giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master 

Conflicts:
	src/minidriver/minidriver.c
This commit is contained in:
vletoux 2015-10-14 22:22:19 +02:00
parent 747678c83d 851e0a24ff
commit 75d76f5ce4
62 changed files with 683 additions and 1206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MacOSX/build-package.in
View File

@ -1,6 +1,6 @@
#!/bin/bash
# Building the installer is only tested and supported on 10.9+ with Xcode 6.0.1
# Built package targets 10.9+
# Built package targets 10.10
# Building should also work on older versions with older revisions or slight changes, YMMV
# You need to have the following from homebrew or macports or fink:
@ -15,7 +15,7 @@ SDKS_PATH="$(xcode-select -p)/Platforms/MacOSX.platform/Developer/SDKs"
SDK_PATH="${SDK_PATH:-$SDKS_PATH/$(ls -1 ${SDKS_PATH} | sort -n -k2 -t. -r | head -1)}"
# Set SDK path
export CFLAGS="-isysroot $SDK_PATH -arch i386 -arch x86_64 -mmacosx-version-min=10.7"
export CFLAGS="-isysroot $SDK_PATH -arch i386 -arch x86_64 -mmacosx-version-min=10.10"
# OpenSSL is deprecated on OSX since 10.7 and that generates lots of
# "false positive" warnings and there is no alternative option.

45
appveyor.yml
View File

@ -1,18 +1,26 @@
version: 0.15.0.{build}
platform:
# the prebuilt zlib is 32 bit only
- x86
- x64
configuration:
- Release
- Debug
- Light-Release
- Light-Debug
environment:
matrix:
- VSVER: 12
- VSVER: 10
matrix:
allow_failures:
# not included in AppVeyor right now
- platform: x64
VSVER: 10
install:
- ps: if ($env:APPVEYOR_PULL_REQUEST_NUMBER -and $env:APPVEYOR_BUILD_NUMBER -ne ((Invoke-RestMethod `
https://ci.appveyor.com/api/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/history?recordsNumber=50).builds | `
@ -37,22 +45,28 @@ install:
$env:ARTIFACT="OpenSC-${env:APPVEYOR_BUILD_VERSION}-win64_vs${env:VSVER}-${env:CONFIGURATION}.msi"
}
- ps: >-
If ($env:Configuration -Match "Debug") {
$env:NMAKE_DEBUG="DEBUG_DEF=/DDEBUG"
If ($env:Configuration -Like "*Debug*") {
$env:NMAKE_EXTRA="DEBUG_DEF=/DDEBUG ${env:NMAKE_EXTRA}"
}
- ps: >-
If (!($env:Configuration -Like "*Light*")) {
If (!(Test-Path -Path "C:\OpenSSL-${env:OPENSSL_PF}" )) {
Start-FileDownload https://slproweb.com/download/${env:OPENSSL_PF}OpenSSL-${env:OPENSSL_VER}.exe -FileName C:\WinOpenSSL.exe
C:\WinOpenSSL.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
}
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
# the prebuilt zlib is 32 bit only
If ($env:Platform -Match "x86") {
If (!(Test-Path -Path "C:\zlib-dll" )) {
appveyor DownloadFile "https://prdownloads.sourceforge.net/libpng/zlib${env:ZLIB_VER}-dll.zip" -FileName zlib-dll.zip
7z x zlib-dll.zip -oC:\zlib-dll
}
$env:NMAKE_EXTRA="ZLIB_DEF=/DENABLE_ZLIB ${env:NMAKE_EXTRA}"
}
}
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
- echo "Using Visual Studio %VSVER%.0 at %VSCOMNTOOLS%"
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
- ps: >-
If(!(Test-Path -Path "C:\OpenSSL-${env:OPENSSL_PF}" )) {
Start-FileDownload https://slproweb.com/download/${env:OPENSSL_PF}OpenSSL-${env:OPENSSL_VER}.exe -FileName C:\WinOpenSSL.exe
C:\WinOpenSSL.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
}
- ps: >-
If(!(Test-Path -Path "C:\zlib-dll" )) {
appveyor DownloadFile "https://prdownloads.sourceforge.net/libpng/zlib${env:ZLIB_VER}-dll.zip" -FileName zlib-dll.zip
7z x zlib-dll.zip -oC:\zlib-dll
}
- appveyor DownloadFile "http://download.microsoft.com/download/2/C/9/2C93059C-0532-42DF-8C24-9AEAFF00768E/cngsdk.msi"
- cngsdk.msi /quiet
- uname -a
@ -61,9 +75,10 @@ build_script:
- bash -c "exec 0</dev/null && ./bootstrap"
# disable features to speed up the script
- bash -c "exec 0</dev/null && ./configure --disable-openssl --disable-readline --disable-zlib || cat config.log"
- bash -c "make -C etc opensc.conf"
- cp win32/winconfig.h config.h
- nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_DEBUG%
- cd win32 && nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_DEBUG% VSVER=%VSVER% OpenSC.msi
- nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_EXTRA%
- cd win32 && nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_EXTRA% VSVER=%VSVER% OpenSC.msi
- move OpenSC.msi %ARTIFACT%
- appveyor PushArtifact %ARTIFACT%

21
configure.ac
View File

@ -114,13 +114,19 @@ esac
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
DEBUG_FILE="%TEMP%\opensc-debug.log"
DEBUG_FILE="%TEMP%\\\opensc-debug.log"
PROFILE_DIR_DEFAULT="obtained from windows registers"
PROFILE_DIR="\"\""
;;
*)
DEBUG_FILE="/tmp/opensc-debug.log"
PROFILE_DIR="\$(pkgdatadir)"
PROFILE_DIR_DEFAULT="\$(pkgdatadir)"
;;
esac
AC_DEFINE_UNQUOTED([DEBUG_FILE], ["${DEBUG_FILE}"], [Debug file])
AC_DEFINE_UNQUOTED([PROFILE_DIR], ["${PROFILE_DIR}"], [Directory of profiles])
AC_DEFINE_UNQUOTED([PROFILE_DIR_DEFAULT], ["${PROFILE_DIR_DEFAULT}"], [Default directory of profiles])
AC_ARG_ENABLE(
[strict],
@ -486,14 +492,12 @@ PKG_CHECK_MODULES(
case "${enable_openssl}" in
no)
have_openssl="no"
enable_sm="no"
;;
detect)
if test "${have_openssl}" = "yes"; then
enable_openssl="yes"
else
enable_openssl="no"
enable_sm="no"
fi
;;
esac
@ -504,6 +508,9 @@ if test "${enable_openssl}" = "yes"; then
else
AC_MSG_ERROR([OpenSSL linkage required, but no OpenSSL was found])
fi
else
OPENSSL_CFLAGS=""
OPENSSL_LIBS=""
fi
if test "${enable_sm}" = "yes"; then
@ -512,15 +519,19 @@ if test "${enable_sm}" = "yes"; then
case "${host}" in
*-mingw*|*-winnt*|*-cygwin*)
DEFAULT_SM_MODULE="smm-local.dll"
DEFAULT_SM_MODULE_PATH="\# module_path = \"\";"
;;
*-apple-*)
DEFAULT_SM_MODULE="libsmm-local.3.dylib"
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
;;
*)
DEFAULT_SM_MODULE="libsmm-local.so.3"
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
;;
esac
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE], ["${DEFAULT_SM_MODULE}"], [Default SM module])
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE_PATH], ["${DEFAULT_SM_MODULE_PATH}"], [Default SM module path])
fi
if test "${enable_openct}" = "yes"; then
@ -565,6 +576,7 @@ if test "${enable_pcsc}" = "yes"; then
CFLAGS="${CFLAGS} ${PCSC_CFLAGS}"
# We must cope with mingw32 that does not have winscard.h mingw64 has it.
AC_CHECK_HEADERS([winscard.h],,[test "${WIN32}" != "yes" && AC_MSG_ERROR([winscard.h is required for pcsc])])
AC_CHECK_HEADERS([pcsclite.h])
CFLAGS="${saved_CFLAGS}"
if test "${with_pcsc_provider}" = "detect"; then
@ -697,7 +709,10 @@ AC_SUBST([OPTIONAL_OPENCT_LIBS])
AC_SUBST([OPTIONAL_PCSC_CFLAGS])
AC_SUBST([LIBRARY_BITNESS])
AC_SUBST([DEFAULT_SM_MODULE])
AC_SUBST([DEFAULT_SM_MODULE_PATH])
AC_SUBST([DEBUG_FILE])
AC_SUBST([PROFILE_DIR])
AC_SUBST([PROFILE_DIR_DEFAULT])
AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"])

13
etc/Makefile.am
View File

@ -1,12 +1,12 @@
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/opensc.conf.win
DISTCLEANFILES = opensc.conf opensc.conf.win
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
DISTCLEANFILES = opensc.conf
EXTRA_DIST = Makefile.mak
SUFFIXES = .in
dist_noinst_DATA = opensc.conf.in opensc.conf.win.in
nodist_noinst_DATA = opensc.conf opensc.conf.win # For Windows MSVC build
dist_noinst_DATA = opensc.conf.in
nodist_noinst_DATA = opensc.conf
# Make sure we build this every time
# as there is no dependency for this.
@ -18,9 +18,12 @@ opensc.conf: opensc.conf.in force
@sed \
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
-e 's|@libdir[@]|$(libdir)|g' \
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
-e 's|@DEFAULT_PCSC_PROVIDER[@]|$(DEFAULT_PCSC_PROVIDER)|g' \
-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
-e 's|@DEFAULT_SM_MODULE_PATH[@]|$(DEFAULT_SM_MODULE_PATH)|g' \
-e 's|@PROFILE_DIR[@]|$(PROFILE_DIR)|g' \
-e 's|@PROFILE_DIR_DEFAULT[@]|$(PROFILE_DIR_DEFAULT)|g' \
< $< > $@
install-exec-hook: opensc.conf

8
etc/Makefile.mak
View File

@ -1,8 +0,0 @@
all: opensc.conf.win
opensc.conf.win: opensc.conf.win.in
copy /y opensc.conf.win.in opensc.conf.win
clean::
del /Q opensc.conf.win

252
etc/opensc.conf.in
View File

@ -32,9 +32,9 @@ app default {
# PKCS#15 initialization / personalization
# profiles directory for pkcs15-init.
# Default: @pkgdatadir@
# Default: @PROFILE_DIR_DEFAULT@
#
# profile_dir = @pkgdatadir@;
# profile_dir = @PROFILE_DIR@;
# Paranoid memory allocation.
#
@ -45,11 +45,11 @@ app default {
#
# paranoid_memory = false;
# Enable default card driver
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
#
# Default: false
# enable_default_driver = true;
# Enable default card driver
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
#
# Default: false
# enable_default_driver = true;
# CT-API module configuration.
reader_driver ctapi {
@ -112,7 +112,11 @@ app default {
# max_recv_size = 256;
};
# What card drivers to load at start-up
# Whitelist of card drivers to load at start-up
#
# The supported internal card driver names can be retrieved
# from the output of:
# $ opensc-tool --list-drivers
#
# A special value of 'internal' will load all
# statically linked drivers. If an unknown (ie. not
@ -277,144 +281,148 @@ app default {
# IAS/ECC cards
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
# secure_messaging = local_adele;
md_read_only = false;
md_supports_X509_enrollment = true;
}
}
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
md_read_only = false;
md_supports_X509_enrollment = true;
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
# type = 25002;
# driver = "iasecc";
# name = "Oberthur IAS/ECC v1.0.1";
# # No 'admin' application for this card -- no secure messaging
#}
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
# type = 25003;
# driver = "iasecc";
# name = "Morpho YpsID S3 IAS/ECC";
# # secure_messaging = local_morpho_YpsID_S3;
#}
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
# type = 25005;
# driver = "iasecc";
# name = "Morpho MI IAS/ECC v1.0.1";
# md_read_only = false;
# md_supports_X509_enrollment = true;
# secure_messaging = local_morpho_mi;
#}
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos_eid;
}
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
# type = 25002;
# driver = "iasecc";
# name = "Oberthur IAS/ECC v1.0.1";
# # No 'admin' application for this card -- no secure messaging
#}
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
# type = 25003;
# driver = "iasecc";
# name = "Morpho YpsID S3 IAS/ECC";
# # secure_messaging = local_morpho_YpsID_S3;
#}
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
# type = 25005;
# driver = "iasecc";
# name = "Morpho MI IAS/ECC v1.0.1";
# md_read_only = false;
# md_supports_X509_enrollment = true;
# secure_messaging = local_morpho_mi;
#}
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos_eid;
}
secure_messaging local_authentic {
#path to ans name of external SM module
#module_name = @DEFAULT_SM_MODULE@;
#module_path = @libdir@;
# name of external SM module
# module_name = @DEFAULT_SM_MODULE@;
# directory with external SM module
# Default: defined by windows register
@DEFAULT_SM_MODULE_PATH@
# specific data to tune the module initialization
#module_data = "Here can be your SM module init data";
# module_data = "Here can be your SM module init data";
# SM mode:
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
# APDU transmit procedure.
# APDU transmit procedure.
# In this mode all APDUs, except the ones filtered by the card specific procedure,
# are securized.
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
#
# are securized.
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
#
#mode = transmit;
# SM type specific flags
# flags = 0x78; # 0x78 -- level 3, channel 0
# flags = 0x78; # 0x78 -- level 3, channel 0
# Default KMC of the GP Card Manager for the Oberthur's Java cards
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
}
secure_messaging local_gemalto_iam {
secure_messaging local_gemalto_iam {
module_name = @DEFAULT_SM_MODULE@;
module_path = @libdir@;
#module_data = "";
type = acl; # transmit, acl
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
type = acl; # transmit, acl
ifd_serial = "11:22:33:44:55:66:77:88";
ifd_serial = "11:22:33:44:55:66:77:88";
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
keyset_02_enc = "RW_PRIV_ENC_TEST";
keyset_02_mac = "RW_PRIV_MAC_TEST";
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
keyset_02_enc = "RW_PRIV_ENC_TEST";
keyset_02_mac = "RW_PRIV_MAC_TEST";
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
secure_messaging local_amos {
module_name = @DEFAULT_SM_MODULE@;
module_path = @libdir@;
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_02_enc = "ENCROECHANTILLON";
keyset_02_mac = "MACROECHANTILLON";
}
secure_messaging local_amos_eid {
secure_messaging local_amos_eid {
module_name = @DEFAULT_SM_MODULE@;
module_path = @libdir@;
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
secure_messaging local_adele {
secure_messaging local_adele {
module_name = @DEFAULT_SM_MODULE@;
module_path = @libdir@;
#module_data = "";
type = acl; # transmit, acl
@DEFAULT_SM_MODULE_PATH@
# module_data = "";
type = acl; # transmit, acl
ifd_serial = "11:22:33:44:55:66:77:88";
# Keyset values from 'Adele' profiles of the IAS/ECC cards
keyset_01_enc = "EMENCECHANTILLON";
keyset_01_mac = "EMMACECHANTILLON";
# Keyset values from 'Adele' profiles of the IAS/ECC cards
keyset_01_enc = "EMENCECHANTILLON";
keyset_01_mac = "EMMACECHANTILLON";
keyset_02_enc = "AAENCECHANTILLON";
keyset_02_mac = "AAMACECHANTILLON";
keyset_02_enc = "AAENCECHANTILLON";
keyset_02_mac = "AAMACECHANTILLON";
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
}
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
}
# Below are the framework specific configuration blocks.
@ -487,25 +495,25 @@ app default {
# obtained with the common procedures (ex. object creation protected by secure messaging).
# Used by PKCS#11 module configurated to expose restricted number of slots.
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
application E828BD080FD25047656E65726963 {
type = generic;
model = "ECC Generic PKI";
}
application E828BD080FD25047656E65726963 {
type = generic;
model = "ECC Generic PKI";
}
application E828BD080FD2500000040301 {
type = generic;
model = "Adèle Générique";
}
application E828BD080FD2500000040301 {
type = generic;
model = "Adèle Générique";
}
application E828BD080FD2504543432D654944 {
type = protected;
model = "ECC eID";
}
application E828BD080FD2504543432D654944 {
type = protected;
model = "ECC eID";
}
application E828BD080FD2500000040201 {
type = protected;
model = "Adèle Admin-2";
}
application E828BD080FD2500000040201 {
type = protected;
model = "Adèle Admin-2";
}
}
}
@ -568,6 +576,18 @@ app opensc-pkcs11 {
# Default: false
# lock_login = true;
# With this setting disabled, the OpenSC PKCS#11 module will initialize
# the slots available when the application calls `C_GetSlotList`. With
# this setting enabled, the slots will also get initialized when
# C_GetSlotInfo is called.
#
# This setting is a workaround for Java which does not call
# `C_GetSlotList` when configured with a static `slot` instead of
# `slotListIndex`.
#
# Default: true
# init_sloppy = false;
# User PIN unblock style
# none: PIN unblock is not possible with PKCS#11 API;
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:

650
etc/opensc.conf.win.in
View File

@ -1,650 +0,0 @@
# Configuration file for OpenSC
# Example configuration file
# NOTE: All key-value pairs must be terminated by a semicolon.
# Default values for any application
# These can be overridden by an application
# specific configuration block.
app default {
# Amount of debug info to print
#
# A greater value means more debug info.
# Default: 0
#
debug = 0;
# The file to which debug output will be written
#
# Special values 'stdout' and 'stderr' are recognized.
# Default: stderr
#
# debug_file = %TEMP%\opensc-debug.log
# Re-open debug file (used in WIN32)
#
# In Windows, file handles can not be shared between DLL-s,
# each DLL has a separate file handle table.
# For that reason reopen debug file before every debug message.
#
# Default: true
# reopen_debug_file = false;
# PKCS#15 initialization / personalization
# profiles directory for pkcs15-init.
# Default: obtained from windows registers
#
# profile_dir = "";
# Paranoid memory allocation.
#
# If set to 'true', then refuse to continue when locking of non-pageable
# memory fails. This can cause subtle failures but is more secure when
# you have a swap disk.
# Default: false
#
# paranoid_memory = false;
# Enable default card driver
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
#
# Default: false
# enable_default_driver = true;
# CT-API module configuration.
reader_driver ctapi {
# module @libdir@/libtowitoko.so {
# CT-API ports:
# 0..3 COM1..4
# 4 Printer
# 5 Modem
# 6..7 LPT1..2
# ports = 0;
# }
}
# The following section shows definitions for PC/SC readers.
reader_driver pcsc {
# Limit command and response sizes.
# Default: n/a
# max_send_size = 255;
# max_recv_size = 256;
#
# Connect to reader in exclusive mode?
# Default: false
# connect_exclusive = true;
#
# What to do when disconnecting from a card (SCardDisconnect)
# Valid values: leave, reset, unpower.
# Default: reset
# disconnect_action = unpower;
#
# What to do at the end of a transaction (SCardEndTransaction)
# Valid values: leave, reset, unpower.
# Default: leave
# transaction_end_action = reset;
#
# What to do when reconnection to a card (SCardReconnect)
# Valid values: leave, reset, unpower.
# Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD).
# A forced reset via sc_reset() always does a full powerup.
# Default: leave
# reconnect_action = reset;
#
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
# Default: true
# enable_pinpad = false;
#
# Use specific pcsc provider.
# Default: winscard.dll
# provider_library = winscard.dll
}
# Options for OpenCT support
reader_driver openct {
# Virtual readers to allocate.
# Default: 2
# readers = 5;
#
# Limit command and response sizes.
# Default: n/a
# max_send_size = 255;
# max_recv_size = 256;
};
# What card drivers to load at start-up
#
# A special value of 'internal' will load all
# statically linked drivers. If an unknown (ie. not
# internal) driver is supplied, a separate configuration
# configuration block has to be written for the driver.
# Default: internal
# NOTE: When "internal" keyword is used, must be last entry
#
# card_drivers = customcos, internal;
# Card driver configuration blocks.
# For card drivers loaded from an external shared library/DLL,
# you need to specify the path name of the module
#
# card_driver customcos {
# The location of the driver library
# module = @libdir@/card_customcos.so;
# }
# Force using specific card driver
#
# If this option is present, OpenSC will use the supplied
# driver with all inserted cards.
#
# Default: autodetect
#
# force_card_driver = customcos;
# In addition to the built-in list of known cards in the
# card driver, you can configure a new card for the driver
# using the card_atr block. The goal is to centralize
# everything related to a certain card to card_atr.
#
# The supported internal card driver names can be retrieved
# from the output of:
# $ opensc-tool --list-drivers
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
# New card entry for the flex card driver
# card_atr 3b:f0:0d:ca:fe {
# All parameters for the context are
# optional unless specified otherwise.
# Context: global, card driver
#
# ATR mask value
#
# The mask is logically AND'd with an
# card ATR prior to comparison with the
# ATR reference value above. Using mask
# allows identifying and configuring
# multiple ATRs as the same card model.
# atrmask = "ff:ff:ff:ff:ff";
# Context: card driver
#
# Specify used card driver (REQUIRED).
#
# When enabled, overrides all possible
# settings from the card drivers built-in
# card configuration list.
# driver = "flex";
# Set card name for card drivers that allows it.
# name = "My CryptoFlex card";
# Card type as an integer value.
#
# Depending on card driver, this allows
# tuning the behaviour of the card driver
# for your card.
# type = "2002";
# Card flags as an hex value.
# Multiple values are OR'd together.
#
# Depending on card driver, this allows
# fine-tuning the capabilities in
# the card driver for your card.
#
# Optionally, some known parameters
# can be specified as strings:
#
# rng - On-board random number source
#
# flags = "rng", "0x80000000";
# Enable pkcs11 initialization.
# Default: no
# pkcs11_enable_InitToken = yes;
#
# Context: PKCS#15 emulation layer
#
# When using PKCS#15 emulation, force
# the emulation driver for specific cards.
#
# Required for external drivers, but can
# be used with built-in drivers, too.
# pkcs15emu = "custom";
#
# Context: reader driver
#
# Force protocol selection for specific cards.
# Known parameters: t0, t1, raw
# force_protocol = "t0";
# }
# PIV cards need an entry similar to this one:
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
# name = "PIV-II";
# driver = "piv";
# }
# Estonian ID card and Micardo driver sometimes only play together with T=0
# In theory only the 'cold' ATR should be specified, as T=0 will
# be the preferred protocol once you boot it up with T=0, but be
# paranoid.
#
# Warm ATR v1
card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
# Cold ATR v1
card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
force_protocol = t0;
}
# Warm ATR v2
card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
# Cold ATR v2
card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b {
force_protocol = t0;
}
# Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above
# The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR.
card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
force_protocol = t0;
}
# D-Trust cards are also based on micardo and need T=0 for some reason
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
force_protocol = t0;
}
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
force_protocol = t0;
}
# Oberthur's AuthentIC v3.2.2
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
type = 11100;
driver = "authentic";
name = "AuthentIC v3.1";
# Name of SM configuration sub-section
# secure_messaging = local_authentic;
}
# IAS/ECC cards
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
# secure_messaging = local_adele;
md_read_only = false;
md_supports_X509_enrollment = true;
}
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
md_read_only = false;
md_supports_X509_enrollment = true;
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
# type = 25002;
# driver = "iasecc";
# name = "Oberthur IAS/ECC v1.0.1";
# # No 'admin' application for this card -- no secure messaging
#}
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
# type = 25003;
# driver = "iasecc";
# name = "Morpho YpsID S3 IAS/ECC";
# # secure_messaging = local_morpho_YpsID_S3;
#}
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos_eid;
}
secure_messaging local_authentic {
# name of external SM module
# module_name = smm-local.dll;
# directory with external SM module
# Default: defined by windows register
# module_path = "";
# specific data to tune the module initialization
# module_data = "Here can be your SM module init data";
# SM mode:
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
# APDU transmit procedure.
# In this mode all APDUs, except the ones filtered by the card specific procedure,
# are securized.
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
#
#mode = transmit;
# SM type specific flags
# flags = 0x78; # 0x78 -- level 3, channel 0
# Default KMC of the GP Card Manager for the Oberthur's Java cards
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
}
secure_messaging local_gemalto_iam {
module_name = smm-local.dll;
# module_path = "";
# module_data = "";
type = acl; # transmit, acl
ifd_serial = "11:22:33:44:55:66:77:88";
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
keyset_02_enc = "RW_PRIV_ENC_TEST";
keyset_02_mac = "RW_PRIV_MAC_TEST";
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
secure_messaging local_amos {
module_name = smm-local.dll;
# module_path = "";
# module_data = "";
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_02_enc = "ENCROECHANTILLON";
keyset_02_mac = "MACROECHANTILLON";
}
secure_messaging local_amos_eid {
module_name = smm-local.dll;
# module_path = "";
# module_data = "";
mode = acl;
ifd_serial = "11:22:33:44:55:66:77:88";
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
}
secure_messaging local_adele {
module_name = smm-local.dll;
# module_path = "";
# module_data = "";
type = acl; # transmit, acl
ifd_serial = "11:22:33:44:55:66:77:88";
# Keyset values from 'Adele' profiles of the IAS/ECC cards
keyset_01_enc = "EMENCECHANTILLON";
keyset_01_mac = "EMMACECHANTILLON";
keyset_02_enc = "AAENCECHANTILLON";
keyset_02_mac = "AAMACECHANTILLON";
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
}
# Below are the framework specific configuration blocks.
# PKCS #15
framework pkcs15 {
# Whether to use the cache files in the user's
# home directory.
#
# At the moment you have to 'teach' the card
# to the system by running command: pkcs15-tool -L
#
# WARNING: Caching shouldn't be used in setuid root
# applications.
# Default: false
# use_file_caching = true;
#
# Use PIN caching?
# Default: true
# use_pin_caching = false;
#
# How many times to use a PIN from cache before re-authenticating it?
# Default: 10
# pin_cache_counter = 3;
#
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
# may need to set this to get signatures to work with some cards.
# Default: false
# pin_cache_ignore_user_consent = true;
#
# Enable pkcs15 emulation.
# Default: yes
# enable_pkcs15_emulation = no;
#
# Prefer pkcs15 emulation code before
# the normal pkcs15 processing.
# Some cards (like esteid and pteid) work in emu-only mode,
# and do not depend on this option.
#
# Default: no
# try_emulation_first = yes;
# Enable builtin emulators.
# Default: yes
# enable_builtin_emulation = no;
#
# List of the builtin pkcs15 emulators to test
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
# builtin_emulators = openpgp;
# additional settings per driver
#
# For pkcs15 emulators loaded from an external shared
# library/DLL, you need to specify the path name of the module
# and customize the card_atr example above correctly.
#
# emulate custom {
# The location of the driver library
# module = p15emu_custom.dll;
# }
# some additional application parameters:
# - type (generic, protected) used to distinguish the common access application
# and application for which authentication to perform some operation cannot be
# obtained with the common procedures (ex. object creation protected by secure messaging).
# Used by PKCS#11 module configurated to expose restricted number of slots.
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
application E828BD080FD25047656E65726963 {
type = generic;
model = "ECC Generic PKI";
}
application E828BD080FD2500000040301 {
type = generic;
model = "Adèle Générique";
}
application E828BD080FD2504543432D654944 {
type = protected;
model = "ECC eID";
}
application E828BD080FD2500000040201 {
type = protected;
model = "Adèle Admin-2";
}
}
}
# Parameters for the OpenSC PKCS11 module
app opensc-pkcs11 {
pkcs11 {
# Should the module support hotplug of readers as per PKCS#11 v2.20?
# This affects slot changes and PC/SC PnP, as v2.11 applications
# are not allowed to change the length of the slot list.
# Default: true
# plug_and_play = false;
# Maximum Number of virtual slots.
# If there are more slots than defined here,
# the remaining slots will be hidden from PKCS#11.
# Default: 16
# max_virtual_slots = 32;
# Maximum number of slots per smart card.
# If the card has fewer keys than defined here,
# the remaining number of slots will be empty.
# Default: 4
# slots_per_card = 2;
# (max_virtual_slots/slots_per_card) limits the number of readers
# that can be used on the system. Default is then 16/4=4 readers.
# Normally, the pkcs11 module will create
# the full number of slots defined above by
# num_slots. If there are fewer pins/keys on
# the card, the remaining keys will be empty
# (and you will be able to create new objects
# within them).
# Default: true
# hide_empty_tokens = false;
# By default, the OpenSC PKCS#11 module will not lock your card
# once you authenticate to the card via C_Login.
#
# Thus the other users or other applications is not prevented
# from connecting to the card and perform crypto operations
# (which may be possible because you have already authenticated
# with the card). This setting is not very secure.
#
# Also, if your card is not locked, you can enconter problems
# due to limitation of the OpenSC framework, that still is not
# thoroughly tested in the multi threads environment.
#
# Your settings will be more secure if you choose to lock your
# card. Nevertheless this behavior is a known violation of PKCS#11
# specification. Now once one application has started using your
# card with C_Login, no other application can use it, until
# the first is done and calls C_Logout or C_Finalize. In the case
# of many PKCS#11 application this does not happen until you exit
# the application.
# Thus it is impossible to use several smart card aware applications
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
# the same time, if both are configured to use your smart card.
#
# Default: false
# lock_login = true;
# User PIN unblock style
# none: PIN unblock is not possible with PKCS#11 API;
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
# set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
# # Actually this style works only for the PKCS15 contents without SOPIN.
# # For those with SOPIN, this mode will be usefull for the cards without
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
#
# Default: none
# user_pin_unblock_style = set_pin_in_unlogged_session;
# Create slot for unblocking PIN with PUK
# This way PKCS#11 API can be used to login with PUK and
# change a PIN.
# Warning: causes problems with some applications like
# firefox and thunderbird. Thus turned off by default
#
# Default: false
# create_puk_slot = true;
# Report as 'zero' the CKA_ID attribute of CA certificate
# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
# card reports as '0' the CKA_ID of CA cartificates.
# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
#
# Default: false
# zero_ckaid_for_ca_certs = true;
# List of readers to ignore
# If any of the strings listed below is matched (case sensitive) in a reader name,
# the reader is ignored by the PKCS#11 module.
#
# Default: empty
# ignored_readers = "CardMan 1021", "SPR 532";
# Symbolic names of PINs for which slots are created
# Card can contain more then one PINs or more then one on-card application with
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
# created for all of them. Many slots could be ennoying for some of widely used application,
# like FireFox. This configuration parameter allows to select the PINs or on-card application
# for which PKCS#11 slot will be created.
# Actually recognised following symbolic names:
# 'user', 'sign', 'application', all
# Only PINs initialised, non-SoPIN, non-unblocking are associated with symbolic name.
# 'user' is identified as first global or first local PIN.
# 'sign' is identified as second PIN: first local, second global or second local.
# 'application' slot created for each on-card application,
# even if they use a common global PIN.
# 'all' slot created for all non-sopin, non-unblocking PINs,
# optionally for PUK (see option 'create_puk_slot')
#
# Default: all
# create_slots_for_pins = "user,sign";
# create_slots_for_pins = application;
# create_slots_for_pins = "application,sign";
}
}
# Used by OpenSC.tokend on Mac OS X only.
app tokend {
# The file to which debug log will be written
# Default: /tmp/opensc-tokend.log
#
# debug_file = /Library/Logs/OpenSC.tokend.log
framework tokend {
# Score for OpenSC.tokend
# The tokend with the highest score shall be used.
# Default: 300
#
# score = 10;
}
}
# XXX: remove cardmod pseudodriver
app cardmod {
# cardmod app name use special pcsc reader subset
# fix options for this reader driver here.
reader_driver cardmod {
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
# Default: true
# enable_pinpad = false;
}
}

1
src/Makefile.am
View File

@ -8,4 +8,3 @@ SUBDIRS = common scconf pkcs15init libopensc pkcs11 \
if ENABLE_SM
SUBDIRS += libsm smm
endif

2
src/common/libpkcs11.c
View File

@ -2,7 +2,7 @@
* Convenience pkcs11 library that can be linked into an application,
* and will bind to a specific pkcs11 module.
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*/
#if HAVE_CONFIG_H

2
src/libopensc/Makefile.mak
View File

@ -47,4 +47,4 @@ opensc.dll: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libsc
if EXIST opensc.dll.manifest mt -manifest opensc.dll.manifest -outputresource:opensc.dll;2
opensc_a.lib: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib
lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib $(ZLIB_LIB) user32.lib ws2_32.lib
lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib $(ZLIB_LIB) user32.lib advapi32.lib ws2_32.lib

11
src/libopensc/asn1.c
View File

@ -1854,6 +1854,17 @@ sc_asn1_sig_value_rs_to_sequence(struct sc_context *ctx, unsigned char *in, size
int rv;
LOG_FUNC_CALLED(ctx);
/* R/S are filled up with zeroes, we do not want that in sequence format */
while(r_len > 1 && *r == 0x00) {
r++;
r_len--;
}
while(s_len > 1 && *s == 0x00) {
s++;
s_len--;
}
sc_copy_asn1_entry(c_asn1_sig_value, asn1_sig_value);
sc_format_asn1_entry(asn1_sig_value + 0, asn1_sig_value_coefficients, NULL, 1);

2
src/libopensc/card-gpk.c
View File

@ -1,7 +1,7 @@
/*
* card-gpk: Driver for GPK 4000 cards
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

11
src/libopensc/card-iasecc.c
View File

@ -3571,4 +3571,15 @@ sc_get_iasecc_driver(void)
return sc_get_driver();
}
#else
/* we need to define the functions below to export them */
#include "errors.h"
int
iasecc_se_get_info()
{
return SC_ERROR_NOT_SUPPORTED;
}
#endif /* ENABLE_OPENSSL */

4
src/libopensc/card-openpgp.c
View File

@ -1700,7 +1700,7 @@ pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_
}
/* To generate key with new key size */
else if (old_modulus_len != key_info->modulus_len) {
algo_blob->data[1] = (unsigned char)key_info->modulus_len >> 8;
algo_blob->data[1] = (unsigned char)(key_info->modulus_len >> 8);
algo_blob->data[2] = (unsigned char)key_info->modulus_len;
changed = 1;
}
@ -1711,7 +1711,7 @@ pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_
key_info->exponent_len = old_exponent_len;
}
else if (old_exponent_len != key_info->exponent_len) {
algo_blob->data[3] = (unsigned char)key_info->exponent_len >> 8;
algo_blob->data[3] = (unsigned char)(key_info->exponent_len >> 8);
algo_blob->data[4] = (unsigned char)key_info->exponent_len;
changed = 1;
}

3
src/libopensc/card-piv.c
View File

@ -723,9 +723,6 @@ static int piv_find_aid(sc_card_t * card, sc_file_t *aid_file)
* that we know about.
*/
if (card->type == SC_CARD_TYPE_PIV_II_GENERIC)
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
r = piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, rbuf, &resplen);
if (r >= 0 && resplen > 2 ) {
tag = sc_asn1_find_tag(card->ctx, rbuf, resplen, 0x61, &taglen);

4
src/libopensc/card-sc-hsm.c
View File

@ -85,10 +85,6 @@ static int sc_hsm_select_file(sc_card_t *card,
sc_file_t *file = NULL;
if (file_out == NULL) { // Versions before 0.16 of the SmartCard-HSM do not support P2='0C'
if (!in_path->len && in_path->aid.len) {
sc_log(card->ctx, "Preventing reselection of applet which would clear the security state");
return SC_SUCCESS;
}
rv = sc_hsm_select_file(card, in_path, &file);
if (file != NULL) {
sc_file_free(file);

2
src/libopensc/card-tcos.c
View File

@ -402,6 +402,7 @@ static int tcos_select_file(sc_card_t *card,
file = sc_file_new();
if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
*file_out = file;
file->path = *in_path;
for(i=2; i+1<apdu.resplen && i+1+apdu.resp[i+1]<apdu.resplen; i+=2+apdu.resp[i+1]){
@ -440,7 +441,6 @@ static int tcos_select_file(sc_card_t *card,
}
}
file->magic = SC_FILE_MAGIC;
*file_out = file;
parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len);

10
src/libopensc/ctbcs.c
View File

@ -1,7 +1,7 @@
/*
* ctbcs.c: Extended CTBCS commands, used for pcsc and ct-api readers
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -71,7 +71,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
/* card apdu must be last in packet */
if (!data->apdu)
return SC_ERROR_INTERNAL;
if (count + 7 > buflen)
if (count + 8 > buflen)
return SC_ERROR_BUFFER_TOO_SMALL;
j = count;
@ -95,12 +95,14 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
len = data->pin1.pad_length;
if (j + len > buflen || len > 256)
if (1 + j + len > buflen || len > 256)
return SC_ERROR_BUFFER_TOO_SMALL;
buf[j++] = len;
memset(buf+j, data->pin1.pad_char, len);
j += len;
}
if (count + 1 > buflen)
return SC_ERROR_BUFFER_TOO_SMALL;
buf[count+1] = j - count - 2;
count = j;
@ -168,7 +170,7 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
len = data->pin1.pad_length + data->pin2.pad_length;
if (j + len > buflen || len > 256)
if (1 + j + len > buflen || len > 256)
return SC_ERROR_BUFFER_TOO_SMALL;
buf[j++] = len;
memset(buf+j, data->pin1.pad_char, len);

19
src/libopensc/cwa14890.c
View File

@ -1466,17 +1466,21 @@ int cwa_encode_apdu(sc_card_t * card,
/* reserve extra bytes for padding and tlv header */
msgbuf = calloc(12 + from->lc, sizeof(u8)); /* to encrypt apdu data */
cryptbuf = calloc(12 + from->lc, sizeof(u8));
if (!msgbuf || !cryptbuf)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
if (!msgbuf || !cryptbuf) {
res = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
/* check if APDU is already encoded */
if ((from->cla & 0x0C) != 0) {
memcpy(to, from, sizeof(sc_apdu_t));
return SC_SUCCESS; /* already encoded */
res = SC_SUCCESS; /* already encoded */
goto encode_end;
}
if (from->ins == 0xC0) {
memcpy(to, from, sizeof(sc_apdu_t));
return SC_SUCCESS; /* dont encode GET Response cmd */
res = SC_SUCCESS; /* dont encode GET Response cmd */
goto encode_end;
}
/* call provider pre-operation method */
@ -1500,8 +1504,10 @@ int cwa_encode_apdu(sc_card_t * card,
ccbuf =
calloc(MAX(SC_MAX_APDU_BUFFER_SIZE, 20 + from->datalen),
sizeof(u8));
if (!apdubuf || !ccbuf)
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
if (!apdubuf || !ccbuf) {
res = SC_ERROR_OUT_OF_MEMORY;
goto err;
}
/* set up data on destination apdu */
to->cse = SC_APDU_CASE_3_SHORT;
@ -1615,6 +1621,7 @@ int cwa_encode_apdu(sc_card_t * card,
res = SC_SUCCESS;
goto encode_end_apdu_valid;
err:
encode_end:
if (apdubuf)
free(apdubuf);

13
src/libopensc/iasecc-sdo.c
View File

@ -764,15 +764,14 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
sdo = calloc(1, sizeof(struct iasecc_sdo));
if (!sdo)
return SC_ERROR_OUT_OF_MEMORY;
*out = sdo;
sdo->sdo_class = *(data + 1) & 0x7F;
sdo->sdo_ref = *(data + 2) & 0x3F;
sc_log(ctx, "sdo_class 0x%X, sdo_ref 0x%X", sdo->sdo_class, sdo->sdo_ref);
if (data_len == 3) {
*out = sdo;
if (data_len == 3)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
size_size = iasecc_parse_size(data + 3, &size);
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data");
@ -795,8 +794,6 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
sc_log(ctx, "docp.acls_contact.size %i; docp.size.size %i", sdo->docp.acls_contact.size, sdo->docp.size.size);
*out = sdo;
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
@ -1299,4 +1296,10 @@ iasecc_sdo_encode_update_field()
return SC_ERROR_NOT_SUPPORTED;
}
int
iasecc_se_get_crt()
{
return SC_ERROR_NOT_SUPPORTED;
}
#endif /* ENABLE_OPENSSL */

2
src/libopensc/pkcs15-algo.c
View File

@ -1,7 +1,7 @@
/*
* pkc15-algo.c: ASN.1 handling for algorithm IDs and parameters
*
* Copyright (C) 2001, 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2001, 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

2
src/libopensc/pkcs15-data.c
View File

@ -157,7 +157,7 @@ int sc_pkcs15_encode_dodf_entry(sc_context_t *ctx,
size_t label_len;
info = (struct sc_pkcs15_data_info *) obj->data;
label_len = strlen(info->app_label);
label_len = strnlen(info->app_label, sizeof info->app_label);
sc_copy_asn1_entry(c_asn1_com_data_attr, asn1_com_data_attr);
sc_copy_asn1_entry(c_asn1_type_data_attr, asn1_type_data_attr);

6
src/libopensc/pkcs15-pin.c
View File

@ -358,7 +358,7 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
LOG_TEST_RET(ctx, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (auth_info->path.len > 0) {
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
r = sc_select_file(card, &auth_info->path, NULL);
if (r)
goto out;
@ -402,7 +402,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
r = sc_lock(card);
LOG_TEST_RET(ctx, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (auth_info->path.len > 0) {
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
r = sc_select_file(card, &auth_info->path, NULL);
if (r)
goto out;
@ -509,7 +509,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
LOG_TEST_RET(ctx, r, "sc_lock() failed");
/* the path in the pin object is optional */
if (auth_info->path.len > 0) {
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
r = sc_select_file(card, &auth_info->path, NULL);
if (r)
goto out;

16
src/libopensc/pkcs15-sc-hsm.c
View File

@ -298,10 +298,10 @@ int sc_pkcs15emu_sc_hsm_encode_cvc(sc_pkcs15_card_t * p15card,
}
sc_format_asn1_entry(asn1_cvc_body , &cvc->cpi, NULL, 1);
lencar = strlen(cvc->car);
lencar = strnlen(cvc->car, sizeof cvc->car);
sc_format_asn1_entry(asn1_cvc_body + 1, &cvc->car, &lencar, 1);
sc_format_asn1_entry(asn1_cvc_body + 2, &asn1_cvc_pubkey, NULL, 1);
lenchr = strlen(cvc->chr);
lenchr = strnlen(cvc->chr, sizeof cvc->chr);
sc_format_asn1_entry(asn1_cvc_body + 3, &cvc->chr, &lenchr, 1);
sc_format_asn1_entry(asn1_cvcert , &asn1_cvc_body, NULL, 1);
@ -846,7 +846,7 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
if (appinfo->label == NULL)
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
len = strlen(devcert.chr); /* Strip last 5 digit sequence number from CHR */
len = strnlen(devcert.chr, sizeof devcert.chr); /* Strip last 5 digit sequence number from CHR */
assert(len >= 8);
len -= 5;
@ -866,9 +866,10 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
pin_info.auth_id.len = 1;
pin_info.auth_id.value[0] = 1;
pin_info.path.aid = sc_hsm_aid;
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
pin_info.attrs.pin.reference = 0x81;
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pin_info.attrs.pin.min_length = 6;
pin_info.attrs.pin.stored_length = 0;
@ -890,16 +891,17 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
pin_info.auth_id.len = 1;
pin_info.auth_id.value[0] = 2;
pin_info.path.aid = sc_hsm_aid;
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
pin_info.attrs.pin.reference = 0x88;
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_CHANGE_DISABLED|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD;
pin_info.attrs.pin.min_length = 16;
pin_info.attrs.pin.stored_length = 0;
pin_info.attrs.pin.max_length = 16;
pin_info.attrs.pin.pad_char = '\0';
pin_info.tries_left = 3;
pin_info.max_tries = 3;
pin_info.tries_left = 15;
pin_info.max_tries = 15;
strlcpy(pin_obj.label, "SOPIN", sizeof(pin_obj.label));
pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;

4
src/libopensc/pkcs15.c
View File

@ -1505,8 +1505,8 @@ compare_obj_data_name(struct sc_pkcs15_object *obj, const char *app_label, const
if (obj->type != SC_PKCS15_TYPE_DATA_OBJECT)
return 0;
return !strcmp(cinfo->app_label, app_label) &&
!strcmp(obj->label, label);
return !strncmp(cinfo->app_label, app_label, sizeof cinfo->app_label) &&
!strncmp(obj->label, label, sizeof obj->label);
}

2
src/libopensc/reader-openct.c
View File

@ -248,7 +248,7 @@ static int openct_reader_disconnect(sc_reader_t *reader)
struct driver_data *data = (struct driver_data *) reader->drv_data;
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
if (data->h && !(reader->flags & SC_TERMINATE))
if (data->h && !(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
ct_reader_disconnect(data->h);
data->h = NULL;
return SC_SUCCESS;

19
src/libopensc/reader-pcsc.c
View File

@ -41,6 +41,12 @@
#include "pace.h"
#ifdef HAVE_PCSCLITE_H
#if !defined (__MAC_OS_X_VERSION_MIN_REQUIRED) || __MAC_OS_X_VERSION_MIN_REQUIRED < 101000
#define HAVE_PCSCLITE 1
#endif
#endif
/* Logging */
#define PCSC_TRACE(reader, desc, rv) do { sc_log(reader->ctx, "%s:" desc ": 0x%08lx\n", reader->name, rv); } while (0)
#define PCSC_LOG(ctx, desc, rv) do { sc_log(ctx, desc ": 0x%08lx\n", rv); } while (0)
@ -431,8 +437,10 @@ static int pcsc_reconnect(sc_reader_t * reader, DWORD action)
if (check_forced_protocol(reader->ctx, &reader->atr, &tmp))
protocol = tmp;
/* reconnect always unlocks transaction */
#ifndef HAVE_PCSCLITE
/* reconnect unlocks transaction everywhere but in PCSC-lite */
priv->locked = 0;
#endif
rv = priv->gpriv->SCardReconnect(priv->pcsc_card,
priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED,
@ -588,17 +596,21 @@ static int pcsc_release(sc_reader_t *reader)
static int pcsc_reset(sc_reader_t *reader, int do_cold_reset)
{
struct pcsc_private_data *priv = GET_PRIV_DATA(reader);
int r;
#ifndef HAVE_PCSCLITE
struct pcsc_private_data *priv = GET_PRIV_DATA(reader);
int old_locked = priv->locked;
#endif
r = pcsc_reconnect(reader, do_cold_reset ? SCARD_UNPOWER_CARD : SCARD_RESET_CARD);
if(r != SC_SUCCESS)
return r;
/* pcsc_reconnect unlocks card... try to lock it again if it was locked */
#ifndef HAVE_PCSCLITE
/* reconnect unlocks transaction everywhere but in PCSC-lite */
if(old_locked)
r = pcsc_lock(reader);
#endif
return r;
}
@ -2486,4 +2498,3 @@ struct sc_reader_driver * sc_get_cardmod_driver(void)
#endif
#endif /* ENABLE_PCSC */

2
src/libsm/Makefile.am
View File

@ -3,7 +3,9 @@
MAINTAINERCLEANFILES = Makefile.in
EXTRA_DIST = Makefile.mak
if ENABLE_OPENSSL
noinst_LTLIBRARIES = libsm.la
endif
noinst_HEADERS = sm-common.h
AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS)

5
src/libsm/Makefile.mak
View File

@ -1,5 +1,6 @@
TOPDIR = ..\..
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
TARGET = libsm.lib
OBJECTS = sm-common.obj
@ -9,3 +10,7 @@ $(TARGET): $(OBJECTS)
lib $(LIBFLAGS) /out:$(TARGET) $(OBJECTS)
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
!ELSE
all:
!ENDIF

44
src/minidriver/minidriver.c
View File

@ -118,7 +118,6 @@ HINSTANCE g_inst;
#define MAGIC_SESSION_PIN "opensc-minidriver"
struct md_directory {
unsigned char parent[9];
unsigned char name[9];
CARD_DIRECTORY_ACCESS_CONDITION acl;
@ -130,7 +129,6 @@ struct md_directory {
};
struct md_file {
unsigned char parent[9];
unsigned char name[9];
CARD_FILE_ACCESS_CONDITION acl;
@ -680,7 +678,8 @@ md_fs_find_directory(PCARD_DATA pCardData, struct md_directory *parent, char *na
else {
dir = parent->subdirs;
while(dir) {
if (!strcmp(dir->name, name))
if (strlen(name) > sizeof dir->name
|| !strncmp(dir->name, name, sizeof dir->name))
break;
dir = dir->next;
}
@ -760,7 +759,8 @@ md_fs_find_file(PCARD_DATA pCardData, char *parent, char *name, struct md_file *
}
for (file = dir->files; file!=NULL;) {
if (!strcmp(file->name, name))
if (sizeof file->name < strlen(name)
|| !strncmp(file->name, name, sizeof file->name))
break;
file = file->next;
}
@ -865,7 +865,8 @@ md_fs_delete_file(PCARD_DATA pCardData, char *parent, char *name)
return SCARD_E_FILE_NOT_FOUND;
}
if (!strcmp(dir->files->name, name)) {
if (sizeof dir->files->name < strlen(name)
|| !strncmp(dir->files->name, name, sizeof dir->files->name)) {
file_to_rm = dir->files;
dir->files = dir->files->next;
md_fs_free_file(pCardData, file_to_rm);
@ -875,7 +876,8 @@ md_fs_delete_file(PCARD_DATA pCardData, char *parent, char *name)
for (file = dir->files; file!=NULL; file = file->next) {
if (!file->next)
break;
if (!strcmp(file->next->name, name)) {
if (sizeof file->next->name < strlen(name)
|| !strncmp(file->next->name, name, sizeof file->next->name)) {
file_to_rm = file->next;
file->next = file->next->next;
md_fs_free_file(pCardData, file_to_rm);
@ -978,8 +980,8 @@ md_pkcs15_update_containers(PCARD_DATA pCardData, unsigned char *blob, size_t si
cont->flags = pp->bFlags;
cont->size_sign = pp->wSigKeySizeBits;
cont->size_key_exchange = pp->wKeyExchangeKeySizeBits;
logprintf(pCardData, 3, "update P15 containers: touch container (idx:%i,id:%s,guid:%s,flags:%X)\n",
idx, sc_pkcs15_print_id(&cont->id),cont->guid,cont->flags);
logprintf(pCardData, 3, "update P15 containers: touch container (idx:%i,id:%s,guid:%.*s,flags:%X)\n",
idx, sc_pkcs15_print_id(&cont->id),(int)sizeof cont->guid,cont->guid,cont->flags);
}
}
@ -1002,7 +1004,7 @@ md_pkcs15_update_container_from_do(PCARD_DATA pCardData, struct sc_pkcs15_object
rv = sc_pkcs15_read_data_object(vs->p15card, (struct sc_pkcs15_data_info *)dobj->data, &ddata);
if (rv) {
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%s') returned %i\n", dobj->label, rv);
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%.*s') returned %i\n", (int) sizeof dobj->label, dobj->label, rv);
return SCARD_F_INTERNAL_ERROR;
}
@ -1060,7 +1062,7 @@ md_pkcs15_default_container_from_do(PCARD_DATA pCardData, struct sc_pkcs15_objec
rv = sc_pkcs15_read_data_object(vs->p15card, (struct sc_pkcs15_data_info *)dobj->data, &ddata);
if (rv) {
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%s') returned %i\n", dobj->label, rv);
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%.*s') returned %i\n", (int) sizeof dobj->label, dobj->label, rv);
return SCARD_F_INTERNAL_ERROR;
}
@ -1102,7 +1104,7 @@ md_pkcs15_delete_object(PCARD_DATA pCardData, struct sc_pkcs15_object *obj)
if (!obj)
return SCARD_S_SUCCESS;
logprintf(pCardData, 3, "MdDeleteObject('%s',type:0x%X) called\n", obj->label, obj->type);
logprintf(pCardData, 3, "MdDeleteObject('%.*s',type:0x%X) called\n", (int) sizeof obj->label, obj->label, obj->type);
rv = sc_lock(card);
if (rv) {
@ -1550,7 +1552,7 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
cont->size_key_exchange = prkey_info->field_length;
}
logprintf(pCardData, 7, "Container[%i]'s guid=%s\n", ii, cont->guid);
logprintf(pCardData, 7, "Container[%i]'s guid=%.*s\n", ii, (int) sizeof cont->guid, cont->guid);
logprintf(pCardData, 7, "Container[%i]'s key-exchange:%i, sign:%i\n", ii, cont->size_key_exchange, cont->size_sign);
cont->id = prkey_info->id;
@ -1558,10 +1560,10 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
/* Try to find the friend objects: certficate and public key */
if (!sc_pkcs15_find_cert_by_id(vs->p15card, &cont->id, &cont->cert_obj))
logprintf(pCardData, 2, "found certificate friend '%s'\n", cont->cert_obj->label);
logprintf(pCardData, 2, "found certificate friend '%.*s'\n", (int) sizeof cont->cert_obj->label, cont->cert_obj->label);
if (!sc_pkcs15_find_pubkey_by_id(vs->p15card, &cont->id, &cont->pubkey_obj))
logprintf(pCardData, 2, "found public key friend '%s'\n", cont->pubkey_obj->label);
logprintf(pCardData, 2, "found public key friend '%.*s'\n", (int) sizeof cont->pubkey_obj->label, cont->pubkey_obj->label);
}
if (conts_num) {
@ -1584,8 +1586,8 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
if (strcmp(dinfo->app_label, MD_DATA_APPLICAITON_NAME))
continue;
logprintf(pCardData, 2, "Found 'DATA' object '%s'\n", dobjs[ii]->label);
if (!strcmp(dobjs[ii]->label, MD_DATA_DEFAULT_CONT_LABEL)) {
logprintf(pCardData, 2, "Found 'DATA' object '%.*s'\n", (int) sizeof dobjs[ii]->label, dobjs[ii]->label);
if (!strncmp(dobjs[ii]->label, MD_DATA_DEFAULT_CONT_LABEL, sizeof dobjs[ii]->label)) {
default_cont = dobjs[ii];
continue;
}
@ -2039,8 +2041,8 @@ md_pkcs15_generate_key(PCARD_DATA pCardData, DWORD idx, DWORD key_type, DWORD ke
cont->index = idx;
cont->flags = CONTAINER_MAP_VALID_CONTAINER;
logprintf(pCardData, 3, "MdGenerateKey(): generated key(idx:%i,id:%s,guid:%s)\n",
idx, sc_pkcs15_print_id(&cont->id),cont->guid);
logprintf(pCardData, 3, "MdGenerateKey(): generated key(idx:%i,id:%s,guid:%.*s)\n",
idx, sc_pkcs15_print_id(&cont->id),(int) sizeof cont->guid, cont->guid);
dwret = SCARD_S_SUCCESS;
done:
@ -2171,7 +2173,7 @@ md_pkcs15_store_key(PCARD_DATA pCardData, DWORD idx, DWORD key_type, BYTE *blob,
cont->index = idx;
cont->flags |= CONTAINER_MAP_VALID_CONTAINER;
logprintf(pCardData, 3, "MdStoreKey(): stored key(idx:%i,id:%s,guid:%s)\n", idx, sc_pkcs15_print_id(&cont->id),cont->guid);
logprintf(pCardData, 3, "MdStoreKey(): stored key(idx:%i,id:%s,guid:%.*s)\n", idx, sc_pkcs15_print_id(&cont->id),(int) sizeof cont->guid,cont->guid);
dwret = SCARD_S_SUCCESS;
done:
@ -2812,7 +2814,7 @@ DWORD WINAPI CardGetContainerInfo(__in PCARD_DATA pCardData, __in BYTE bContaine
if (!pubkey_der.value && cont->pubkey_obj) {
struct sc_pkcs15_pubkey *pubkey = NULL;
logprintf(pCardData, 1, "now read public key '%s'\n", cont->pubkey_obj->label);
logprintf(pCardData, 1, "now read public key '%.*s'\n", (int) sizeof cont->pubkey_obj->label, cont->pubkey_obj->label);
rv = sc_pkcs15_read_pubkey(vs->p15card, cont->pubkey_obj, &pubkey);
if (!rv) {
rv = sc_pkcs15_encode_pubkey(vs->ctx, pubkey, &pubkey_der.value, &pubkey_der.len);
@ -2836,7 +2838,7 @@ DWORD WINAPI CardGetContainerInfo(__in PCARD_DATA pCardData, __in BYTE bContaine
if (!pubkey_der.value && cont->cert_obj) {
struct sc_pkcs15_cert *cert = NULL;
logprintf(pCardData, 1, "now read certificate '%s'\n", cont->cert_obj->label);
logprintf(pCardData, 1, "now read certificate '%.*s'\n", (int) sizeof cont->cert_obj->label, cont->cert_obj->label);
rv = sc_pkcs15_read_certificate(vs->p15card, (struct sc_pkcs15_cert_info *)(cont->cert_obj->data), &cert);
if(!rv) {
rv = sc_pkcs15_encode_pubkey(vs->ctx, cert->key, &pubkey_der.value, &pubkey_der.len);

36
src/pkcs11/framework-pkcs15.c
View File

@ -967,7 +967,7 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
}
else {
if (auth->label[0])
snprintf(label, sizeof(label), "%s (%s)", p15card->tokeninfo->label, auth->label);
snprintf(label, sizeof(label), "%s (%.*s)", p15card->tokeninfo->label, (int) sizeof auth->label, auth->label);
else
snprintf(label, sizeof(label), "%s", p15card->tokeninfo->label);
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
@ -1156,7 +1156,7 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
unsigned i;
sc_log(context, "Add objects related to PIN('%s',ID:%s)", pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id));
sc_log(context, "Add objects related to PIN('%.*s',ID:%s)", (int) sizeof pin_obj->label, pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id));
for (i=0; i < fw_data->num_objects; i++) {
struct pkcs15_any_object *obj = fw_data->objects[i];
@ -1167,7 +1167,7 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
* not private. Just ignore those... */
if (!(obj->p15_object->flags & SC_PKCS15_CO_FLAG_PRIVATE))
continue;
sc_log(context, "ObjID(%p,%s,%x):%s", obj, obj->p15_object->label,
sc_log(context, "ObjID(%p,%.*s,%x):%s", obj, (int) sizeof obj->p15_object->label, obj->p15_object->label,
obj->p15_object->type, sc_pkcs15_print_id(&obj->p15_object->auth_id));
if (!sc_pkcs15_compare_id(&pin_info->auth_id, &obj->p15_object->auth_id)) {
sc_log(context, "Ignoring object %d", i);
@ -1175,15 +1175,15 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
}
if (is_privkey(obj)) {
sc_log(context, "Slot:%p, obj:%p Adding private key %d to PIN '%s'", slot, obj, i, pin_obj->label);
sc_log(context, "Slot:%p, obj:%p Adding private key %d to PIN '%.*s'", slot, obj, i, (int) sizeof pin_obj->label, pin_obj->label);
pkcs15_add_object(slot, obj, NULL);
}
else if (is_data(obj)) {
sc_log(context, "Slot:%p Adding data object %d to PIN '%s'", slot, i, pin_obj->label);
sc_log(context, "Slot:%p Adding data object %d to PIN '%.*s'", slot, i, (int) sizeof pin_obj->label, pin_obj->label);
pkcs15_add_object(slot, obj, NULL);
}
else if (is_cert(obj)) {
sc_log(context, "Slot:%p Adding cert object %d to PIN '%s'", slot, i, pin_obj->label);
sc_log(context, "Slot:%p Adding cert object %d to PIN '%.*s'", slot, i, (int) sizeof pin_obj->label, pin_obj->label);
pkcs15_add_object(slot, obj, NULL);
}
else {
@ -1233,7 +1233,7 @@ _add_public_objects(struct sc_pkcs11_slot *slot, struct pkcs15_fw_data *fw_data,
if (obj->p15_object->auth_id.len && !(is_pubkey(obj) || is_cert(obj)))
continue;
sc_log(context, "Add public object(%p,%s,%x)", obj, obj->p15_object->label, obj->p15_object->type);
sc_log(context, "Add public object(%p,%.*s,%x)", obj, (int) sizeof obj->p15_object->label, obj->p15_object->label, obj->p15_object->type);
pkcs15_add_object(slot, obj, NULL);
if (move_to_fw && move_to_fw != fw_data && move_to_fw->num_objects < MAX_OBJECTS) {
@ -1306,7 +1306,7 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
/* Check if a slot could be created with this PIN */
if (!_is_slot_auth_object(pin_info))
continue;
sc_log(context, "Found authentication object '%s'", auths[i]->label);
sc_log(context, "Found authentication object '%.*s'", (int) sizeof auths[i]->label, auths[i]->label);
rv = pkcs15_create_slot(p11card, fw_data, auths[i], app_info, &islot);
if (rv != CKR_OK)
@ -1337,13 +1337,13 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
sc_log(context, "User/Sign PINs %p/%p", auth_user_pin, auth_sign_pin);
if (fauo && auth_user_pin && !memcmp(fauo->data, auth_user_pin->data, sizeof(struct sc_pkcs15_auth_info))) {
/* Add objects from the non-first application to the FW data of the first slot */
sc_log(context, "Add objects to existing slot created for PIN '%s'", fauo->label);
sc_log(context, "Add objects to existing slot created for PIN '%.*s'", (int) sizeof fauo->label, fauo->label);
_add_pin_related_objects(*first_slot, fauo, fw_data, ffda);
slot = *first_slot;
}
else if (auth_user_pin) {
/* For the UserPIN of the first slot create slot */
sc_log(context, "Create slot for User PIN '%s'", auth_user_pin->label);
sc_log(context, "Create slot for User PIN '%.*s'", (int) sizeof auth_user_pin->label, auth_user_pin->label);
rv = pkcs15_create_slot(p11card, fw_data, auth_user_pin, app_info, &slot);
if (rv != CKR_OK)
return CKR_OK; /* no more slots available for this card */
@ -1355,7 +1355,7 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
if (auth_sign_pin && auth_user_pin) {
struct sc_pkcs11_slot *sign_slot = NULL;
sc_log(context, "Create slot for Sign PIN '%s'", auth_sign_pin->label);
sc_log(context, "Create slot for Sign PIN '%.*s'", (int) sizeof auth_sign_pin->label, auth_sign_pin->label);
rv = pkcs15_create_slot(p11card, fw_data, auth_sign_pin, app_info, &sign_slot);
if (rv != CKR_OK)
return CKR_OK; /* no more slots available for this card */
@ -1641,7 +1641,7 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot,
if (!auth_info)
return CKR_USER_PIN_NOT_INITIALIZED;
sc_log(context, "Change '%s' (ref:%i,type:%i)", pin_obj->label, auth_info->attrs.pin.reference, login_user);
sc_log(context, "Change '%.*s' (ref:%i,type:%i)", (int) sizeof pin_obj->label, pin_obj->label, auth_info->attrs.pin.reference, login_user);
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
/* pPin should be NULL in case of a pin pad reader, but
* some apps (e.g. older Netscapes) don't know about it.
@ -3151,7 +3151,7 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
*(CK_BBOOL*)attr->pValue = FALSE;
break;
case CKA_LABEL:
len = strlen(cert->cert_p15obj->label);
len = strnlen(cert->cert_p15obj->label, sizeof cert->cert_p15obj->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, cert->cert_p15obj->label, len);
break;
@ -3420,7 +3420,7 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
*(CK_BBOOL*)attr->pValue = FALSE;
break;
case CKA_LABEL:
len = strlen(prkey->prv_p15obj->label);
len = strnlen(prkey->prv_p15obj->label, sizeof prkey->prv_p15obj->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, prkey->prv_p15obj->label, len);
break;
@ -3904,12 +3904,12 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
break;
case CKA_LABEL:
if (pubkey->pub_p15obj) {
len = strlen(pubkey->pub_p15obj->label);
len = strnlen(pubkey->pub_p15obj->label, sizeof pubkey->pub_p15obj->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, pubkey->pub_p15obj->label, len);
}
else if (cert && cert->cert_p15obj) {
len = strlen(cert->cert_p15obj->label);
len = strnlen(cert->cert_p15obj->label, sizeof cert->cert_p15obj->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, cert->cert_p15obj->label, len);
}
@ -4127,7 +4127,7 @@ pkcs15_dobj_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
*(CK_BBOOL*)attr->pValue = (dobj->base.p15_object->flags & 0x02) != 0;
break;
case CKA_LABEL:
len = strlen(dobj->base.p15_object->label);
len = strnlen(dobj->base.p15_object->label, sizeof dobj->base.p15_object->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, dobj->base.p15_object->label, len);
break;
@ -4262,7 +4262,7 @@ pkcs15_skey_get_attribute(struct sc_pkcs11_session *session,
/*TODO Why no definition of the flag */
break;
case CKA_LABEL:
len = strlen(skey->base.p15_object->label);
len = strnlen(skey->base.p15_object->label, sizeof skey->base.p15_object->label);
check_attribute_buffer(attr, len);
memcpy(attr->pValue, skey->base.p15_object->label, len);
break;

2
src/pkcs11/mechanism.c
View File

@ -1,7 +1,7 @@
/*
* Generic handling of PKCS11 mechanisms
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*/
#include "config.h"

2
src/pkcs11/misc.c
View File

@ -324,6 +324,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
}
conf->hide_empty_tokens = 1;
conf->lock_login = 0;
conf->init_sloppy = 1;
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
conf->create_puk_slot = 0;
conf->zero_ckaid_for_ca_certs = 0;
@ -339,6 +340,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
conf->init_sloppy = scconf_get_bool(conf_block, "init_sloppy", conf->init_sloppy);
unblock_style = (char *)scconf_get_str(conf_block, "user_pin_unblock_style", NULL);
if (unblock_style && !strcmp(unblock_style, "set_pin_in_unlogged_session"))

2
src/pkcs11/openssl.c
View File

@ -2,7 +2,7 @@
* OpenSSL helper functions, e.g. for implementing MD5 support
* et al
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*/
#include "config.h"

14
src/pkcs11/pkcs11-global.c
View File

@ -473,6 +473,7 @@ static sc_timestamp_t get_current_time(void)
CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
{
struct sc_pkcs11_slot *slot;
unsigned int uninit_slotcount;
sc_timestamp_t now;
CK_RV rv;
@ -485,6 +486,19 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
sc_log(context, "C_GetSlotInfo(0x%lx)", slotID);
if (sc_pkcs11_conf.plug_and_play)
uninit_slotcount = 1;
else
uninit_slotcount = 0;
if (sc_pkcs11_conf.init_sloppy && uninit_slotcount <= list_size(&virtual_slots)) {
/* Most likely virtual_slots only contains the hotplug slot and has not
* been initialized because the caller has *not* called C_GetSlotList
* before C_GetSlotInfo, as required by PKCS#11. Initialize
* virtual_slots to make things work and hope the caller knows what
* it's doing... */
card_detect_all();
}
rv = slot_get_slot(slotID, &slot);
sc_log(context, "C_GetSlotInfo() get slot rv %i", rv);
if (rv == CKR_OK) {

1
src/pkcs11/sc-pkcs11.h
View File

@ -78,6 +78,7 @@ struct sc_pkcs11_config {
unsigned int slots_per_card;
unsigned char hide_empty_tokens;
unsigned char lock_login;
unsigned char init_sloppy;
unsigned int pin_unblock_style;
unsigned int create_puk_slot;
unsigned int zero_ckaid_for_ca_certs;

2
src/pkcs15init/pkcs15-cardos.c
View File

@ -2,7 +2,7 @@
* CardOS specific operation for PKCS15 initialization
*
* Copyright (C) 2005 Nils Larsch <nils@larsch.net>
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

37
src/pkcs15init/pkcs15-epass2003.c
View File

@ -499,7 +499,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
/* allocate key object */
r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, &file);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"create key: failed to allocate new key object");
file->size = keybits;
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "private key path: %s",
@ -509,13 +509,13 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
r = sc_pkcs15init_authenticate(profile, p15card, file,
SC_AC_OP_DELETE);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
r = sc_delete_file(p15card->card, &file->path);
/* create */
r = sc_pkcs15init_create_file(profile, p15card, file);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"create key: failed to create key file");
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
@ -523,33 +523,32 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
"Unsupported key size %u\n", keybits);
return SC_ERROR_INVALID_ARGUMENTS;
r = SC_ERROR_INVALID_ARGUMENTS;
goto err;
}
path = key_info->path;
path.len -= 2;
r = sc_select_file(card, &path, &tfile);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key: no private object DF");
r = sc_pkcs15init_authenticate(profile, p15card, tfile,
SC_AC_OP_CRYPTO);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key: pkcs15init_authenticate(SC_AC_OP_CRYPTO) failed");
r = sc_pkcs15init_authenticate(profile, p15card, tfile,
SC_AC_OP_CREATE);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key: pkcs15init_authenticate(SC_AC_OP_CREATE) failed");
sc_file_free(tfile);
if ((r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, idx,
&pukf)) < 0) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
"generate key: create temporary pukf failed\n");
goto failed;
goto err;
}
pukf->size = keybits;
pukf->id = pukf->path.value[pukf->path.len - 2] * 0x100
@ -565,14 +564,14 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
if (r == SC_SUCCESS) {
r = sc_pkcs15init_authenticate(profile, p15card, pukf,
SC_AC_OP_DELETE);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
r = sc_pkcs15init_delete_by_path(profile, p15card, &pukf->path);
if (r != SC_SUCCESS) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
"generate key: failed to delete existing key file\n");
goto failed;
goto err;
}
}
/* create */
@ -580,12 +579,12 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
if (r != SC_SUCCESS) {
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
"generate key: pukf create file failed\n");
goto failed;
goto err;
}
r = sc_pkcs15init_authenticate(profile, p15card, pukf,
SC_AC_OP_UPDATE);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_UPDATE) failed");
/* generate key pair */
@ -597,7 +596,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
gendat.key_length = keybits;
gendat.modulus = NULL;
r = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_GENERATE_KEY, &gendat);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
"generate RSA key pair failed");
/* get the modulus */
@ -611,7 +610,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
buf = (u8 *) malloc(3);
if (!buf) {
r = SC_ERROR_OUT_OF_MEMORY;
goto failed;
goto err;
}
buf[0] = 0x01;
buf[1] = 0x00;
@ -624,9 +623,13 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
/* free public key */
free(gendat.modulus);
failed:
err:
if (pukf)
sc_file_free(pukf);
if (file)
sc_file_free(file);
if (tfile)
sc_file_free(tfile);
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
}

2
src/pkcs15init/pkcs15-gpk.c
View File

@ -1,7 +1,7 @@
/*
* GPK specific operation for PKCS15 initialization
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

2
src/pkcs15init/pkcs15-incrypto34.c
View File

@ -2,7 +2,7 @@
* Incrypto34 specific operation for PKCS15 initialization
*
* Copyright (C) 2005 ST Incard srl, Giuseppe Amato <giuseppe dot amato at st dot com>
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

2
src/pkcs15init/pkcs15-init.h
View File

@ -1,7 +1,7 @@
/*
* Function prototypes for pkcs15-init
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*/
#ifndef PKCS15_INIT_H

2
src/pkcs15init/pkcs15-jcop.c
View File

@ -2,7 +2,7 @@
* JCOP specific operation for PKCS15 initialization
*
* Copyright 2003 Chaskiel Grundman <cg2v@andrew.cmu.edu>
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

23
src/pkcs15init/pkcs15-lib.c
View File

@ -12,7 +12,7 @@
* a generic implementation; that is how PINs and keys are stored
* on the card. These should be implemented in pkcs15-<cardname>.c
*
* Copyright (C) 2002, Olaf Kirch <okir@lst.de>
* Copyright (C) 2002, Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -727,10 +727,6 @@ sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
if (aid) {
sc_log(ctx, "finalize profile for AID %s", sc_dump_hex(aid->value, aid->len));
app = sc_find_app(card, aid);
if (!app) {
sc_log(ctx, "Cannot find oncard application");
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
}
}
else if (card->app_count == 1) {
app = card->app[0];
@ -813,7 +809,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
* but not yet written into the on-card PKCS#15.
*/
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
sc_log(ctx, "Add virtual SO_PIN('%.*s',flags:%X,reference:%i,path:'%s')", (int) sizeof pin_obj->label, pin_obj->label,
pin_attrs->flags, pin_attrs->reference, sc_print_path(&pin_ainfo.path));
r = sc_pkcs15_add_object(p15card, pin_obj);
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
@ -1009,7 +1005,7 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profi
auth_info->auth_id = args->auth_id;
/* Now store the PINs */
sc_log(ctx, "Store PIN(%s,authID:%s)", pin_obj->label, sc_pkcs15_print_id(&auth_info->auth_id));
sc_log(ctx, "Store PIN(%.*s,authID:%s)", (int) sizeof pin_obj->label, pin_obj->label, sc_pkcs15_print_id(&auth_info->auth_id));
r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args);
if (r < 0)
sc_pkcs15_free_object(pin_obj);
@ -1683,7 +1679,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
cert_info->path = existing_path;
}
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
sc_log(ctx, "Store cert(%.*s,ID:%s,der(%p,%i))", (int) sizeof object->label, object->label,
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
if (!profile->pkcs15.direct_certificates)
@ -1832,8 +1828,8 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
sc_log(ctx, "check PIN(%.*s,auth_method:%i,type:%i,reference:%i,flags:%X)",
(int) sizeof auth_objs[ii]->label, auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
pin_attrs->reference, pin_attrs->flags);
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
if (auth_info->auth_method == auth_method && pin_attrs->reference == reference)
@ -2332,6 +2328,8 @@ sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_prof
break;
default:
sc_log(ctx, "Unsupported ID style: %i", id_style);
if (allocated)
sc_pkcs15_free_pubkey(pubkey);
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported ID style");
}
@ -3310,11 +3308,11 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
if (!r && pin_obj) {
memcpy(&auth_info, pin_obj->data, sizeof(auth_info));
sc_log(ctx, "found PIN object '%s'", pin_obj->label);
sc_log(ctx, "found PIN object '%.*s'", (int) sizeof pin_obj->label, pin_obj->label);
}
if (pin_obj) {
sc_log(ctx, "PIN object '%s'; pin_obj->content.len:%i", pin_obj->label, pin_obj->content.len);
sc_log(ctx, "PIN object '%.*s'; pin_obj->content.len:%i", (int) sizeof pin_obj->label, pin_obj->label, pin_obj->content.len);
if (pin_obj->content.value && pin_obj->content.len) {
if (pin_obj->content.len > pinsize)
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "PIN buffer is too small");
@ -3410,6 +3408,7 @@ sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p1
int r = 0;
LOG_FUNC_CALLED(ctx);
assert(file != NULL);
sc_log(ctx, "path '%s', op=%u", sc_print_path(&file->path), op);
if (p15card->card->caps & SC_CARD_CAP_USE_FCI_AC) {

44
src/pkcs15init/pkcs15-oberthur.c
View File

@ -76,15 +76,21 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() label '%s'; flags 0x%X", label, flags);
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Cannot find "COSM_TITLE"-token-info");
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file)) {
rv = SC_ERROR_INCONSISTENT_PROFILE;
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot find "COSM_TITLE"-token-info");
}
if (file->size < 16)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Unsufficient size of the "COSM_TITLE"-token-info file");
if (file->size < 16) {
rv = SC_ERROR_INCONSISTENT_PROFILE;
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Unsufficient size of the "COSM_TITLE"-token-info file");
}
buffer = calloc(1, file->size);
if (!buffer)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Allocation error in cosm_write_tokeninfo()");
if (!buffer) {
rv = SC_ERROR_OUT_OF_MEMORY;
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Allocation error in cosm_write_tokeninfo()");
}
if (label)
strncpy(buffer, label, file->size - 4);
@ -109,6 +115,9 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
if (rv > 0)
rv = 0;
err:
if (file)
sc_file_free(file);
free(buffer);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
}
@ -427,7 +436,7 @@ cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
pin_attrs = &auth_info->attrs.pin;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%s'; ref 0x%X; flags %X", pin_obj->label, pin_attrs->reference, pin_attrs->flags);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%.*s'; ref 0x%X; flags %X", (int) sizeof pin_obj->label, pin_obj->label, pin_attrs->reference, pin_attrs->flags);
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pin_file) < 0)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "\""COSM_TITLE"-AppDF\" not defined");
@ -574,6 +583,8 @@ cosm_get_temporary_public_key_file(struct sc_card *card,
rv = sc_file_add_acl_entry(file, SC_AC_OP_PSO_VERIFY_SIGNATURE, SC_AC_NONE, 0);
if (!rv)
rv = sc_file_add_acl_entry(file, SC_AC_OP_EXTERNAL_AUTHENTICATE, SC_AC_NONE, 0);
if (rv < 0)
sc_file_free(file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add ACL entry to the temporary public key file");
*pubkey_file = file;
@ -696,18 +707,20 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
rv = sc_select_file(p15card->card, &file->path, NULL);
if (rv == 0) {
rv = cosm_delete_file(p15card, profile, file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to delete private key file");
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to delete private key file");
}
else if (rv != SC_ERROR_FILE_NOT_FOUND) {
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
}
rv = sc_pkcs15init_create_file(profile, p15card, file);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
key_info->key_reference = file->path.value[file->path.len - 1];
sc_file_free(file);
err:
if (file)
sc_file_free(file);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
}
@ -781,11 +794,11 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
SC_FUNC_CALLED(ctx, 1);
switch(op) {
case SC_AC_OP_ERASE:
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%s',type:%X)", object->label, object->type);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%.*s',type:%X)", (int) sizeof object->label, object->label, object->type);
rv = awp_update_df_delete(p15card, profile, object);
break;
case SC_AC_OP_CREATE:
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; create object('%s',type:%X)", object->label, object->type);
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; create object('%.*s',type:%X)", (int) sizeof object->label, object->label, object->type);
rv = awp_update_df_create(p15card, profile, object);
break;
}
@ -808,8 +821,10 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "cannot find "COSM_TITLE"-token-info");
buf = calloc(1, file->size);
if (!buf)
if (!buf) {
sc_file_free(file);
SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY);
}
label_len = strlen(tinfo->label) > (file->size - 4) ? (file->size - 4) : strlen(tinfo->label);
memcpy(buf, tinfo->label, label_len);
@ -830,6 +845,7 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update token info (label:'%s',flags:%X,p15card->flags:%X)", buf, flags, p15card->flags);
rv = sc_pkcs15init_update_file(profile, p15card, file, buf, file->size);
free(buf);
sc_file_free(file);
if (rv > 0)
rv = 0;

4
src/pkcs15init/pkcs15-sc-hsm.c
View File

@ -260,8 +260,8 @@ static int sc_hsm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card
memset(&cvc, 0, sizeof(cvc));
strcpy(cvc.car, "UTCA00001");
strcpy(cvc.chr, "UTTM00001");
strlcpy(cvc.car, "UTCA00001", sizeof cvc.car);
strlcpy(cvc.chr, "UTTM00001", sizeof cvc.chr);
switch(object->type) {
case SC_PKCS15_TYPE_PRKEY_RSA:

2
src/pkcs15init/profile.c
View File

@ -1,7 +1,7 @@
/*
* Initialize Cards according to PKCS#15
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

2
src/pkcs15init/profile.h
View File

@ -1,7 +1,7 @@
/*
* Card profile information (internal)
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*/
#ifndef _OPENSC_PROFILE_H

59
src/pkcs15init/sc-hsm.profile
View File

@ -5,65 +5,16 @@ cardinfo {
label = "SmartCard-HSM";
manufacturer = "CardContact";
max-pin-length = 16;
max-pin-length = 15;
min-pin-length = 6;
pin-encoding = ascii-numeric;
}
# Default settings.
# This option block will always be processed.
option default {
macros {
protected = *=$SOPIN, READ=NONE;
unprotected = *=NONE;
so-pin-flags = local, initialized, soPin;
so-min-pin-length = 8;
so-pin-attempts = 3;
so-auth-id = 3;
odf-size = 256;
aodf-size = 256;
cdf-size = 512;
prkdf-size = 256;
pukdf-size = 256;
dodf-size = 256;
}
}
filesystem {
DF MF {
path = 3F00;
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
# This is the DIR file
EF DIR {
type = EF;
file-id = 2F00;
acl = *=NONE;
}
# Here comes the application DF
DF PKCS15-AppDF {
type = DF;
exclusive-aid = E8:2B:06:01:04:01:81:C3:1F:02:01;
acl = *=NONE;
EF PKCS15-TokenInfo {
ACL = $unprotected;
}
EF PKCS15-PrKDF {
size = $prkdf-size;
acl = $protected;
}
EF PKCS15-PuKDF {
size = $pukdf-size;
acl = $protected;
}
EF PKCS15-CDF {
acl = $unprotected;
}
}
exclusive-aid = E8:2B:06:01:04:01:81:C3:1F:02:01;
acl = *=NONE;
}
}

2
src/smm/Makefile.am
View File

@ -10,7 +10,9 @@ LIBS = $(top_builddir)/src/libsm/libsm.la \
$(top_builddir)/src/libopensc/libopensc.la \
$(top_builddir)/src/common/libcompat.la
if ENABLE_OPENSSL
lib_LTLIBRARIES = libsmm-local.la
endif
libsmm_local_la_SOURCES = smm-local.c sm-module.h \
sm-global-platform.c sm-cwa14890.c \

5
src/smm/Makefile.mak
View File

@ -1,5 +1,6 @@
TOPDIR = ..\..
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
TARGET = smm-local.dll
OBJECTS = smm-local.obj sm-global-platform.obj sm-cwa14890.obj sm-card-iasecc.obj sm-card-authentic.obj
@ -17,3 +18,7 @@ $(TARGET): $(OBJECTS) ..\libsm\libsm.lib ..\libopensc\opensc.lib
.c.obj:
cl $(COPTS) /c $<
!ELSE
all:
!ENDIF

4
src/tests/pintest.c
View File

@ -60,11 +60,11 @@ static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
u8 *pass;
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
printf("Skipping unblocking pin [%s]\n", pin_obj->label);
printf("Skipping unblocking pin [%.*s]\n", (int) sizeof pin_obj->label, pin_obj->label);
return 0;
}
sprintf(prompt, "Please enter PIN code [%s]: ", pin_obj->label);
sprintf(prompt, "Please enter PIN code [%.*s]: ", (int) sizeof pin_obj->label, pin_obj->label);
pass = (u8 *) getpass(prompt);
if (SC_SUCCESS != sc_lock(card))

2
src/tests/print.c
View File

@ -260,7 +260,7 @@ void sc_test_print_object(const struct sc_pkcs15_object *obj)
printf("%s", kind);
if (obj->label[0])
printf(" [%s]\n", obj->label);
printf(" [%.*s]\n", (int) sizeof obj->label, obj->label);
else
printf(" (no label)\n");
printf("\tCom. Flags : ");

3
src/tools/Makefile.mak
View File

@ -3,8 +3,7 @@ TOPDIR = ..\..
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
TARGETS = opensc-tool.exe opensc-explorer.exe pkcs15-tool.exe pkcs15-crypt.exe \
pkcs11-tool.exe cardos-tool.exe eidenv.exe sc-hsm-tool.exe openpgp-tool.exe dnie-tool.exe \
iasecc-tool.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe westcos-tool.exe \
pkcs11-tool.exe cardos-tool.exe eidenv.exe openpgp-tool.exe iasecc-tool.exe \
$(PROGRAMS_OPENSSL)
$(TARGETS): versioninfo-tools.res util.obj

5
src/tools/openpgp-tool.c
View File

@ -130,8 +130,8 @@ static const char *option_help[] = {
/* E */ "Erase (reset) the card",
"Verify PIN (CHV1, CHV2, CHV3...)",
"PIN string",
"Delete key (1, 2, 3 or all)"
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)"
"Delete key (1, 2, 3 or all)",
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)",
};
static const struct ef_name_map openpgp_data[] = {
@ -315,6 +315,7 @@ static int decode_options(int argc, char **argv)
key_id = optarg[0] - '0';
else /* Arg string is 'all' */
key_id = 'a';
break;
case 'd':
do_dump_idx = optarg[0] - '0';
opt_dump_do++;

50
src/tools/piv-tool.c
View File

@ -104,41 +104,41 @@ static EVP_PKEY * evpkey = NULL;
static int load_object(const char * object_id, const char * object_file)
{
FILE *fp;
FILE *fp = NULL;
sc_path_t path;
size_t derlen;
u8 *der = NULL;
u8 *body;
size_t bodylen;
int r;
int r = -1;
struct stat stat_buf;
if(!object_file || (fp=fopen(object_file, "r")) == NULL){
printf("Cannot open object file, %s %s\n",
(object_file)?object_file:"", strerror(errno));
return -1;
goto err;
}
if (0 != stat(object_file, &stat_buf)) {
printf("unable to read file %s\n",object_file);
return -1;
goto err;
}
derlen = stat_buf.st_size;
der = malloc(derlen);
if (der == NULL) {
printf("file %s is too big, %lu\n",
object_file, (unsigned long)derlen);
return-1 ;
goto err;
}
if (1 != fread(der, derlen, 1, fp)) {
printf("unable to read file %s\n",object_file);
return -1;
goto err;
}
/* check if tag and length are valid */
body = (u8 *)sc_asn1_find_tag(card->ctx, der, derlen, 0x53, &bodylen);
if (body == NULL || derlen != body - der + bodylen) {
fprintf(stderr, "object tag or length not valid\n");
return -1;
goto err;
}
sc_format_path(object_id, &path);
@ -146,11 +146,17 @@ static int load_object(const char * object_id, const char * object_file)
r = sc_select_file(card, &path, NULL);
if (r < 0) {
fprintf(stderr, "select file failed\n");
return -1;
r = -1;
goto err;
}
/* leave 8 bits for flags, and pass in total length */
r = sc_write_binary(card, 0, der, derlen, derlen<<8);
err:
free(der);
if (fp)
fclose(fp);
return r;
}
@ -159,49 +165,49 @@ static int load_cert(const char * cert_id, const char * cert_file,
int compress)
{
X509 * cert = NULL;
FILE *fp;
FILE *fp = NULL;
u8 buf[1];
size_t buflen = 1;
sc_path_t path;
u8 *der = NULL;
u8 *p;
size_t derlen;
int r;
int r = -1;
if (!cert_file) {
printf("Missing cert file\n");
return -1;
goto err;
}
if((fp=fopen(cert_file, "r"))==NULL){
printf("Cannot open cert file, %s %s\n",
cert_file, strerror(errno));
return -1;
goto err;
}
if (compress) { /* file is gziped already */
struct stat stat_buf;
if (0 != stat(cert_file, &stat_buf)) {
printf("unable to read file %s\n",cert_file);
return -1;
goto err;
}
derlen = stat_buf.st_size;
der = malloc(derlen);
if (der == NULL) {
printf("file %s is too big, %lu\n",
cert_file, (unsigned long)derlen);
return -1 ;
goto err;
}
if (1 != fread(der, derlen, 1, fp)) {
printf("unable to read file %s\n",cert_file);
return -1;
goto err;
}
} else {
cert = PEM_read_X509(fp, &cert, NULL, NULL);
if(cert == NULL){
printf("file %s does not conatin PEM-encoded certificate\n",
cert_file);
return -1 ;
goto err;
}
derlen = i2d_X509(cert, NULL);
@ -209,7 +215,6 @@ static int load_cert(const char * cert_id, const char * cert_file,
p = der;
i2d_X509(cert, &p);
}
fclose(fp);
sc_hex_to_bin(cert_id, buf,&buflen);
switch (buf[0]) {
@ -219,20 +224,25 @@ static int load_cert(const char * cert_id, const char * cert_file,
case 0x9e: sc_format_path("0500",&path); break;
default:
fprintf(stderr,"cert must be 9A, 9C, 9D or 9E\n");
return 2;
r = 2;
goto err;
}
r = sc_select_file(card, &path, NULL);
if (r < 0) {
fprintf(stderr, "select file failed\n");
return -1;
goto err;
}
/* we pass length and 8 bits of flag to card-piv.c write_binary */
/* pass in its a cert and if needs compress */
r = sc_write_binary(card, 0, der, derlen, (derlen<<8) | (compress<<4) | 1);
return r;
err:
free(der);
if (fp)
fclose(fp);
return r;
}
static int admin_mode(const char* admin_info)
{

2
src/tools/pkcs11-tool.c
View File

@ -1,7 +1,7 @@
/*
* pkcs11-tool.c: Tool for poking around pkcs11 modules/tokens
*
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public

2
src/tools/pkcs15-crypt.c
View File

@ -140,7 +140,7 @@ static char * get_pin(struct sc_pkcs15_object *obj)
return strdup(opt_pincode);
}
sprintf(buf, "Enter PIN [%s]: ", obj->label);
sprintf(buf, "Enter PIN [%.*s]: ", (int) sizeof obj->label, obj->label);
while (1) {
pincode = getpass(buf);
if (strlen(pincode) == 0)

6
src/tools/pkcs15-init.c
View File

@ -12,7 +12,7 @@
* a generic implementation; that is how PINs and keys are stored
* on the card. These should be implemented in pkcs15-<cardname>.c
*
* Copyright (C) 2002, Olaf Kirch <okir@lst.de>
* Copyright (C) 2002, Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -1015,7 +1015,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
if (!cinfo->authority)
continue;
if (strcmp(args->label, objs[i]->label))
if (strncmp(args->label, objs[i]->label, sizeof objs[i]->label))
continue;
/* XXX we should also match the usage field here */
@ -2852,7 +2852,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
if (opt_no_prompt)
return SC_ERROR_OBJECT_NOT_FOUND;
if (0 < strnlen(pin_obj->label, sizeof pin_obj->label))
if (pin_obj->label[0])
snprintf(pin_label, sizeof(pin_label), "User PIN [%s]", pin_obj->label);
else
snprintf(pin_label, sizeof(pin_label), "User PIN");

34
src/tools/pkcs15-tool.c
View File

@ -233,7 +233,7 @@ static void print_cert_info(const struct sc_pkcs15_object *obj)
struct sc_pkcs15_cert *cert_parsed = NULL;
int rv;
printf("X.509 Certificate [%s]\n", obj->label);
printf("X.509 Certificate [%.*s]\n", (int) sizeof obj->label, obj->label);
print_common_flags(obj);
printf("\tAuthority : %s\n", cert_info->authority ? "yes" : "no");
printf("\tPath : %s\n", sc_print_path(&cert_info->path));
@ -435,7 +435,7 @@ static int read_data_object(void)
continue;
}
else {
if (strcmp(opt_data, cinfo->app_label) && strcmp(opt_data, objs[i]->label))
if (strcmp(opt_data, cinfo->app_label) && strncmp(opt_data, objs[i]->label, sizeof objs[i]->label))
continue;
}
@ -477,8 +477,8 @@ static int list_data_objects(void)
int idx;
struct sc_pkcs15_data_info *cinfo = (struct sc_pkcs15_data_info *) objs[i]->data;
if (0 < strnlen(objs[i]->label, sizeof objs[i]->label))
printf("Data object '%s'\n", objs[i]->label);
if (objs[i]->label[0] != '\0')
printf("Data object '%.*s'\n",(int) sizeof objs[i]->label, objs[i]->label);
else
printf("Data object <%i>\n", i);
printf("\tapplicationName: %s\n", cinfo->app_label);
@ -527,7 +527,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj)
unsigned char guid[40];
size_t guid_len;
printf("Private %s Key [%s]\n", types[7 & obj->type], obj->label);
printf("Private %s Key [%.*s]\n", types[7 & obj->type], (int) sizeof obj->label, obj->label);
print_common_flags(obj);
printf("\tUsage : [0x%X]", prkey->usage);
for (i = 0; i < usage_count; i++)
@ -613,7 +613,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj)
const unsigned int af_count = NELEMENTS(access_flags);
int have_path = (pubkey->path.len != 0) || (pubkey->path.aid.len != 0);
printf("Public %s Key [%s]\n", types[7 & obj->type], obj->label);
printf("Public %s Key [%.*s]\n", types[7 & obj->type], (int) sizeof obj->label, obj->label);
print_common_flags(obj);
printf("\tUsage : [0x%X]", pubkey->usage);
for (i = 0; i < usage_count; i++)
@ -757,7 +757,7 @@ static void print_skey_info(const struct sc_pkcs15_object *obj)
unsigned char guid[40];
size_t guid_len;
printf("Secret %s Key [%s]\n", types[3 & obj->type], obj->label);
printf("Secret %s Key [%.*s]\n", types[3 & obj->type], (int) sizeof obj->label, obj->label);
print_common_flags(obj);
printf("\tUsage : [0x%X]", skey->usage);
for (i = 0; i < usage_count; i++)
@ -824,8 +824,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
fprintf(outf,"---- BEGIN SSH2 PUBLIC KEY ----\n");
if (obj->label && strlen(obj->label))
fprintf(outf,"Comment: \"%s\"\n", obj->label);
if (obj->label[0] != '\0')
fprintf(outf,"Comment: \"%.*s\"\n", (int) sizeof obj->label, obj->label);
fprintf(outf,"%s", uu);
fprintf(outf,"---- END SSH2 PUBLIC KEY ----\n");
@ -836,8 +836,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
if (r < 0)
return;
if (obj->label && strlen(obj->label))
fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, sizeof obj->label, obj->label);
if (obj->label[0] != '\0')
fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, (int) sizeof obj->label, obj->label);
else
fprintf(outf,"ssh-%s %s\n", alg, uu);
}
@ -1109,11 +1109,11 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_object_t *pin_obj)
if (opt_no_prompt) {
// defer entry of the PIN to the readers pinpad.
if (verbose)
printf("%s [%s]: entry deferred to the reader keypad\n", prompt, pin_obj->label);
printf("%s [%.*s]: entry deferred to the reader keypad\n", prompt, (int) sizeof pin_obj->label, pin_obj->label);
return NULL;
}
printf("%s [%s]: ", prompt, pin_obj->label);
printf("%s [%.*s]: ", prompt, (int) sizeof pin_obj->label, pin_obj->label);
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return NULL;
@ -1232,9 +1232,9 @@ static void print_pin_info(const struct sc_pkcs15_object *obj)
size_t i;
if (obj->type == SC_PKCS15_TYPE_AUTH_PIN)
printf("PIN [%s]\n", obj->label);
printf("PIN [%.*s]\n", (int) sizeof obj->label, obj->label);
else if (obj->type == SC_PKCS15_TYPE_AUTH_AUTHKEY)
printf("AuthKey [%s]\n", obj->label);
printf("AuthKey [%.*s]\n", (int) sizeof obj->label, obj->label);
print_common_flags(obj);
if (obj->auth_id.len)
@ -1299,7 +1299,7 @@ static int list_apps(FILE *fout)
for (i=0; i<p15card->card->app_count; i++) {
struct sc_app_info *info = p15card->card->app[i];
fprintf(fout, "Application '%s':\n", info->label);
fprintf(fout, "Application '%.*s':\n", (int) sizeof info->label, info->label);
fprintf(fout, "\tAID: ");
for(j=0;j<info->aid.len;j++)
fprintf(fout, "%02X", info->aid.value[j]);
@ -1673,7 +1673,7 @@ static int learn_card(void)
sc_path_t tpath;
struct sc_pkcs15_cert_info *cinfo = (struct sc_pkcs15_cert_info *) certs[i]->data;
printf("[%s]\n", certs[i]->label);
printf("[%.*s]\n", (int) sizeof certs[i]->label, certs[i]->label);
memset(&tpath, 0, sizeof(tpath));
tpath = cinfo->path;

13
win32/Make.rules.mak
View File

@ -23,7 +23,7 @@ SM_DEF = /DENABLE_SM
# - uncomment the line starting with OPENSSL_DEF
# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"
# - set the OPENSSL_LIB below to your openssl lib file
OPENSSL_DEF = /DENABLE_OPENSSL
#OPENSSL_DEF= /DENABLE_OPENSSL
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
!IF "$(BUILD_FOR)" == "WIN64"
OPENSSL_DIR = C:\OpenSSL-Win64
@ -45,8 +45,10 @@ OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib
!ENDIF
PROGRAMS_OPENSSL = pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe westcos-tool.exe
PROGRAMS_OPENSSL = cryptoflex-tool.exe pkcs15-init.exe netkey-tool.exe piv-tool.exe \
westcos-tool.exe sc-hsm-tool.exe dnie-tool.exe
OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS)
!ENDIF
@ -55,11 +57,12 @@ OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
# - uncomment the line starting with ZLIB_DEF
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"
# - set the ZLIB_LIB below to your zlib lib file
ZLIB_DEF = /DENABLE_ZLIB
#ZLIB_DEF = /DENABLE_ZLIB
!IF "$(ZLIB_DEF)" == "/DENABLE_ZLIB"
ZLIB_INCL_DIR = /IC:\zlib-dll\include
ZLIB_LIB = C:\zlib-dll\lib\zdll.lib
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
CANDLEFLAGS = -dzlib="C:\zlib-dll" $(CANDLEFLAGS)
!ENDIF
# Used for MiniDriver
@ -87,11 +90,11 @@ COPTS = /W3 /D_CRT_SECURE_NO_DEPRECATE /MT /nologo /DHAVE_CONFIG_H $(ALL_INCLUD
!IF "$(BUILD_FOR)" == "WIN64"
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X64 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT $(LINKDEBUGFLAGS)
LIBFLAGS = /nologo /machine:x64
CANDLEFLAGS = -dPlatform=x64
CANDLEFLAGS = -dPlatform=x64 $(CANDLEFLAGS)
!ELSE
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X86 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT $(LINKDEBUGFLAGS)
LIBFLAGS = /nologo /machine:x86
CANDLEFLAGS = -dPlatform=x86
CANDLEFLAGS = -dPlatform=x86 $(CANDLEFLAGS)
!ENDIF
.c.obj::
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<

2
win32/Makefile.mak
View File

@ -11,7 +11,7 @@ customactions.dll: versioninfo-customactions.res customactions.obj
echo LIBRARY $* > $*.def
echo EXPORTS >> $*.def
type customactions.exports >> $*.def
link /dll $(LINKFLAGS) /def:$*.def /out:customactions.dll versioninfo-customactions.res customactions.obj msi.lib $(WIX_LIBS) Advapi32.lib User32.lib Version.lib Shell32.lib
link /dll $(LINKFLAGS) /def:$*.def /out:customactions.dll versioninfo-customactions.res customactions.obj msi.lib $(WIX_LIBS) Advapi32.lib User32.lib Version.lib Shell32.lib
OpenSC.msi: OpenSC.wixobj
"$(WIX_PATH)\bin\light.exe" -sh -ext WixUIExtension -ext WiXUtilExtension $?

342
win32/OpenSC.wxs.in
View File

@ -1,12 +1,20 @@
<?xml version="1.0" encoding="windows-1252"?>
<?if $(var.Platform) = x64 ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ (64bit)" ?>
<?ifndef OpenSSL ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ Light (64bit)" ?>
<?else ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ (64bit)" ?>
<?endif ?>
<?define Win64YesNo="yes" ?>
<?define PlatformProgramFilesFolder = "ProgramFiles64Folder" ?>
<?define PlatformSystemFolder = "System64Folder" ?>
<?define PlatformUpgradeCode = "{9A449570-69A2-11E0-9CC6-955B4824019B}" ?>
<?else ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@" ?>
<?ifndef OpenSSL ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ Light" ?>
<?else ?>
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@" ?>
<?endif ?>
<?define Win64YesNo="no" ?>
<?define PlatformProgramFilesFolder = "ProgramFilesFolder" ?>
<?define PlatformSystemFolder = "SystemFolder" ?>
@ -97,7 +105,7 @@
<Directory Id="INSTALLDIR" Name="OpenSC">
<!-- opensc.conf sample goes to installation directory -->
<Component Id="opensc.conf" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf.win" Name="opensc.conf" KeyPath="yes"/>
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf" Name="opensc.conf" KeyPath="yes"/>
<!-- -->
<RegistryKey Id="OpenscRegs" Root="HKLM" Key="Software\[Manufacturer]\OpenSC" Action="createAndRemoveOnUninstall">
<RegistryValue Type="string" Name="ConfigFile" Value="[INSTALLDIR]opensc.conf"/>
@ -108,12 +116,14 @@
<!-- Tools have their own folder -->
<Directory Id="INSTALLDIR_TOOLS" Name="tools">
<?ifdef zlib ?>
<Component Id="zlib1.dll" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.zlib)\zlib1.dll" Vital="yes"/>
</Component>
<?endif ?>
<Component Id="opensc.dll" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\libopensc\opensc.dll" Vital="yes"/>
</Component>
<Component Id="smm_local.dll" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\smm\smm-local.dll" Vital="yes"/>
</Component>
<Component Id="opensc_explorer.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\opensc-explorer.exe" Vital="yes"/>
</Component>
@ -129,132 +139,142 @@
<Component Id="eidenv.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\eidenv.exe" Vital="yes"/>
</Component>
<Component Id="pkcs15_init.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-init.exe" Vital="yes"/>
</Component>
<Component Id="pkcs15_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-tool.exe" Vital="yes"/>
</Component>
<Component Id="pkcs15_crypt.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-crypt.exe" Vital="yes"/>
</Component>
<Component Id="sc_hsm_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\sc-hsm-tool.exe" Vital="yes"/>
</Component>
<Component Id="dnie_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\dnie-tool.exe" Vital="yes"/>
</Component>
<Component Id="openpgp_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\openpgp-tool.exe" Vital="yes"/>
</Component>
<Component Id="iasecc_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\iasecc-tool.exe" Vital="yes"/>
</Component>
<Component Id="cryptoflex_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\cryptoflex-tool.exe" Vital="yes"/>
</Component>
<Component Id="netkey_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\netkey-tool.exe" Vital="yes"/>
</Component>
<Component Id="piv_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\piv-tool.exe" Vital="yes"/>
</Component>
<Component Id="westcos_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\westcos-tool.exe" Vital="yes"/>
</Component>
</Directory>
<Directory Id="INSTALLDIR_PROFILES" Name="profiles">
<Component Id="cyberflex.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\cyberflex.profile"/>
</Component>
<Component Id="flex.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\flex.profile"/>
</Component>
<Component Id="gpk.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\gpk.profile"/>
</Component>
<Component Id="miocos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\miocos.profile"/>
</Component>
<Component Id="incrypto34.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\incrypto34.profile"/>
</Component>
<Component Id="jcop.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\jcop.profile"/>
</Component>
<Component Id="muscle.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\muscle.profile"/>
</Component>
<Component Id="pkcs15.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\pkcs15.profile"/>
</Component>
<Component Id="asepcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\asepcos.profile"/>
</Component>
<Component Id="cardos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\cardos.profile"/>
</Component>
<Component Id="entersafe.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\entersafe.profile"/>
</Component>
<Component Id="epass2003.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\epass2003.profile"/>
</Component>
<Component Id="myeid.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\myeid.profile"/>
</Component>
<Component Id="setcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\setcos.profile"/>
</Component>
<Component Id="starcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\starcos.profile"/>
</Component>
<Component Id="westcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\westcos.profile"/>
</Component>
<Component Id="oberthur.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\oberthur.profile"/>
</Component>
<Component Id="authentic.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\authentic.profile"/>
</Component>
<Component Id="rutoken.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\rutoken.profile"/>
</Component>
<Component Id="rutoken_ecp.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\rutoken_ecp.profile"/>
</Component>
<Component Id="ias_adele_admin1.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_admin1.profile"/>
</Component>
<Component Id="ias_adele_admin2.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_admin2.profile"/>
</Component>
<Component Id="ias_adele_common.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_common.profile"/>
</Component>
<Component Id="iasecc_admin_eid.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_admin_eid.profile"/>
</Component>
<Component Id="iasecc_generic_oberthur.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_generic_oberthur.profile"/>
</Component>
<Component Id="iasecc_generic_pki.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_generic_pki.profile"/>
</Component>
<Component Id="iasecc.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc.profile"/>
</Component>
<Component Id="schsm.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\sc-hsm.profile"/>
</Component>
<Component Id="openpgp.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\openpgp.profile"/>
</Component>
<Component Id="isoApplet.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\isoApplet.profile"/>
</Component>
<?ifdef OpenSSL ?>
<Component Id="libeay32.dll" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.OpenSSL)\libeay32.dll" Vital="yes"/>
</Component>
<Component Id="smm_local.dll" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\smm\smm-local.dll" Vital="yes"/>
</Component>
<Component Id="cryptoflex_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\cryptoflex-tool.exe" Vital="yes"/>
</Component>
<Component Id="pkcs15_init.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-init.exe" Vital="yes"/>
</Component>
<Component Id="netkey_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\netkey-tool.exe" Vital="yes"/>
</Component>
<Component Id="piv_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\piv-tool.exe" Vital="yes"/>
</Component>
<Component Id="westcos_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\westcos-tool.exe" Vital="yes"/>
</Component>
<Component Id="sc_hsm_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\sc-hsm-tool.exe" Vital="yes"/>
</Component>
<Component Id="dnie_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\tools\dnie-tool.exe" Vital="yes"/>
</Component>
<?endif ?>
</Directory>
<?ifdef OpenSSL ?>
<Directory Id="INSTALLDIR_PROFILES" Name="profiles">
<Component Id="cyberflex.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\cyberflex.profile"/>
</Component>
<Component Id="flex.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\flex.profile"/>
</Component>
<Component Id="gpk.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\gpk.profile"/>
</Component>
<Component Id="miocos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\miocos.profile"/>
</Component>
<Component Id="incrypto34.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\incrypto34.profile"/>
</Component>
<Component Id="jcop.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\jcop.profile"/>
</Component>
<Component Id="muscle.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\muscle.profile"/>
</Component>
<Component Id="pkcs15.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\pkcs15.profile"/>
</Component>
<Component Id="asepcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\asepcos.profile"/>
</Component>
<Component Id="cardos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\cardos.profile"/>
</Component>
<Component Id="entersafe.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\entersafe.profile"/>
</Component>
<Component Id="epass2003.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\epass2003.profile"/>
</Component>
<Component Id="myeid.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\myeid.profile"/>
</Component>
<Component Id="setcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\setcos.profile"/>
</Component>
<Component Id="starcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\starcos.profile"/>
</Component>
<Component Id="westcos.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\westcos.profile"/>
</Component>
<Component Id="oberthur.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\oberthur.profile"/>
</Component>
<Component Id="authentic.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\authentic.profile"/>
</Component>
<Component Id="rutoken.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\rutoken.profile"/>
</Component>
<Component Id="rutoken_ecp.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\rutoken_ecp.profile"/>
</Component>
<Component Id="ias_adele_admin1.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_admin1.profile"/>
</Component>
<Component Id="ias_adele_admin2.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_admin2.profile"/>
</Component>
<Component Id="ias_adele_common.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\ias_adele_common.profile"/>
</Component>
<Component Id="iasecc_admin_eid.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_admin_eid.profile"/>
</Component>
<Component Id="iasecc_generic_oberthur.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_generic_oberthur.profile"/>
</Component>
<Component Id="iasecc_generic_pki.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc_generic_pki.profile"/>
</Component>
<Component Id="iasecc.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\iasecc.profile"/>
</Component>
<Component Id="schsm.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\sc-hsm.profile"/>
</Component>
<Component Id="openpgp.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\openpgp.profile"/>
</Component>
<Component Id="isoApplet.profile" Guid="*" Win64="$(var.Win64YesNo)">
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\isoApplet.profile"/>
</Component>
</Directory>
<?endif ?>
</Directory>
</Directory>
</Directory>
@ -272,8 +292,14 @@
<Feature Id="Complete" Level="1" Title="OpenSC software suite" Display="expand">
<Feature Id="OpenSC_core" Level="1" Title="OpenSC core library" Description="Core DLL and configuration file used by all other components." Absent="disallow">
<ComponentRef Id="opensc.dll"/>
<?ifdef zlib ?>
<ComponentRef Id="zlib1.dll"/>
<?endif ?>
<ComponentRef Id="opensc.conf"/>
<ComponentRef Id="smm_local.dll"/>
<?ifdef OpenSSL ?>
<ComponentRef Id="libeay32.dll"/>
<ComponentRef Id="smm_local.dll"/>
<?endif ?>
</Feature>
<Feature Id="OpenSC_pkcs11" Level="1" Title="OpenSC PKCS#11 module" Description="PKCS#11 module usd by most open source and cross-platform software (like Firefox, Putty, TrueCrypt, OpenVPN etc)" TypicalDefault="install">
<ComponentRef Id="opensc_pkcs11.dll"/>
@ -293,47 +319,49 @@
<ComponentRef Id="pkcs11_tool.exe"/>
<ComponentRef Id="cardos_tool.exe"/>
<ComponentRef Id="eidenv.exe"/>
<ComponentRef Id="pkcs15_init.exe"/>
<ComponentRef Id="dnie_tool.exe"/>
<ComponentRef Id="pkcs15_tool.exe"/>
<ComponentRef Id="pkcs15_crypt.exe"/>
<ComponentRef Id="sc_hsm_tool.exe"/>
<ComponentRef Id="openpgp_tool.exe"/>
<ComponentRef Id="iasecc_tool.exe"/>
<ComponentRef Id="cryptoflex_tool.exe"/>
<ComponentRef Id="netkey_tool.exe"/>
<ComponentRef Id="piv_tool.exe"/>
<ComponentRef Id="westcos_tool.exe"/>
<ComponentRef Id="cyberflex.profile"/>
<ComponentRef Id="flex.profile"/>
<ComponentRef Id="gpk.profile"/>
<ComponentRef Id="miocos.profile"/>
<ComponentRef Id="incrypto34.profile"/>
<ComponentRef Id="jcop.profile"/>
<ComponentRef Id="muscle.profile"/>
<ComponentRef Id="pkcs15.profile"/>
<ComponentRef Id="asepcos.profile"/>
<ComponentRef Id="cardos.profile"/>
<ComponentRef Id="entersafe.profile"/>
<ComponentRef Id="epass2003.profile"/>
<ComponentRef Id="myeid.profile"/>
<ComponentRef Id="setcos.profile"/>
<ComponentRef Id="starcos.profile"/>
<ComponentRef Id="westcos.profile"/>
<ComponentRef Id="oberthur.profile"/>
<ComponentRef Id="authentic.profile"/>
<ComponentRef Id="rutoken.profile"/>
<ComponentRef Id="rutoken_ecp.profile"/>
<ComponentRef Id="ias_adele_admin1.profile"/>
<ComponentRef Id="ias_adele_admin2.profile"/>
<ComponentRef Id="ias_adele_common.profile"/>
<ComponentRef Id="iasecc_admin_eid.profile"/>
<ComponentRef Id="iasecc_generic_oberthur.profile"/>
<ComponentRef Id="iasecc_generic_pki.profile"/>
<ComponentRef Id="iasecc.profile"/>
<ComponentRef Id="schsm.profile"/>
<ComponentRef Id="openpgp.profile"/>
<ComponentRef Id="isoApplet.profile"/>
<?ifdef OpenSSL ?>
<ComponentRef Id="cryptoflex_tool.exe"/>
<ComponentRef Id="pkcs15_init.exe"/>
<ComponentRef Id="netkey_tool.exe"/>
<ComponentRef Id="piv_tool.exe"/>
<ComponentRef Id="westcos_tool.exe"/>
<ComponentRef Id="sc_hsm_tool.exe"/>
<ComponentRef Id="dnie_tool.exe"/>
<ComponentRef Id="cyberflex.profile"/>
<ComponentRef Id="flex.profile"/>
<ComponentRef Id="gpk.profile"/>
<ComponentRef Id="miocos.profile"/>
<ComponentRef Id="incrypto34.profile"/>
<ComponentRef Id="jcop.profile"/>
<ComponentRef Id="muscle.profile"/>
<ComponentRef Id="pkcs15.profile"/>
<ComponentRef Id="asepcos.profile"/>
<ComponentRef Id="cardos.profile"/>
<ComponentRef Id="entersafe.profile"/>
<ComponentRef Id="epass2003.profile"/>
<ComponentRef Id="myeid.profile"/>
<ComponentRef Id="setcos.profile"/>
<ComponentRef Id="starcos.profile"/>
<ComponentRef Id="westcos.profile"/>
<ComponentRef Id="oberthur.profile"/>
<ComponentRef Id="authentic.profile"/>
<ComponentRef Id="rutoken.profile"/>
<ComponentRef Id="rutoken_ecp.profile"/>
<ComponentRef Id="ias_adele_admin1.profile"/>
<ComponentRef Id="ias_adele_admin2.profile"/>
<ComponentRef Id="ias_adele_common.profile"/>
<ComponentRef Id="iasecc_admin_eid.profile"/>
<ComponentRef Id="iasecc_generic_oberthur.profile"/>
<ComponentRef Id="iasecc_generic_pki.profile"/>
<ComponentRef Id="iasecc.profile"/>
<ComponentRef Id="schsm.profile"/>
<ComponentRef Id="openpgp.profile"/>
<ComponentRef Id="isoApplet.profile"/>
<?endif ?>
</Feature>
<Feature Id="OpenSC_menu" Level="1" Title="Start menu entries" Description="Start menu entries: link to documentation">
<ComponentRef Id="ProgramMenuDir"/>