stderr, "RSA_generate_key_ex return %d\n", ERR_get_error());