Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master
Conflicts: src/minidriver/minidriver.c
This commit is contained in:
commit
75d76f5ce4
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Building the installer is only tested and supported on 10.9+ with Xcode 6.0.1
|
||||
# Built package targets 10.9+
|
||||
# Built package targets 10.10
|
||||
# Building should also work on older versions with older revisions or slight changes, YMMV
|
||||
|
||||
# You need to have the following from homebrew or macports or fink:
|
||||
|
@ -15,7 +15,7 @@ SDKS_PATH="$(xcode-select -p)/Platforms/MacOSX.platform/Developer/SDKs"
|
|||
SDK_PATH="${SDK_PATH:-$SDKS_PATH/$(ls -1 ${SDKS_PATH} | sort -n -k2 -t. -r | head -1)}"
|
||||
|
||||
# Set SDK path
|
||||
export CFLAGS="-isysroot $SDK_PATH -arch i386 -arch x86_64 -mmacosx-version-min=10.7"
|
||||
export CFLAGS="-isysroot $SDK_PATH -arch i386 -arch x86_64 -mmacosx-version-min=10.10"
|
||||
|
||||
# OpenSSL is deprecated on OSX since 10.7 and that generates lots of
|
||||
# "false positive" warnings and there is no alternative option.
|
||||
|
|
33
appveyor.yml
33
appveyor.yml
|
@ -1,18 +1,26 @@
|
|||
version: 0.15.0.{build}
|
||||
|
||||
platform:
|
||||
# the prebuilt zlib is 32 bit only
|
||||
- x86
|
||||
- x64
|
||||
|
||||
configuration:
|
||||
- Release
|
||||
- Debug
|
||||
- Light-Release
|
||||
- Light-Debug
|
||||
|
||||
environment:
|
||||
matrix:
|
||||
- VSVER: 12
|
||||
- VSVER: 10
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
# not included in AppVeyor right now
|
||||
- platform: x64
|
||||
VSVER: 10
|
||||
|
||||
install:
|
||||
- ps: if ($env:APPVEYOR_PULL_REQUEST_NUMBER -and $env:APPVEYOR_BUILD_NUMBER -ne ((Invoke-RestMethod `
|
||||
https://ci.appveyor.com/api/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/history?recordsNumber=50).builds | `
|
||||
|
@ -37,22 +45,28 @@ install:
|
|||
$env:ARTIFACT="OpenSC-${env:APPVEYOR_BUILD_VERSION}-win64_vs${env:VSVER}-${env:CONFIGURATION}.msi"
|
||||
}
|
||||
- ps: >-
|
||||
If ($env:Configuration -Match "Debug") {
|
||||
$env:NMAKE_DEBUG="DEBUG_DEF=/DDEBUG"
|
||||
If ($env:Configuration -Like "*Debug*") {
|
||||
$env:NMAKE_EXTRA="DEBUG_DEF=/DDEBUG ${env:NMAKE_EXTRA}"
|
||||
}
|
||||
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
|
||||
- echo "Using Visual Studio %VSVER%.0 at %VSCOMNTOOLS%"
|
||||
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
|
||||
- ps: >-
|
||||
If (!($env:Configuration -Like "*Light*")) {
|
||||
If (!(Test-Path -Path "C:\OpenSSL-${env:OPENSSL_PF}" )) {
|
||||
Start-FileDownload https://slproweb.com/download/${env:OPENSSL_PF}OpenSSL-${env:OPENSSL_VER}.exe -FileName C:\WinOpenSSL.exe
|
||||
C:\WinOpenSSL.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
|
||||
}
|
||||
- ps: >-
|
||||
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
|
||||
# the prebuilt zlib is 32 bit only
|
||||
If ($env:Platform -Match "x86") {
|
||||
If (!(Test-Path -Path "C:\zlib-dll" )) {
|
||||
appveyor DownloadFile "https://prdownloads.sourceforge.net/libpng/zlib${env:ZLIB_VER}-dll.zip" -FileName zlib-dll.zip
|
||||
7z x zlib-dll.zip -oC:\zlib-dll
|
||||
}
|
||||
$env:NMAKE_EXTRA="ZLIB_DEF=/DENABLE_ZLIB ${env:NMAKE_EXTRA}"
|
||||
}
|
||||
}
|
||||
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
|
||||
- echo "Using Visual Studio %VSVER%.0 at %VSCOMNTOOLS%"
|
||||
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
|
||||
- appveyor DownloadFile "http://download.microsoft.com/download/2/C/9/2C93059C-0532-42DF-8C24-9AEAFF00768E/cngsdk.msi"
|
||||
- cngsdk.msi /quiet
|
||||
- uname -a
|
||||
|
@ -61,9 +75,10 @@ build_script:
|
|||
- bash -c "exec 0</dev/null && ./bootstrap"
|
||||
# disable features to speed up the script
|
||||
- bash -c "exec 0</dev/null && ./configure --disable-openssl --disable-readline --disable-zlib || cat config.log"
|
||||
- bash -c "make -C etc opensc.conf"
|
||||
- cp win32/winconfig.h config.h
|
||||
- nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_DEBUG%
|
||||
- cd win32 && nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_DEBUG% VSVER=%VSVER% OpenSC.msi
|
||||
- nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_EXTRA%
|
||||
- cd win32 && nmake /f Makefile.mak %NMAKE_ARCH% %NMAKE_EXTRA% VSVER=%VSVER% OpenSC.msi
|
||||
- move OpenSC.msi %ARTIFACT%
|
||||
- appveyor PushArtifact %ARTIFACT%
|
||||
|
||||
|
|
21
configure.ac
21
configure.ac
|
@ -114,13 +114,19 @@ esac
|
|||
|
||||
case "${host}" in
|
||||
*-mingw*|*-winnt*|*-cygwin*)
|
||||
DEBUG_FILE="%TEMP%\opensc-debug.log"
|
||||
DEBUG_FILE="%TEMP%\\\opensc-debug.log"
|
||||
PROFILE_DIR_DEFAULT="obtained from windows registers"
|
||||
PROFILE_DIR="\"\""
|
||||
;;
|
||||
*)
|
||||
DEBUG_FILE="/tmp/opensc-debug.log"
|
||||
PROFILE_DIR="\$(pkgdatadir)"
|
||||
PROFILE_DIR_DEFAULT="\$(pkgdatadir)"
|
||||
;;
|
||||
esac
|
||||
AC_DEFINE_UNQUOTED([DEBUG_FILE], ["${DEBUG_FILE}"], [Debug file])
|
||||
AC_DEFINE_UNQUOTED([PROFILE_DIR], ["${PROFILE_DIR}"], [Directory of profiles])
|
||||
AC_DEFINE_UNQUOTED([PROFILE_DIR_DEFAULT], ["${PROFILE_DIR_DEFAULT}"], [Default directory of profiles])
|
||||
|
||||
AC_ARG_ENABLE(
|
||||
[strict],
|
||||
|
@ -486,14 +492,12 @@ PKG_CHECK_MODULES(
|
|||
case "${enable_openssl}" in
|
||||
no)
|
||||
have_openssl="no"
|
||||
enable_sm="no"
|
||||
;;
|
||||
detect)
|
||||
if test "${have_openssl}" = "yes"; then
|
||||
enable_openssl="yes"
|
||||
else
|
||||
enable_openssl="no"
|
||||
enable_sm="no"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
@ -504,6 +508,9 @@ if test "${enable_openssl}" = "yes"; then
|
|||
else
|
||||
AC_MSG_ERROR([OpenSSL linkage required, but no OpenSSL was found])
|
||||
fi
|
||||
else
|
||||
OPENSSL_CFLAGS=""
|
||||
OPENSSL_LIBS=""
|
||||
fi
|
||||
|
||||
if test "${enable_sm}" = "yes"; then
|
||||
|
@ -512,15 +519,19 @@ if test "${enable_sm}" = "yes"; then
|
|||
case "${host}" in
|
||||
*-mingw*|*-winnt*|*-cygwin*)
|
||||
DEFAULT_SM_MODULE="smm-local.dll"
|
||||
DEFAULT_SM_MODULE_PATH="\# module_path = \"\";"
|
||||
;;
|
||||
*-apple-*)
|
||||
DEFAULT_SM_MODULE="libsmm-local.3.dylib"
|
||||
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
|
||||
;;
|
||||
*)
|
||||
DEFAULT_SM_MODULE="libsmm-local.so.3"
|
||||
DEFAULT_SM_MODULE_PATH="module_path = \$(libdir);"
|
||||
;;
|
||||
esac
|
||||
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE], ["${DEFAULT_SM_MODULE}"], [Default SM module])
|
||||
AC_DEFINE_UNQUOTED([DEFAULT_SM_MODULE_PATH], ["${DEFAULT_SM_MODULE_PATH}"], [Default SM module path])
|
||||
fi
|
||||
|
||||
if test "${enable_openct}" = "yes"; then
|
||||
|
@ -565,6 +576,7 @@ if test "${enable_pcsc}" = "yes"; then
|
|||
CFLAGS="${CFLAGS} ${PCSC_CFLAGS}"
|
||||
# We must cope with mingw32 that does not have winscard.h mingw64 has it.
|
||||
AC_CHECK_HEADERS([winscard.h],,[test "${WIN32}" != "yes" && AC_MSG_ERROR([winscard.h is required for pcsc])])
|
||||
AC_CHECK_HEADERS([pcsclite.h])
|
||||
CFLAGS="${saved_CFLAGS}"
|
||||
|
||||
if test "${with_pcsc_provider}" = "detect"; then
|
||||
|
@ -697,7 +709,10 @@ AC_SUBST([OPTIONAL_OPENCT_LIBS])
|
|||
AC_SUBST([OPTIONAL_PCSC_CFLAGS])
|
||||
AC_SUBST([LIBRARY_BITNESS])
|
||||
AC_SUBST([DEFAULT_SM_MODULE])
|
||||
AC_SUBST([DEFAULT_SM_MODULE_PATH])
|
||||
AC_SUBST([DEBUG_FILE])
|
||||
AC_SUBST([PROFILE_DIR])
|
||||
AC_SUBST([PROFILE_DIR_DEFAULT])
|
||||
|
||||
AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
|
||||
AM_CONDITIONAL([ENABLE_ZLIB], [test "${enable_zlib}" = "yes"])
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/opensc.conf.win
|
||||
DISTCLEANFILES = opensc.conf opensc.conf.win
|
||||
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
|
||||
DISTCLEANFILES = opensc.conf
|
||||
|
||||
EXTRA_DIST = Makefile.mak
|
||||
|
||||
SUFFIXES = .in
|
||||
|
||||
dist_noinst_DATA = opensc.conf.in opensc.conf.win.in
|
||||
nodist_noinst_DATA = opensc.conf opensc.conf.win # For Windows MSVC build
|
||||
dist_noinst_DATA = opensc.conf.in
|
||||
nodist_noinst_DATA = opensc.conf
|
||||
|
||||
# Make sure we build this every time
|
||||
# as there is no dependency for this.
|
||||
|
@ -18,9 +18,12 @@ opensc.conf: opensc.conf.in force
|
|||
@sed \
|
||||
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
|
||||
-e 's|@libdir[@]|$(libdir)|g' \
|
||||
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
|
||||
-e 's|@DEFAULT_PCSC_PROVIDER[@]|$(DEFAULT_PCSC_PROVIDER)|g' \
|
||||
-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
|
||||
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
|
||||
-e 's|@DEFAULT_SM_MODULE_PATH[@]|$(DEFAULT_SM_MODULE_PATH)|g' \
|
||||
-e 's|@PROFILE_DIR[@]|$(PROFILE_DIR)|g' \
|
||||
-e 's|@PROFILE_DIR_DEFAULT[@]|$(PROFILE_DIR_DEFAULT)|g' \
|
||||
< $< > $@
|
||||
|
||||
install-exec-hook: opensc.conf
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
all: opensc.conf.win
|
||||
|
||||
opensc.conf.win: opensc.conf.win.in
|
||||
copy /y opensc.conf.win.in opensc.conf.win
|
||||
|
||||
clean::
|
||||
del /Q opensc.conf.win
|
||||
|
|
@ -32,9 +32,9 @@ app default {
|
|||
|
||||
# PKCS#15 initialization / personalization
|
||||
# profiles directory for pkcs15-init.
|
||||
# Default: @pkgdatadir@
|
||||
# Default: @PROFILE_DIR_DEFAULT@
|
||||
#
|
||||
# profile_dir = @pkgdatadir@;
|
||||
# profile_dir = @PROFILE_DIR@;
|
||||
|
||||
# Paranoid memory allocation.
|
||||
#
|
||||
|
@ -112,7 +112,11 @@ app default {
|
|||
# max_recv_size = 256;
|
||||
};
|
||||
|
||||
# What card drivers to load at start-up
|
||||
# Whitelist of card drivers to load at start-up
|
||||
#
|
||||
# The supported internal card driver names can be retrieved
|
||||
# from the output of:
|
||||
# $ opensc-tool --list-drivers
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
|
@ -331,9 +335,11 @@ app default {
|
|||
}
|
||||
|
||||
secure_messaging local_authentic {
|
||||
#path to ans name of external SM module
|
||||
# name of external SM module
|
||||
# module_name = @DEFAULT_SM_MODULE@;
|
||||
#module_path = @libdir@;
|
||||
# directory with external SM module
|
||||
# Default: defined by windows register
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
|
||||
# specific data to tune the module initialization
|
||||
# module_data = "Here can be your SM module init data";
|
||||
|
@ -356,7 +362,7 @@ app default {
|
|||
|
||||
secure_messaging local_gemalto_iam {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
|
@ -375,7 +381,8 @@ app default {
|
|||
|
||||
secure_messaging local_amos {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_02_enc = "ENCROECHANTILLON";
|
||||
|
@ -384,7 +391,8 @@ app default {
|
|||
|
||||
secure_messaging local_amos_eid {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
|
@ -393,7 +401,7 @@ app default {
|
|||
|
||||
secure_messaging local_adele {
|
||||
module_name = @DEFAULT_SM_MODULE@;
|
||||
module_path = @libdir@;
|
||||
@DEFAULT_SM_MODULE_PATH@
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
|
@ -568,6 +576,18 @@ app opensc-pkcs11 {
|
|||
# Default: false
|
||||
# lock_login = true;
|
||||
|
||||
# With this setting disabled, the OpenSC PKCS#11 module will initialize
|
||||
# the slots available when the application calls `C_GetSlotList`. With
|
||||
# this setting enabled, the slots will also get initialized when
|
||||
# C_GetSlotInfo is called.
|
||||
#
|
||||
# This setting is a workaround for Java which does not call
|
||||
# `C_GetSlotList` when configured with a static `slot` instead of
|
||||
# `slotListIndex`.
|
||||
#
|
||||
# Default: true
|
||||
# init_sloppy = false;
|
||||
|
||||
# User PIN unblock style
|
||||
# none: PIN unblock is not possible with PKCS#11 API;
|
||||
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
||||
|
|
|
@ -1,650 +0,0 @@
|
|||
# Configuration file for OpenSC
|
||||
# Example configuration file
|
||||
|
||||
# NOTE: All key-value pairs must be terminated by a semicolon.
|
||||
|
||||
# Default values for any application
|
||||
# These can be overridden by an application
|
||||
# specific configuration block.
|
||||
app default {
|
||||
# Amount of debug info to print
|
||||
#
|
||||
# A greater value means more debug info.
|
||||
# Default: 0
|
||||
#
|
||||
debug = 0;
|
||||
|
||||
# The file to which debug output will be written
|
||||
#
|
||||
# Special values 'stdout' and 'stderr' are recognized.
|
||||
# Default: stderr
|
||||
#
|
||||
# debug_file = %TEMP%\opensc-debug.log
|
||||
|
||||
# Re-open debug file (used in WIN32)
|
||||
#
|
||||
# In Windows, file handles can not be shared between DLL-s,
|
||||
# each DLL has a separate file handle table.
|
||||
# For that reason reopen debug file before every debug message.
|
||||
#
|
||||
# Default: true
|
||||
# reopen_debug_file = false;
|
||||
|
||||
# PKCS#15 initialization / personalization
|
||||
# profiles directory for pkcs15-init.
|
||||
# Default: obtained from windows registers
|
||||
#
|
||||
# profile_dir = "";
|
||||
|
||||
# Paranoid memory allocation.
|
||||
#
|
||||
# If set to 'true', then refuse to continue when locking of non-pageable
|
||||
# memory fails. This can cause subtle failures but is more secure when
|
||||
# you have a swap disk.
|
||||
# Default: false
|
||||
#
|
||||
# paranoid_memory = false;
|
||||
|
||||
# Enable default card driver
|
||||
# Default card driver is explicitely enabled for the 'opensc-explorer' and 'opensc-tool'.
|
||||
#
|
||||
# Default: false
|
||||
# enable_default_driver = true;
|
||||
|
||||
# CT-API module configuration.
|
||||
reader_driver ctapi {
|
||||
# module @libdir@/libtowitoko.so {
|
||||
# CT-API ports:
|
||||
# 0..3 COM1..4
|
||||
# 4 Printer
|
||||
# 5 Modem
|
||||
# 6..7 LPT1..2
|
||||
# ports = 0;
|
||||
# }
|
||||
}
|
||||
|
||||
# The following section shows definitions for PC/SC readers.
|
||||
reader_driver pcsc {
|
||||
# Limit command and response sizes.
|
||||
# Default: n/a
|
||||
# max_send_size = 255;
|
||||
# max_recv_size = 256;
|
||||
#
|
||||
# Connect to reader in exclusive mode?
|
||||
# Default: false
|
||||
# connect_exclusive = true;
|
||||
#
|
||||
# What to do when disconnecting from a card (SCardDisconnect)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Default: reset
|
||||
# disconnect_action = unpower;
|
||||
#
|
||||
# What to do at the end of a transaction (SCardEndTransaction)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Default: leave
|
||||
# transaction_end_action = reset;
|
||||
#
|
||||
# What to do when reconnection to a card (SCardReconnect)
|
||||
# Valid values: leave, reset, unpower.
|
||||
# Note that this affects only the internal reconnect (after a SCARD_W_RESET_CARD).
|
||||
# A forced reset via sc_reset() always does a full powerup.
|
||||
# Default: leave
|
||||
# reconnect_action = reset;
|
||||
#
|
||||
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
||||
# Default: true
|
||||
# enable_pinpad = false;
|
||||
#
|
||||
# Use specific pcsc provider.
|
||||
# Default: winscard.dll
|
||||
# provider_library = winscard.dll
|
||||
}
|
||||
|
||||
# Options for OpenCT support
|
||||
reader_driver openct {
|
||||
# Virtual readers to allocate.
|
||||
# Default: 2
|
||||
# readers = 5;
|
||||
#
|
||||
# Limit command and response sizes.
|
||||
# Default: n/a
|
||||
# max_send_size = 255;
|
||||
# max_recv_size = 256;
|
||||
};
|
||||
|
||||
# What card drivers to load at start-up
|
||||
#
|
||||
# A special value of 'internal' will load all
|
||||
# statically linked drivers. If an unknown (ie. not
|
||||
# internal) driver is supplied, a separate configuration
|
||||
# configuration block has to be written for the driver.
|
||||
# Default: internal
|
||||
# NOTE: When "internal" keyword is used, must be last entry
|
||||
#
|
||||
# card_drivers = customcos, internal;
|
||||
|
||||
# Card driver configuration blocks.
|
||||
|
||||
# For card drivers loaded from an external shared library/DLL,
|
||||
# you need to specify the path name of the module
|
||||
#
|
||||
# card_driver customcos {
|
||||
# The location of the driver library
|
||||
# module = @libdir@/card_customcos.so;
|
||||
# }
|
||||
|
||||
# Force using specific card driver
|
||||
#
|
||||
# If this option is present, OpenSC will use the supplied
|
||||
# driver with all inserted cards.
|
||||
#
|
||||
# Default: autodetect
|
||||
#
|
||||
# force_card_driver = customcos;
|
||||
|
||||
# In addition to the built-in list of known cards in the
|
||||
# card driver, you can configure a new card for the driver
|
||||
# using the card_atr block. The goal is to centralize
|
||||
# everything related to a certain card to card_atr.
|
||||
#
|
||||
# The supported internal card driver names can be retrieved
|
||||
# from the output of:
|
||||
# $ opensc-tool --list-drivers
|
||||
|
||||
# Generic format: card_atr <hex encoded ATR (case-sensitive!)>
|
||||
|
||||
# New card entry for the flex card driver
|
||||
# card_atr 3b:f0:0d:ca:fe {
|
||||
# All parameters for the context are
|
||||
# optional unless specified otherwise.
|
||||
|
||||
# Context: global, card driver
|
||||
#
|
||||
# ATR mask value
|
||||
#
|
||||
# The mask is logically AND'd with an
|
||||
# card ATR prior to comparison with the
|
||||
# ATR reference value above. Using mask
|
||||
# allows identifying and configuring
|
||||
# multiple ATRs as the same card model.
|
||||
# atrmask = "ff:ff:ff:ff:ff";
|
||||
|
||||
# Context: card driver
|
||||
#
|
||||
# Specify used card driver (REQUIRED).
|
||||
#
|
||||
# When enabled, overrides all possible
|
||||
# settings from the card drivers built-in
|
||||
# card configuration list.
|
||||
# driver = "flex";
|
||||
|
||||
# Set card name for card drivers that allows it.
|
||||
# name = "My CryptoFlex card";
|
||||
|
||||
# Card type as an integer value.
|
||||
#
|
||||
# Depending on card driver, this allows
|
||||
# tuning the behaviour of the card driver
|
||||
# for your card.
|
||||
# type = "2002";
|
||||
|
||||
# Card flags as an hex value.
|
||||
# Multiple values are OR'd together.
|
||||
#
|
||||
# Depending on card driver, this allows
|
||||
# fine-tuning the capabilities in
|
||||
# the card driver for your card.
|
||||
#
|
||||
# Optionally, some known parameters
|
||||
# can be specified as strings:
|
||||
#
|
||||
# rng - On-board random number source
|
||||
#
|
||||
# flags = "rng", "0x80000000";
|
||||
|
||||
# Enable pkcs11 initialization.
|
||||
# Default: no
|
||||
# pkcs11_enable_InitToken = yes;
|
||||
|
||||
#
|
||||
# Context: PKCS#15 emulation layer
|
||||
#
|
||||
# When using PKCS#15 emulation, force
|
||||
# the emulation driver for specific cards.
|
||||
#
|
||||
# Required for external drivers, but can
|
||||
# be used with built-in drivers, too.
|
||||
# pkcs15emu = "custom";
|
||||
|
||||
#
|
||||
# Context: reader driver
|
||||
#
|
||||
# Force protocol selection for specific cards.
|
||||
# Known parameters: t0, t1, raw
|
||||
# force_protocol = "t0";
|
||||
# }
|
||||
|
||||
# PIV cards need an entry similar to this one:
|
||||
# card_atr 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:AC:83:00:90:00 {
|
||||
# name = "PIV-II";
|
||||
# driver = "piv";
|
||||
# }
|
||||
|
||||
# Estonian ID card and Micardo driver sometimes only play together with T=0
|
||||
# In theory only the 'cold' ATR should be specified, as T=0 will
|
||||
# be the preferred protocol once you boot it up with T=0, but be
|
||||
# paranoid.
|
||||
#
|
||||
# Warm ATR v1
|
||||
card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Cold ATR v1
|
||||
card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Warm ATR v2
|
||||
card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Cold ATR v2
|
||||
card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b {
|
||||
force_protocol = t0;
|
||||
}
|
||||
# Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above
|
||||
# The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR.
|
||||
card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
|
||||
# D-Trust cards are also based on micardo and need T=0 for some reason
|
||||
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
card_atr 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 {
|
||||
force_protocol = t0;
|
||||
}
|
||||
|
||||
# Oberthur's AuthentIC v3.2.2
|
||||
card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B {
|
||||
type = 11100;
|
||||
driver = "authentic";
|
||||
name = "AuthentIC v3.1";
|
||||
|
||||
# Name of SM configuration sub-section
|
||||
# secure_messaging = local_authentic;
|
||||
}
|
||||
|
||||
# IAS/ECC cards
|
||||
card_atr 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 {
|
||||
type = 25001;
|
||||
driver = "iasecc";
|
||||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
# secure_messaging = local_adele;
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
|
||||
type = 25001;
|
||||
driver = "iasecc";
|
||||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
|
||||
# type = 25002;
|
||||
# driver = "iasecc";
|
||||
# name = "Oberthur IAS/ECC v1.0.1";
|
||||
# # No 'admin' application for this card -- no secure messaging
|
||||
#}
|
||||
#card_atr 3B:7F:18:00:00:00:31:B8:64:50:23:EC:C1:73:94:01:80:82:90:00 {
|
||||
# type = 25003;
|
||||
# driver = "iasecc";
|
||||
# name = "Morpho YpsID S3 IAS/ECC";
|
||||
# # secure_messaging = local_morpho_YpsID_S3;
|
||||
#}
|
||||
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
|
||||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos;
|
||||
}
|
||||
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
|
||||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos_eid;
|
||||
}
|
||||
|
||||
secure_messaging local_authentic {
|
||||
# name of external SM module
|
||||
# module_name = smm-local.dll;
|
||||
|
||||
# directory with external SM module
|
||||
# Default: defined by windows register
|
||||
# module_path = "";
|
||||
|
||||
# specific data to tune the module initialization
|
||||
# module_data = "Here can be your SM module init data";
|
||||
|
||||
# SM mode:
|
||||
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
|
||||
# APDU transmit procedure.
|
||||
# In this mode all APDUs, except the ones filtered by the card specific procedure,
|
||||
# are securized.
|
||||
# 'acl' -- in this mode APDU are securized only if needed by the ACLs of the command to be executed.
|
||||
#
|
||||
#mode = transmit;
|
||||
|
||||
# SM type specific flags
|
||||
# flags = 0x78; # 0x78 -- level 3, channel 0
|
||||
|
||||
# Default KMC of the GP Card Manager for the Oberthur's Java cards
|
||||
# kmc = "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00";
|
||||
}
|
||||
|
||||
secure_messaging local_gemalto_iam {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
||||
# Keyset values from IAM profiles of the Gemalto IAS/ECC cards
|
||||
keyset_02_enc = "RW_PRIV_ENC_TEST";
|
||||
keyset_02_mac = "RW_PRIV_MAC_TEST";
|
||||
|
||||
keyset_E828BD080FD2504543432D654944_01_enc = "RO_ENC_TEST_KEY_";
|
||||
keyset_E828BD080FD2504543432D654944_01_mac = "RO_MAC_TEST_KEY_";
|
||||
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
||||
}
|
||||
|
||||
secure_messaging local_amos {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_02_enc = "ENCROECHANTILLON";
|
||||
keyset_02_mac = "MACROECHANTILLON";
|
||||
}
|
||||
|
||||
secure_messaging local_amos_eid {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
mode = acl;
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
keyset_E828BD080FD2504543432D654944_03_enc = "RW_PUBL_ENC_TEST";
|
||||
keyset_E828BD080FD2504543432D654944_03_mac = "RW_PUBL_MAC_TEST";
|
||||
}
|
||||
|
||||
secure_messaging local_adele {
|
||||
module_name = smm-local.dll;
|
||||
# module_path = "";
|
||||
# module_data = "";
|
||||
type = acl; # transmit, acl
|
||||
|
||||
ifd_serial = "11:22:33:44:55:66:77:88";
|
||||
|
||||
# Keyset values from 'Adele' profiles of the IAS/ECC cards
|
||||
keyset_01_enc = "EMENCECHANTILLON";
|
||||
keyset_01_mac = "EMMACECHANTILLON";
|
||||
|
||||
keyset_02_enc = "AAENCECHANTILLON";
|
||||
keyset_02_mac = "AAMACECHANTILLON";
|
||||
|
||||
keyset_E828BD080FD2500000040301_02_enc = "E2ENCECHANTILLON";
|
||||
keyset_E828BD080FD2500000040301_02_mac = "E2MACECHANTILLON";
|
||||
|
||||
keyset_D2500000044164E86C650101_02_enc = "E1ENCECHANTILLON";
|
||||
keyset_D2500000044164E86C650101_02_mac = "E1MACECHANTILLON";
|
||||
|
||||
keyset_D2500000044164E86C650101_03_enc = "SIENCECHANTILLON";
|
||||
keyset_D2500000044164E86C650101_03_mac = "SIMACECHANTILLON";
|
||||
}
|
||||
|
||||
# Below are the framework specific configuration blocks.
|
||||
|
||||
# PKCS #15
|
||||
framework pkcs15 {
|
||||
# Whether to use the cache files in the user's
|
||||
# home directory.
|
||||
#
|
||||
# At the moment you have to 'teach' the card
|
||||
# to the system by running command: pkcs15-tool -L
|
||||
#
|
||||
# WARNING: Caching shouldn't be used in setuid root
|
||||
# applications.
|
||||
# Default: false
|
||||
# use_file_caching = true;
|
||||
#
|
||||
# Use PIN caching?
|
||||
# Default: true
|
||||
# use_pin_caching = false;
|
||||
#
|
||||
# How many times to use a PIN from cache before re-authenticating it?
|
||||
# Default: 10
|
||||
# pin_cache_counter = 3;
|
||||
#
|
||||
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
|
||||
# may need to set this to get signatures to work with some cards.
|
||||
# Default: false
|
||||
# pin_cache_ignore_user_consent = true;
|
||||
#
|
||||
# Enable pkcs15 emulation.
|
||||
# Default: yes
|
||||
# enable_pkcs15_emulation = no;
|
||||
#
|
||||
# Prefer pkcs15 emulation code before
|
||||
# the normal pkcs15 processing.
|
||||
# Some cards (like esteid and pteid) work in emu-only mode,
|
||||
# and do not depend on this option.
|
||||
#
|
||||
# Default: no
|
||||
# try_emulation_first = yes;
|
||||
|
||||
# Enable builtin emulators.
|
||||
# Default: yes
|
||||
# enable_builtin_emulation = no;
|
||||
#
|
||||
# List of the builtin pkcs15 emulators to test
|
||||
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
|
||||
# builtin_emulators = openpgp;
|
||||
|
||||
# additional settings per driver
|
||||
#
|
||||
# For pkcs15 emulators loaded from an external shared
|
||||
# library/DLL, you need to specify the path name of the module
|
||||
# and customize the card_atr example above correctly.
|
||||
#
|
||||
# emulate custom {
|
||||
# The location of the driver library
|
||||
# module = p15emu_custom.dll;
|
||||
# }
|
||||
|
||||
# some additional application parameters:
|
||||
# - type (generic, protected) used to distinguish the common access application
|
||||
# and application for which authentication to perform some operation cannot be
|
||||
# obtained with the common procedures (ex. object creation protected by secure messaging).
|
||||
# Used by PKCS#11 module configurated to expose restricted number of slots.
|
||||
# (for ex. configurated to expose only User PIN slot, User and Sign PINs slots, ...)
|
||||
application E828BD080FD25047656E65726963 {
|
||||
type = generic;
|
||||
model = "ECC Generic PKI";
|
||||
}
|
||||
|
||||
application E828BD080FD2500000040301 {
|
||||
type = generic;
|
||||
model = "Adèle Générique";
|
||||
}
|
||||
|
||||
application E828BD080FD2504543432D654944 {
|
||||
type = protected;
|
||||
model = "ECC eID";
|
||||
}
|
||||
|
||||
application E828BD080FD2500000040201 {
|
||||
type = protected;
|
||||
model = "Adèle Admin-2";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Parameters for the OpenSC PKCS11 module
|
||||
app opensc-pkcs11 {
|
||||
pkcs11 {
|
||||
# Should the module support hotplug of readers as per PKCS#11 v2.20?
|
||||
# This affects slot changes and PC/SC PnP, as v2.11 applications
|
||||
# are not allowed to change the length of the slot list.
|
||||
# Default: true
|
||||
# plug_and_play = false;
|
||||
|
||||
# Maximum Number of virtual slots.
|
||||
# If there are more slots than defined here,
|
||||
# the remaining slots will be hidden from PKCS#11.
|
||||
# Default: 16
|
||||
# max_virtual_slots = 32;
|
||||
|
||||
# Maximum number of slots per smart card.
|
||||
# If the card has fewer keys than defined here,
|
||||
# the remaining number of slots will be empty.
|
||||
# Default: 4
|
||||
# slots_per_card = 2;
|
||||
|
||||
# (max_virtual_slots/slots_per_card) limits the number of readers
|
||||
# that can be used on the system. Default is then 16/4=4 readers.
|
||||
|
||||
# Normally, the pkcs11 module will create
|
||||
# the full number of slots defined above by
|
||||
# num_slots. If there are fewer pins/keys on
|
||||
# the card, the remaining keys will be empty
|
||||
# (and you will be able to create new objects
|
||||
# within them).
|
||||
# Default: true
|
||||
# hide_empty_tokens = false;
|
||||
|
||||
# By default, the OpenSC PKCS#11 module will not lock your card
|
||||
# once you authenticate to the card via C_Login.
|
||||
#
|
||||
# Thus the other users or other applications is not prevented
|
||||
# from connecting to the card and perform crypto operations
|
||||
# (which may be possible because you have already authenticated
|
||||
# with the card). This setting is not very secure.
|
||||
#
|
||||
# Also, if your card is not locked, you can enconter problems
|
||||
# due to limitation of the OpenSC framework, that still is not
|
||||
# thoroughly tested in the multi threads environment.
|
||||
#
|
||||
# Your settings will be more secure if you choose to lock your
|
||||
# card. Nevertheless this behavior is a known violation of PKCS#11
|
||||
# specification. Now once one application has started using your
|
||||
# card with C_Login, no other application can use it, until
|
||||
# the first is done and calls C_Logout or C_Finalize. In the case
|
||||
# of many PKCS#11 application this does not happen until you exit
|
||||
# the application.
|
||||
# Thus it is impossible to use several smart card aware applications
|
||||
# at the same time, e.g. you cannot run both Firefox and Thunderbird at
|
||||
# the same time, if both are configured to use your smart card.
|
||||
#
|
||||
# Default: false
|
||||
# lock_login = true;
|
||||
|
||||
# User PIN unblock style
|
||||
# none: PIN unblock is not possible with PKCS#11 API;
|
||||
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
||||
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
||||
# set_pin_in_specific_context: C_SetPIN() in the CKU_SPECIFIC_CONTEXT logged session:
|
||||
# PUK is passed as the 'OldPin' argument of the C_SetPIN() call.
|
||||
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
|
||||
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
|
||||
# # Actually this style works only for the PKCS15 contents without SOPIN.
|
||||
# # For those with SOPIN, this mode will be usefull for the cards without
|
||||
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
|
||||
#
|
||||
# Default: none
|
||||
# user_pin_unblock_style = set_pin_in_unlogged_session;
|
||||
|
||||
# Create slot for unblocking PIN with PUK
|
||||
# This way PKCS#11 API can be used to login with PUK and
|
||||
# change a PIN.
|
||||
# Warning: causes problems with some applications like
|
||||
# firefox and thunderbird. Thus turned off by default
|
||||
#
|
||||
# Default: false
|
||||
# create_puk_slot = true;
|
||||
|
||||
# Report as 'zero' the CKA_ID attribute of CA certificate
|
||||
# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
|
||||
# card reports as '0' the CKA_ID of CA cartificates.
|
||||
# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
|
||||
#
|
||||
# Default: false
|
||||
# zero_ckaid_for_ca_certs = true;
|
||||
|
||||
# List of readers to ignore
|
||||
# If any of the strings listed below is matched (case sensitive) in a reader name,
|
||||
# the reader is ignored by the PKCS#11 module.
|
||||
#
|
||||
# Default: empty
|
||||
# ignored_readers = "CardMan 1021", "SPR 532";
|
||||
|
||||
# Symbolic names of PINs for which slots are created
|
||||
# Card can contain more then one PINs or more then one on-card application with
|
||||
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
|
||||
# created for all of them. Many slots could be ennoying for some of widely used application,
|
||||
# like FireFox. This configuration parameter allows to select the PINs or on-card application
|
||||
# for which PKCS#11 slot will be created.
|
||||
# Actually recognised following symbolic names:
|
||||
# 'user', 'sign', 'application', all
|
||||
# Only PINs initialised, non-SoPIN, non-unblocking are associated with symbolic name.
|
||||
# 'user' is identified as first global or first local PIN.
|
||||
# 'sign' is identified as second PIN: first local, second global or second local.
|
||||
# 'application' slot created for each on-card application,
|
||||
# even if they use a common global PIN.
|
||||
# 'all' slot created for all non-sopin, non-unblocking PINs,
|
||||
# optionally for PUK (see option 'create_puk_slot')
|
||||
#
|
||||
# Default: all
|
||||
# create_slots_for_pins = "user,sign";
|
||||
# create_slots_for_pins = application;
|
||||
# create_slots_for_pins = "application,sign";
|
||||
}
|
||||
}
|
||||
|
||||
# Used by OpenSC.tokend on Mac OS X only.
|
||||
app tokend {
|
||||
# The file to which debug log will be written
|
||||
# Default: /tmp/opensc-tokend.log
|
||||
#
|
||||
# debug_file = /Library/Logs/OpenSC.tokend.log
|
||||
|
||||
framework tokend {
|
||||
# Score for OpenSC.tokend
|
||||
# The tokend with the highest score shall be used.
|
||||
# Default: 300
|
||||
#
|
||||
# score = 10;
|
||||
}
|
||||
}
|
||||
|
||||
# XXX: remove cardmod pseudodriver
|
||||
app cardmod {
|
||||
# cardmod app name use special pcsc reader subset
|
||||
# fix options for this reader driver here.
|
||||
|
||||
reader_driver cardmod {
|
||||
# Enable pinpad if detected (PC/SC v2.0.2 Part 10)
|
||||
# Default: true
|
||||
# enable_pinpad = false;
|
||||
}
|
||||
}
|
|
@ -8,4 +8,3 @@ SUBDIRS = common scconf pkcs15init libopensc pkcs11 \
|
|||
if ENABLE_SM
|
||||
SUBDIRS += libsm smm
|
||||
endif
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Convenience pkcs11 library that can be linked into an application,
|
||||
* and will bind to a specific pkcs11 module.
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*/
|
||||
|
||||
#if HAVE_CONFIG_H
|
||||
|
|
|
@ -47,4 +47,4 @@ opensc.dll: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libsc
|
|||
if EXIST opensc.dll.manifest mt -manifest opensc.dll.manifest -outputresource:opensc.dll;2
|
||||
|
||||
opensc_a.lib: $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib
|
||||
lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib $(ZLIB_LIB) user32.lib ws2_32.lib
|
||||
lib $(LIBFLAGS) /out:opensc_a.lib $(OBJECTS) ..\scconf\scconf.lib ..\common\common.lib ..\common\libscdl.lib ..\pkcs15init\pkcs15init.lib $(ZLIB_LIB) user32.lib advapi32.lib ws2_32.lib
|
||||
|
|
|
@ -1854,6 +1854,17 @@ sc_asn1_sig_value_rs_to_sequence(struct sc_context *ctx, unsigned char *in, size
|
|||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
/* R/S are filled up with zeroes, we do not want that in sequence format */
|
||||
while(r_len > 1 && *r == 0x00) {
|
||||
r++;
|
||||
r_len--;
|
||||
}
|
||||
while(s_len > 1 && *s == 0x00) {
|
||||
s++;
|
||||
s_len--;
|
||||
}
|
||||
|
||||
sc_copy_asn1_entry(c_asn1_sig_value, asn1_sig_value);
|
||||
sc_format_asn1_entry(asn1_sig_value + 0, asn1_sig_value_coefficients, NULL, 1);
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* card-gpk: Driver for GPK 4000 cards
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -3571,4 +3571,15 @@ sc_get_iasecc_driver(void)
|
|||
return sc_get_driver();
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
/* we need to define the functions below to export them */
|
||||
#include "errors.h"
|
||||
|
||||
int
|
||||
iasecc_se_get_info()
|
||||
{
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
#endif /* ENABLE_OPENSSL */
|
||||
|
|
|
@ -1700,7 +1700,7 @@ pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_
|
|||
}
|
||||
/* To generate key with new key size */
|
||||
else if (old_modulus_len != key_info->modulus_len) {
|
||||
algo_blob->data[1] = (unsigned char)key_info->modulus_len >> 8;
|
||||
algo_blob->data[1] = (unsigned char)(key_info->modulus_len >> 8);
|
||||
algo_blob->data[2] = (unsigned char)key_info->modulus_len;
|
||||
changed = 1;
|
||||
}
|
||||
|
@ -1711,7 +1711,7 @@ pgp_update_new_algo_attr(sc_card_t *card, sc_cardctl_openpgp_keygen_info_t *key_
|
|||
key_info->exponent_len = old_exponent_len;
|
||||
}
|
||||
else if (old_exponent_len != key_info->exponent_len) {
|
||||
algo_blob->data[3] = (unsigned char)key_info->exponent_len >> 8;
|
||||
algo_blob->data[3] = (unsigned char)(key_info->exponent_len >> 8);
|
||||
algo_blob->data[4] = (unsigned char)key_info->exponent_len;
|
||||
changed = 1;
|
||||
}
|
||||
|
|
|
@ -723,9 +723,6 @@ static int piv_find_aid(sc_card_t * card, sc_file_t *aid_file)
|
|||
* that we know about.
|
||||
*/
|
||||
|
||||
if (card->type == SC_CARD_TYPE_PIV_II_GENERIC)
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, 0);
|
||||
|
||||
r = piv_select_aid(card, piv_aids[0].value, piv_aids[0].len_short, rbuf, &resplen);
|
||||
if (r >= 0 && resplen > 2 ) {
|
||||
tag = sc_asn1_find_tag(card->ctx, rbuf, resplen, 0x61, &taglen);
|
||||
|
|
|
@ -85,10 +85,6 @@ static int sc_hsm_select_file(sc_card_t *card,
|
|||
sc_file_t *file = NULL;
|
||||
|
||||
if (file_out == NULL) { // Versions before 0.16 of the SmartCard-HSM do not support P2='0C'
|
||||
if (!in_path->len && in_path->aid.len) {
|
||||
sc_log(card->ctx, "Preventing reselection of applet which would clear the security state");
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
rv = sc_hsm_select_file(card, in_path, &file);
|
||||
if (file != NULL) {
|
||||
sc_file_free(file);
|
||||
|
|
|
@ -402,6 +402,7 @@ static int tcos_select_file(sc_card_t *card,
|
|||
|
||||
file = sc_file_new();
|
||||
if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
|
||||
*file_out = file;
|
||||
file->path = *in_path;
|
||||
|
||||
for(i=2; i+1<apdu.resplen && i+1+apdu.resp[i+1]<apdu.resplen; i+=2+apdu.resp[i+1]){
|
||||
|
@ -440,7 +441,6 @@ static int tcos_select_file(sc_card_t *card,
|
|||
}
|
||||
}
|
||||
file->magic = SC_FILE_MAGIC;
|
||||
*file_out = file;
|
||||
|
||||
parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len);
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* ctbcs.c: Extended CTBCS commands, used for pcsc and ct-api readers
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -71,7 +71,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
|
|||
/* card apdu must be last in packet */
|
||||
if (!data->apdu)
|
||||
return SC_ERROR_INTERNAL;
|
||||
if (count + 7 > buflen)
|
||||
if (count + 8 > buflen)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
|
||||
j = count;
|
||||
|
@ -95,12 +95,14 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
|
|||
|
||||
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
||||
len = data->pin1.pad_length;
|
||||
if (j + len > buflen || len > 256)
|
||||
if (1 + j + len > buflen || len > 256)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
buf[j++] = len;
|
||||
memset(buf+j, data->pin1.pad_char, len);
|
||||
j += len;
|
||||
}
|
||||
if (count + 1 > buflen)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
buf[count+1] = j - count - 2;
|
||||
count = j;
|
||||
|
||||
|
@ -168,7 +170,7 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
|
|||
|
||||
if (data->flags & SC_PIN_CMD_NEED_PADDING) {
|
||||
len = data->pin1.pad_length + data->pin2.pad_length;
|
||||
if (j + len > buflen || len > 256)
|
||||
if (1 + j + len > buflen || len > 256)
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
buf[j++] = len;
|
||||
memset(buf+j, data->pin1.pad_char, len);
|
||||
|
|
|
@ -1466,17 +1466,21 @@ int cwa_encode_apdu(sc_card_t * card,
|
|||
/* reserve extra bytes for padding and tlv header */
|
||||
msgbuf = calloc(12 + from->lc, sizeof(u8)); /* to encrypt apdu data */
|
||||
cryptbuf = calloc(12 + from->lc, sizeof(u8));
|
||||
if (!msgbuf || !cryptbuf)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
if (!msgbuf || !cryptbuf) {
|
||||
res = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check if APDU is already encoded */
|
||||
if ((from->cla & 0x0C) != 0) {
|
||||
memcpy(to, from, sizeof(sc_apdu_t));
|
||||
return SC_SUCCESS; /* already encoded */
|
||||
res = SC_SUCCESS; /* already encoded */
|
||||
goto encode_end;
|
||||
}
|
||||
if (from->ins == 0xC0) {
|
||||
memcpy(to, from, sizeof(sc_apdu_t));
|
||||
return SC_SUCCESS; /* dont encode GET Response cmd */
|
||||
res = SC_SUCCESS; /* dont encode GET Response cmd */
|
||||
goto encode_end;
|
||||
}
|
||||
|
||||
/* call provider pre-operation method */
|
||||
|
@ -1500,8 +1504,10 @@ int cwa_encode_apdu(sc_card_t * card,
|
|||
ccbuf =
|
||||
calloc(MAX(SC_MAX_APDU_BUFFER_SIZE, 20 + from->datalen),
|
||||
sizeof(u8));
|
||||
if (!apdubuf || !ccbuf)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
if (!apdubuf || !ccbuf) {
|
||||
res = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* set up data on destination apdu */
|
||||
to->cse = SC_APDU_CASE_3_SHORT;
|
||||
|
@ -1615,6 +1621,7 @@ int cwa_encode_apdu(sc_card_t * card,
|
|||
res = SC_SUCCESS;
|
||||
goto encode_end_apdu_valid;
|
||||
|
||||
err:
|
||||
encode_end:
|
||||
if (apdubuf)
|
||||
free(apdubuf);
|
||||
|
|
|
@ -764,15 +764,14 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
|
|||
sdo = calloc(1, sizeof(struct iasecc_sdo));
|
||||
if (!sdo)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
*out = sdo;
|
||||
|
||||
sdo->sdo_class = *(data + 1) & 0x7F;
|
||||
sdo->sdo_ref = *(data + 2) & 0x3F;
|
||||
|
||||
sc_log(ctx, "sdo_class 0x%X, sdo_ref 0x%X", sdo->sdo_class, sdo->sdo_ref);
|
||||
if (data_len == 3) {
|
||||
*out = sdo;
|
||||
if (data_len == 3)
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
size_size = iasecc_parse_size(data + 3, &size);
|
||||
LOG_TEST_RET(ctx, size_size, "parse error: invalid size data");
|
||||
|
@ -795,8 +794,6 @@ iasecc_sdo_allocate_and_parse(struct sc_card *card, unsigned char *data, size_t
|
|||
|
||||
sc_log(ctx, "docp.acls_contact.size %i; docp.size.size %i", sdo->docp.acls_contact.size, sdo->docp.size.size);
|
||||
|
||||
*out = sdo;
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
|
@ -1299,4 +1296,10 @@ iasecc_sdo_encode_update_field()
|
|||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
int
|
||||
iasecc_se_get_crt()
|
||||
{
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
#endif /* ENABLE_OPENSSL */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* pkc15-algo.c: ASN.1 handling for algorithm IDs and parameters
|
||||
*
|
||||
* Copyright (C) 2001, 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2001, 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -157,7 +157,7 @@ int sc_pkcs15_encode_dodf_entry(sc_context_t *ctx,
|
|||
size_t label_len;
|
||||
|
||||
info = (struct sc_pkcs15_data_info *) obj->data;
|
||||
label_len = strlen(info->app_label);
|
||||
label_len = strnlen(info->app_label, sizeof info->app_label);
|
||||
|
||||
sc_copy_asn1_entry(c_asn1_com_data_attr, asn1_com_data_attr);
|
||||
sc_copy_asn1_entry(c_asn1_type_data_attr, asn1_type_data_attr);
|
||||
|
|
|
@ -358,7 +358,7 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
|
|||
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||
|
||||
/* the path in the pin object is optional */
|
||||
if (auth_info->path.len > 0) {
|
||||
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
|
||||
r = sc_select_file(card, &auth_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
|
@ -402,7 +402,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15card,
|
|||
r = sc_lock(card);
|
||||
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||
/* the path in the pin object is optional */
|
||||
if (auth_info->path.len > 0) {
|
||||
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
|
||||
r = sc_select_file(card, &auth_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
|
@ -509,7 +509,7 @@ int sc_pkcs15_unblock_pin(struct sc_pkcs15_card *p15card,
|
|||
LOG_TEST_RET(ctx, r, "sc_lock() failed");
|
||||
|
||||
/* the path in the pin object is optional */
|
||||
if (auth_info->path.len > 0) {
|
||||
if ((auth_info->path.len > 0) || ((auth_info->path.aid.len > 0))) {
|
||||
r = sc_select_file(card, &auth_info->path, NULL);
|
||||
if (r)
|
||||
goto out;
|
||||
|
|
|
@ -298,10 +298,10 @@ int sc_pkcs15emu_sc_hsm_encode_cvc(sc_pkcs15_card_t * p15card,
|
|||
}
|
||||
|
||||
sc_format_asn1_entry(asn1_cvc_body , &cvc->cpi, NULL, 1);
|
||||
lencar = strlen(cvc->car);
|
||||
lencar = strnlen(cvc->car, sizeof cvc->car);
|
||||
sc_format_asn1_entry(asn1_cvc_body + 1, &cvc->car, &lencar, 1);
|
||||
sc_format_asn1_entry(asn1_cvc_body + 2, &asn1_cvc_pubkey, NULL, 1);
|
||||
lenchr = strlen(cvc->chr);
|
||||
lenchr = strnlen(cvc->chr, sizeof cvc->chr);
|
||||
sc_format_asn1_entry(asn1_cvc_body + 3, &cvc->chr, &lenchr, 1);
|
||||
|
||||
sc_format_asn1_entry(asn1_cvcert , &asn1_cvc_body, NULL, 1);
|
||||
|
@ -846,7 +846,7 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
|
|||
if (appinfo->label == NULL)
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
|
||||
len = strlen(devcert.chr); /* Strip last 5 digit sequence number from CHR */
|
||||
len = strnlen(devcert.chr, sizeof devcert.chr); /* Strip last 5 digit sequence number from CHR */
|
||||
assert(len >= 8);
|
||||
len -= 5;
|
||||
|
||||
|
@ -866,9 +866,10 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
|
|||
|
||||
pin_info.auth_id.len = 1;
|
||||
pin_info.auth_id.value[0] = 1;
|
||||
pin_info.path.aid = sc_hsm_aid;
|
||||
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
pin_info.attrs.pin.reference = 0x81;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA;
|
||||
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||
pin_info.attrs.pin.min_length = 6;
|
||||
pin_info.attrs.pin.stored_length = 0;
|
||||
|
@ -890,16 +891,17 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
|
|||
|
||||
pin_info.auth_id.len = 1;
|
||||
pin_info.auth_id.value[0] = 2;
|
||||
pin_info.path.aid = sc_hsm_aid;
|
||||
pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
pin_info.attrs.pin.reference = 0x88;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_CHANGE_DISABLED|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||
pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN;
|
||||
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD;
|
||||
pin_info.attrs.pin.min_length = 16;
|
||||
pin_info.attrs.pin.stored_length = 0;
|
||||
pin_info.attrs.pin.max_length = 16;
|
||||
pin_info.attrs.pin.pad_char = '\0';
|
||||
pin_info.tries_left = 3;
|
||||
pin_info.max_tries = 3;
|
||||
pin_info.tries_left = 15;
|
||||
pin_info.max_tries = 15;
|
||||
|
||||
strlcpy(pin_obj.label, "SOPIN", sizeof(pin_obj.label));
|
||||
pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
|
||||
|
|
|
@ -1505,8 +1505,8 @@ compare_obj_data_name(struct sc_pkcs15_object *obj, const char *app_label, const
|
|||
if (obj->type != SC_PKCS15_TYPE_DATA_OBJECT)
|
||||
return 0;
|
||||
|
||||
return !strcmp(cinfo->app_label, app_label) &&
|
||||
!strcmp(obj->label, label);
|
||||
return !strncmp(cinfo->app_label, app_label, sizeof cinfo->app_label) &&
|
||||
!strncmp(obj->label, label, sizeof obj->label);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -248,7 +248,7 @@ static int openct_reader_disconnect(sc_reader_t *reader)
|
|||
struct driver_data *data = (struct driver_data *) reader->drv_data;
|
||||
|
||||
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
if (data->h && !(reader->flags & SC_TERMINATE))
|
||||
if (data->h && !(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
|
||||
ct_reader_disconnect(data->h);
|
||||
data->h = NULL;
|
||||
return SC_SUCCESS;
|
||||
|
|
|
@ -41,6 +41,12 @@
|
|||
|
||||
#include "pace.h"
|
||||
|
||||
#ifdef HAVE_PCSCLITE_H
|
||||
#if !defined (__MAC_OS_X_VERSION_MIN_REQUIRED) || __MAC_OS_X_VERSION_MIN_REQUIRED < 101000
|
||||
#define HAVE_PCSCLITE 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Logging */
|
||||
#define PCSC_TRACE(reader, desc, rv) do { sc_log(reader->ctx, "%s:" desc ": 0x%08lx\n", reader->name, rv); } while (0)
|
||||
#define PCSC_LOG(ctx, desc, rv) do { sc_log(ctx, desc ": 0x%08lx\n", rv); } while (0)
|
||||
|
@ -431,8 +437,10 @@ static int pcsc_reconnect(sc_reader_t * reader, DWORD action)
|
|||
if (check_forced_protocol(reader->ctx, &reader->atr, &tmp))
|
||||
protocol = tmp;
|
||||
|
||||
/* reconnect always unlocks transaction */
|
||||
#ifndef HAVE_PCSCLITE
|
||||
/* reconnect unlocks transaction everywhere but in PCSC-lite */
|
||||
priv->locked = 0;
|
||||
#endif
|
||||
|
||||
rv = priv->gpriv->SCardReconnect(priv->pcsc_card,
|
||||
priv->gpriv->connect_exclusive ? SCARD_SHARE_EXCLUSIVE : SCARD_SHARE_SHARED,
|
||||
|
@ -588,17 +596,21 @@ static int pcsc_release(sc_reader_t *reader)
|
|||
|
||||
static int pcsc_reset(sc_reader_t *reader, int do_cold_reset)
|
||||
{
|
||||
struct pcsc_private_data *priv = GET_PRIV_DATA(reader);
|
||||
int r;
|
||||
#ifndef HAVE_PCSCLITE
|
||||
struct pcsc_private_data *priv = GET_PRIV_DATA(reader);
|
||||
int old_locked = priv->locked;
|
||||
#endif
|
||||
|
||||
r = pcsc_reconnect(reader, do_cold_reset ? SCARD_UNPOWER_CARD : SCARD_RESET_CARD);
|
||||
if(r != SC_SUCCESS)
|
||||
return r;
|
||||
|
||||
/* pcsc_reconnect unlocks card... try to lock it again if it was locked */
|
||||
#ifndef HAVE_PCSCLITE
|
||||
/* reconnect unlocks transaction everywhere but in PCSC-lite */
|
||||
if(old_locked)
|
||||
r = pcsc_lock(reader);
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -2486,4 +2498,3 @@ struct sc_reader_driver * sc_get_cardmod_driver(void)
|
|||
#endif
|
||||
|
||||
#endif /* ENABLE_PCSC */
|
||||
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
MAINTAINERCLEANFILES = Makefile.in
|
||||
EXTRA_DIST = Makefile.mak
|
||||
|
||||
if ENABLE_OPENSSL
|
||||
noinst_LTLIBRARIES = libsm.la
|
||||
endif
|
||||
noinst_HEADERS = sm-common.h
|
||||
|
||||
AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS) $(OPTIONAL_READLINE_CFLAGS)
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
TOPDIR = ..\..
|
||||
|
||||
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
|
||||
TARGET = libsm.lib
|
||||
OBJECTS = sm-common.obj
|
||||
|
||||
|
@ -9,3 +10,7 @@ $(TARGET): $(OBJECTS)
|
|||
lib $(LIBFLAGS) /out:$(TARGET) $(OBJECTS)
|
||||
|
||||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||
|
||||
!ELSE
|
||||
all:
|
||||
!ENDIF
|
||||
|
|
|
@ -118,7 +118,6 @@ HINSTANCE g_inst;
|
|||
#define MAGIC_SESSION_PIN "opensc-minidriver"
|
||||
|
||||
struct md_directory {
|
||||
unsigned char parent[9];
|
||||
unsigned char name[9];
|
||||
|
||||
CARD_DIRECTORY_ACCESS_CONDITION acl;
|
||||
|
@ -130,7 +129,6 @@ struct md_directory {
|
|||
};
|
||||
|
||||
struct md_file {
|
||||
unsigned char parent[9];
|
||||
unsigned char name[9];
|
||||
|
||||
CARD_FILE_ACCESS_CONDITION acl;
|
||||
|
@ -680,7 +678,8 @@ md_fs_find_directory(PCARD_DATA pCardData, struct md_directory *parent, char *na
|
|||
else {
|
||||
dir = parent->subdirs;
|
||||
while(dir) {
|
||||
if (!strcmp(dir->name, name))
|
||||
if (strlen(name) > sizeof dir->name
|
||||
|| !strncmp(dir->name, name, sizeof dir->name))
|
||||
break;
|
||||
dir = dir->next;
|
||||
}
|
||||
|
@ -760,7 +759,8 @@ md_fs_find_file(PCARD_DATA pCardData, char *parent, char *name, struct md_file *
|
|||
}
|
||||
|
||||
for (file = dir->files; file!=NULL;) {
|
||||
if (!strcmp(file->name, name))
|
||||
if (sizeof file->name < strlen(name)
|
||||
|| !strncmp(file->name, name, sizeof file->name))
|
||||
break;
|
||||
file = file->next;
|
||||
}
|
||||
|
@ -865,7 +865,8 @@ md_fs_delete_file(PCARD_DATA pCardData, char *parent, char *name)
|
|||
return SCARD_E_FILE_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (!strcmp(dir->files->name, name)) {
|
||||
if (sizeof dir->files->name < strlen(name)
|
||||
|| !strncmp(dir->files->name, name, sizeof dir->files->name)) {
|
||||
file_to_rm = dir->files;
|
||||
dir->files = dir->files->next;
|
||||
md_fs_free_file(pCardData, file_to_rm);
|
||||
|
@ -875,7 +876,8 @@ md_fs_delete_file(PCARD_DATA pCardData, char *parent, char *name)
|
|||
for (file = dir->files; file!=NULL; file = file->next) {
|
||||
if (!file->next)
|
||||
break;
|
||||
if (!strcmp(file->next->name, name)) {
|
||||
if (sizeof file->next->name < strlen(name)
|
||||
|| !strncmp(file->next->name, name, sizeof file->next->name)) {
|
||||
file_to_rm = file->next;
|
||||
file->next = file->next->next;
|
||||
md_fs_free_file(pCardData, file_to_rm);
|
||||
|
@ -978,8 +980,8 @@ md_pkcs15_update_containers(PCARD_DATA pCardData, unsigned char *blob, size_t si
|
|||
cont->flags = pp->bFlags;
|
||||
cont->size_sign = pp->wSigKeySizeBits;
|
||||
cont->size_key_exchange = pp->wKeyExchangeKeySizeBits;
|
||||
logprintf(pCardData, 3, "update P15 containers: touch container (idx:%i,id:%s,guid:%s,flags:%X)\n",
|
||||
idx, sc_pkcs15_print_id(&cont->id),cont->guid,cont->flags);
|
||||
logprintf(pCardData, 3, "update P15 containers: touch container (idx:%i,id:%s,guid:%.*s,flags:%X)\n",
|
||||
idx, sc_pkcs15_print_id(&cont->id),(int)sizeof cont->guid,cont->guid,cont->flags);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1002,7 +1004,7 @@ md_pkcs15_update_container_from_do(PCARD_DATA pCardData, struct sc_pkcs15_object
|
|||
|
||||
rv = sc_pkcs15_read_data_object(vs->p15card, (struct sc_pkcs15_data_info *)dobj->data, &ddata);
|
||||
if (rv) {
|
||||
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%s') returned %i\n", dobj->label, rv);
|
||||
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%.*s') returned %i\n", (int) sizeof dobj->label, dobj->label, rv);
|
||||
return SCARD_F_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -1060,7 +1062,7 @@ md_pkcs15_default_container_from_do(PCARD_DATA pCardData, struct sc_pkcs15_objec
|
|||
|
||||
rv = sc_pkcs15_read_data_object(vs->p15card, (struct sc_pkcs15_data_info *)dobj->data, &ddata);
|
||||
if (rv) {
|
||||
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%s') returned %i\n", dobj->label, rv);
|
||||
logprintf(pCardData, 2, "sc_pkcs15_read_data_object('%.*s') returned %i\n", (int) sizeof dobj->label, dobj->label, rv);
|
||||
return SCARD_F_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -1102,7 +1104,7 @@ md_pkcs15_delete_object(PCARD_DATA pCardData, struct sc_pkcs15_object *obj)
|
|||
|
||||
if (!obj)
|
||||
return SCARD_S_SUCCESS;
|
||||
logprintf(pCardData, 3, "MdDeleteObject('%s',type:0x%X) called\n", obj->label, obj->type);
|
||||
logprintf(pCardData, 3, "MdDeleteObject('%.*s',type:0x%X) called\n", (int) sizeof obj->label, obj->label, obj->type);
|
||||
|
||||
rv = sc_lock(card);
|
||||
if (rv) {
|
||||
|
@ -1550,7 +1552,7 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
|
|||
cont->size_key_exchange = prkey_info->field_length;
|
||||
}
|
||||
|
||||
logprintf(pCardData, 7, "Container[%i]'s guid=%s\n", ii, cont->guid);
|
||||
logprintf(pCardData, 7, "Container[%i]'s guid=%.*s\n", ii, (int) sizeof cont->guid, cont->guid);
|
||||
logprintf(pCardData, 7, "Container[%i]'s key-exchange:%i, sign:%i\n", ii, cont->size_key_exchange, cont->size_sign);
|
||||
|
||||
cont->id = prkey_info->id;
|
||||
|
@ -1558,10 +1560,10 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
|
|||
|
||||
/* Try to find the friend objects: certficate and public key */
|
||||
if (!sc_pkcs15_find_cert_by_id(vs->p15card, &cont->id, &cont->cert_obj))
|
||||
logprintf(pCardData, 2, "found certificate friend '%s'\n", cont->cert_obj->label);
|
||||
logprintf(pCardData, 2, "found certificate friend '%.*s'\n", (int) sizeof cont->cert_obj->label, cont->cert_obj->label);
|
||||
|
||||
if (!sc_pkcs15_find_pubkey_by_id(vs->p15card, &cont->id, &cont->pubkey_obj))
|
||||
logprintf(pCardData, 2, "found public key friend '%s'\n", cont->pubkey_obj->label);
|
||||
logprintf(pCardData, 2, "found public key friend '%.*s'\n", (int) sizeof cont->pubkey_obj->label, cont->pubkey_obj->label);
|
||||
}
|
||||
|
||||
if (conts_num) {
|
||||
|
@ -1584,8 +1586,8 @@ md_set_cmapfile(PCARD_DATA pCardData, struct md_file *file)
|
|||
if (strcmp(dinfo->app_label, MD_DATA_APPLICAITON_NAME))
|
||||
continue;
|
||||
|
||||
logprintf(pCardData, 2, "Found 'DATA' object '%s'\n", dobjs[ii]->label);
|
||||
if (!strcmp(dobjs[ii]->label, MD_DATA_DEFAULT_CONT_LABEL)) {
|
||||
logprintf(pCardData, 2, "Found 'DATA' object '%.*s'\n", (int) sizeof dobjs[ii]->label, dobjs[ii]->label);
|
||||
if (!strncmp(dobjs[ii]->label, MD_DATA_DEFAULT_CONT_LABEL, sizeof dobjs[ii]->label)) {
|
||||
default_cont = dobjs[ii];
|
||||
continue;
|
||||
}
|
||||
|
@ -2039,8 +2041,8 @@ md_pkcs15_generate_key(PCARD_DATA pCardData, DWORD idx, DWORD key_type, DWORD ke
|
|||
cont->index = idx;
|
||||
cont->flags = CONTAINER_MAP_VALID_CONTAINER;
|
||||
|
||||
logprintf(pCardData, 3, "MdGenerateKey(): generated key(idx:%i,id:%s,guid:%s)\n",
|
||||
idx, sc_pkcs15_print_id(&cont->id),cont->guid);
|
||||
logprintf(pCardData, 3, "MdGenerateKey(): generated key(idx:%i,id:%s,guid:%.*s)\n",
|
||||
idx, sc_pkcs15_print_id(&cont->id),(int) sizeof cont->guid, cont->guid);
|
||||
|
||||
dwret = SCARD_S_SUCCESS;
|
||||
done:
|
||||
|
@ -2171,7 +2173,7 @@ md_pkcs15_store_key(PCARD_DATA pCardData, DWORD idx, DWORD key_type, BYTE *blob,
|
|||
cont->index = idx;
|
||||
cont->flags |= CONTAINER_MAP_VALID_CONTAINER;
|
||||
|
||||
logprintf(pCardData, 3, "MdStoreKey(): stored key(idx:%i,id:%s,guid:%s)\n", idx, sc_pkcs15_print_id(&cont->id),cont->guid);
|
||||
logprintf(pCardData, 3, "MdStoreKey(): stored key(idx:%i,id:%s,guid:%.*s)\n", idx, sc_pkcs15_print_id(&cont->id),(int) sizeof cont->guid,cont->guid);
|
||||
dwret = SCARD_S_SUCCESS;
|
||||
|
||||
done:
|
||||
|
@ -2812,7 +2814,7 @@ DWORD WINAPI CardGetContainerInfo(__in PCARD_DATA pCardData, __in BYTE bContaine
|
|||
if (!pubkey_der.value && cont->pubkey_obj) {
|
||||
struct sc_pkcs15_pubkey *pubkey = NULL;
|
||||
|
||||
logprintf(pCardData, 1, "now read public key '%s'\n", cont->pubkey_obj->label);
|
||||
logprintf(pCardData, 1, "now read public key '%.*s'\n", (int) sizeof cont->pubkey_obj->label, cont->pubkey_obj->label);
|
||||
rv = sc_pkcs15_read_pubkey(vs->p15card, cont->pubkey_obj, &pubkey);
|
||||
if (!rv) {
|
||||
rv = sc_pkcs15_encode_pubkey(vs->ctx, pubkey, &pubkey_der.value, &pubkey_der.len);
|
||||
|
@ -2836,7 +2838,7 @@ DWORD WINAPI CardGetContainerInfo(__in PCARD_DATA pCardData, __in BYTE bContaine
|
|||
if (!pubkey_der.value && cont->cert_obj) {
|
||||
struct sc_pkcs15_cert *cert = NULL;
|
||||
|
||||
logprintf(pCardData, 1, "now read certificate '%s'\n", cont->cert_obj->label);
|
||||
logprintf(pCardData, 1, "now read certificate '%.*s'\n", (int) sizeof cont->cert_obj->label, cont->cert_obj->label);
|
||||
rv = sc_pkcs15_read_certificate(vs->p15card, (struct sc_pkcs15_cert_info *)(cont->cert_obj->data), &cert);
|
||||
if(!rv) {
|
||||
rv = sc_pkcs15_encode_pubkey(vs->ctx, cert->key, &pubkey_der.value, &pubkey_der.len);
|
||||
|
|
|
@ -967,7 +967,7 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
|||
}
|
||||
else {
|
||||
if (auth->label[0])
|
||||
snprintf(label, sizeof(label), "%s (%s)", p15card->tokeninfo->label, auth->label);
|
||||
snprintf(label, sizeof(label), "%s (%.*s)", p15card->tokeninfo->label, (int) sizeof auth->label, auth->label);
|
||||
else
|
||||
snprintf(label, sizeof(label), "%s", p15card->tokeninfo->label);
|
||||
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
|
||||
|
@ -1156,7 +1156,7 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
|
|||
struct sc_pkcs15_auth_info *pin_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||
unsigned i;
|
||||
|
||||
sc_log(context, "Add objects related to PIN('%s',ID:%s)", pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id));
|
||||
sc_log(context, "Add objects related to PIN('%.*s',ID:%s)", (int) sizeof pin_obj->label, pin_obj->label, sc_pkcs15_print_id(&pin_info->auth_id));
|
||||
for (i=0; i < fw_data->num_objects; i++) {
|
||||
struct pkcs15_any_object *obj = fw_data->objects[i];
|
||||
|
||||
|
@ -1167,7 +1167,7 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
|
|||
* not private. Just ignore those... */
|
||||
if (!(obj->p15_object->flags & SC_PKCS15_CO_FLAG_PRIVATE))
|
||||
continue;
|
||||
sc_log(context, "ObjID(%p,%s,%x):%s", obj, obj->p15_object->label,
|
||||
sc_log(context, "ObjID(%p,%.*s,%x):%s", obj, (int) sizeof obj->p15_object->label, obj->p15_object->label,
|
||||
obj->p15_object->type, sc_pkcs15_print_id(&obj->p15_object->auth_id));
|
||||
if (!sc_pkcs15_compare_id(&pin_info->auth_id, &obj->p15_object->auth_id)) {
|
||||
sc_log(context, "Ignoring object %d", i);
|
||||
|
@ -1175,15 +1175,15 @@ _add_pin_related_objects(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *p
|
|||
}
|
||||
|
||||
if (is_privkey(obj)) {
|
||||
sc_log(context, "Slot:%p, obj:%p Adding private key %d to PIN '%s'", slot, obj, i, pin_obj->label);
|
||||
sc_log(context, "Slot:%p, obj:%p Adding private key %d to PIN '%.*s'", slot, obj, i, (int) sizeof pin_obj->label, pin_obj->label);
|
||||
pkcs15_add_object(slot, obj, NULL);
|
||||
}
|
||||
else if (is_data(obj)) {
|
||||
sc_log(context, "Slot:%p Adding data object %d to PIN '%s'", slot, i, pin_obj->label);
|
||||
sc_log(context, "Slot:%p Adding data object %d to PIN '%.*s'", slot, i, (int) sizeof pin_obj->label, pin_obj->label);
|
||||
pkcs15_add_object(slot, obj, NULL);
|
||||
}
|
||||
else if (is_cert(obj)) {
|
||||
sc_log(context, "Slot:%p Adding cert object %d to PIN '%s'", slot, i, pin_obj->label);
|
||||
sc_log(context, "Slot:%p Adding cert object %d to PIN '%.*s'", slot, i, (int) sizeof pin_obj->label, pin_obj->label);
|
||||
pkcs15_add_object(slot, obj, NULL);
|
||||
}
|
||||
else {
|
||||
|
@ -1233,7 +1233,7 @@ _add_public_objects(struct sc_pkcs11_slot *slot, struct pkcs15_fw_data *fw_data,
|
|||
if (obj->p15_object->auth_id.len && !(is_pubkey(obj) || is_cert(obj)))
|
||||
continue;
|
||||
|
||||
sc_log(context, "Add public object(%p,%s,%x)", obj, obj->p15_object->label, obj->p15_object->type);
|
||||
sc_log(context, "Add public object(%p,%.*s,%x)", obj, (int) sizeof obj->p15_object->label, obj->p15_object->label, obj->p15_object->type);
|
||||
pkcs15_add_object(slot, obj, NULL);
|
||||
|
||||
if (move_to_fw && move_to_fw != fw_data && move_to_fw->num_objects < MAX_OBJECTS) {
|
||||
|
@ -1306,7 +1306,7 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
|||
/* Check if a slot could be created with this PIN */
|
||||
if (!_is_slot_auth_object(pin_info))
|
||||
continue;
|
||||
sc_log(context, "Found authentication object '%s'", auths[i]->label);
|
||||
sc_log(context, "Found authentication object '%.*s'", (int) sizeof auths[i]->label, auths[i]->label);
|
||||
|
||||
rv = pkcs15_create_slot(p11card, fw_data, auths[i], app_info, &islot);
|
||||
if (rv != CKR_OK)
|
||||
|
@ -1337,13 +1337,13 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
|||
sc_log(context, "User/Sign PINs %p/%p", auth_user_pin, auth_sign_pin);
|
||||
if (fauo && auth_user_pin && !memcmp(fauo->data, auth_user_pin->data, sizeof(struct sc_pkcs15_auth_info))) {
|
||||
/* Add objects from the non-first application to the FW data of the first slot */
|
||||
sc_log(context, "Add objects to existing slot created for PIN '%s'", fauo->label);
|
||||
sc_log(context, "Add objects to existing slot created for PIN '%.*s'", (int) sizeof fauo->label, fauo->label);
|
||||
_add_pin_related_objects(*first_slot, fauo, fw_data, ffda);
|
||||
slot = *first_slot;
|
||||
}
|
||||
else if (auth_user_pin) {
|
||||
/* For the UserPIN of the first slot create slot */
|
||||
sc_log(context, "Create slot for User PIN '%s'", auth_user_pin->label);
|
||||
sc_log(context, "Create slot for User PIN '%.*s'", (int) sizeof auth_user_pin->label, auth_user_pin->label);
|
||||
rv = pkcs15_create_slot(p11card, fw_data, auth_user_pin, app_info, &slot);
|
||||
if (rv != CKR_OK)
|
||||
return CKR_OK; /* no more slots available for this card */
|
||||
|
@ -1355,7 +1355,7 @@ pkcs15_create_tokens(struct sc_pkcs11_card *p11card, struct sc_app_info *app_inf
|
|||
if (auth_sign_pin && auth_user_pin) {
|
||||
struct sc_pkcs11_slot *sign_slot = NULL;
|
||||
|
||||
sc_log(context, "Create slot for Sign PIN '%s'", auth_sign_pin->label);
|
||||
sc_log(context, "Create slot for Sign PIN '%.*s'", (int) sizeof auth_sign_pin->label, auth_sign_pin->label);
|
||||
rv = pkcs15_create_slot(p11card, fw_data, auth_sign_pin, app_info, &sign_slot);
|
||||
if (rv != CKR_OK)
|
||||
return CKR_OK; /* no more slots available for this card */
|
||||
|
@ -1641,7 +1641,7 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot,
|
|||
if (!auth_info)
|
||||
return CKR_USER_PIN_NOT_INITIALIZED;
|
||||
|
||||
sc_log(context, "Change '%s' (ref:%i,type:%i)", pin_obj->label, auth_info->attrs.pin.reference, login_user);
|
||||
sc_log(context, "Change '%.*s' (ref:%i,type:%i)", (int) sizeof pin_obj->label, pin_obj->label, auth_info->attrs.pin.reference, login_user);
|
||||
if (p11card->card->reader->capabilities & SC_READER_CAP_PIN_PAD) {
|
||||
/* pPin should be NULL in case of a pin pad reader, but
|
||||
* some apps (e.g. older Netscapes) don't know about it.
|
||||
|
@ -3151,7 +3151,7 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
|
|||
*(CK_BBOOL*)attr->pValue = FALSE;
|
||||
break;
|
||||
case CKA_LABEL:
|
||||
len = strlen(cert->cert_p15obj->label);
|
||||
len = strnlen(cert->cert_p15obj->label, sizeof cert->cert_p15obj->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, cert->cert_p15obj->label, len);
|
||||
break;
|
||||
|
@ -3420,7 +3420,7 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
|
|||
*(CK_BBOOL*)attr->pValue = FALSE;
|
||||
break;
|
||||
case CKA_LABEL:
|
||||
len = strlen(prkey->prv_p15obj->label);
|
||||
len = strnlen(prkey->prv_p15obj->label, sizeof prkey->prv_p15obj->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, prkey->prv_p15obj->label, len);
|
||||
break;
|
||||
|
@ -3904,12 +3904,12 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
|
|||
break;
|
||||
case CKA_LABEL:
|
||||
if (pubkey->pub_p15obj) {
|
||||
len = strlen(pubkey->pub_p15obj->label);
|
||||
len = strnlen(pubkey->pub_p15obj->label, sizeof pubkey->pub_p15obj->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, pubkey->pub_p15obj->label, len);
|
||||
}
|
||||
else if (cert && cert->cert_p15obj) {
|
||||
len = strlen(cert->cert_p15obj->label);
|
||||
len = strnlen(cert->cert_p15obj->label, sizeof cert->cert_p15obj->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, cert->cert_p15obj->label, len);
|
||||
}
|
||||
|
@ -4127,7 +4127,7 @@ pkcs15_dobj_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
|
|||
*(CK_BBOOL*)attr->pValue = (dobj->base.p15_object->flags & 0x02) != 0;
|
||||
break;
|
||||
case CKA_LABEL:
|
||||
len = strlen(dobj->base.p15_object->label);
|
||||
len = strnlen(dobj->base.p15_object->label, sizeof dobj->base.p15_object->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, dobj->base.p15_object->label, len);
|
||||
break;
|
||||
|
@ -4262,7 +4262,7 @@ pkcs15_skey_get_attribute(struct sc_pkcs11_session *session,
|
|||
/*TODO Why no definition of the flag */
|
||||
break;
|
||||
case CKA_LABEL:
|
||||
len = strlen(skey->base.p15_object->label);
|
||||
len = strnlen(skey->base.p15_object->label, sizeof skey->base.p15_object->label);
|
||||
check_attribute_buffer(attr, len);
|
||||
memcpy(attr->pValue, skey->base.p15_object->label, len);
|
||||
break;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Generic handling of PKCS11 mechanisms
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
|
@ -324,6 +324,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
}
|
||||
conf->hide_empty_tokens = 1;
|
||||
conf->lock_login = 0;
|
||||
conf->init_sloppy = 1;
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||
conf->create_puk_slot = 0;
|
||||
conf->zero_ckaid_for_ca_certs = 0;
|
||||
|
@ -339,6 +340,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
|
||||
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
|
||||
conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
|
||||
conf->init_sloppy = scconf_get_bool(conf_block, "init_sloppy", conf->init_sloppy);
|
||||
|
||||
unblock_style = (char *)scconf_get_str(conf_block, "user_pin_unblock_style", NULL);
|
||||
if (unblock_style && !strcmp(unblock_style, "set_pin_in_unlogged_session"))
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* OpenSSL helper functions, e.g. for implementing MD5 support
|
||||
* et al
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
|
|
@ -473,6 +473,7 @@ static sc_timestamp_t get_current_time(void)
|
|||
CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
||||
{
|
||||
struct sc_pkcs11_slot *slot;
|
||||
unsigned int uninit_slotcount;
|
||||
sc_timestamp_t now;
|
||||
CK_RV rv;
|
||||
|
||||
|
@ -485,6 +486,19 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
|||
|
||||
sc_log(context, "C_GetSlotInfo(0x%lx)", slotID);
|
||||
|
||||
if (sc_pkcs11_conf.plug_and_play)
|
||||
uninit_slotcount = 1;
|
||||
else
|
||||
uninit_slotcount = 0;
|
||||
if (sc_pkcs11_conf.init_sloppy && uninit_slotcount <= list_size(&virtual_slots)) {
|
||||
/* Most likely virtual_slots only contains the hotplug slot and has not
|
||||
* been initialized because the caller has *not* called C_GetSlotList
|
||||
* before C_GetSlotInfo, as required by PKCS#11. Initialize
|
||||
* virtual_slots to make things work and hope the caller knows what
|
||||
* it's doing... */
|
||||
card_detect_all();
|
||||
}
|
||||
|
||||
rv = slot_get_slot(slotID, &slot);
|
||||
sc_log(context, "C_GetSlotInfo() get slot rv %i", rv);
|
||||
if (rv == CKR_OK) {
|
||||
|
|
|
@ -78,6 +78,7 @@ struct sc_pkcs11_config {
|
|||
unsigned int slots_per_card;
|
||||
unsigned char hide_empty_tokens;
|
||||
unsigned char lock_login;
|
||||
unsigned char init_sloppy;
|
||||
unsigned int pin_unblock_style;
|
||||
unsigned int create_puk_slot;
|
||||
unsigned int zero_ckaid_for_ca_certs;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* CardOS specific operation for PKCS15 initialization
|
||||
*
|
||||
* Copyright (C) 2005 Nils Larsch <nils@larsch.net>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -499,7 +499,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
|
||||
/* allocate key object */
|
||||
r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, &file);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"create key: failed to allocate new key object");
|
||||
file->size = keybits;
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "private key path: %s",
|
||||
|
@ -509,13 +509,13 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, file,
|
||||
SC_AC_OP_DELETE);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
|
||||
|
||||
r = sc_delete_file(p15card->card, &file->path);
|
||||
/* create */
|
||||
r = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"create key: failed to create key file");
|
||||
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "index %i; keybits %i\n", idx,
|
||||
|
@ -523,33 +523,32 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
"Unsupported key size %u\n", keybits);
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||
goto err;
|
||||
}
|
||||
|
||||
path = key_info->path;
|
||||
path.len -= 2;
|
||||
|
||||
r = sc_select_file(card, &path, &tfile);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key: no private object DF");
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, tfile,
|
||||
SC_AC_OP_CRYPTO);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key: pkcs15init_authenticate(SC_AC_OP_CRYPTO) failed");
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, tfile,
|
||||
SC_AC_OP_CREATE);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key: pkcs15init_authenticate(SC_AC_OP_CREATE) failed");
|
||||
|
||||
sc_file_free(tfile);
|
||||
|
||||
if ((r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, idx,
|
||||
&pukf)) < 0) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"generate key: create temporary pukf failed\n");
|
||||
goto failed;
|
||||
goto err;
|
||||
}
|
||||
pukf->size = keybits;
|
||||
pukf->id = pukf->path.value[pukf->path.len - 2] * 0x100
|
||||
|
@ -565,14 +564,14 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
if (r == SC_SUCCESS) {
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, pukf,
|
||||
SC_AC_OP_DELETE);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
|
||||
|
||||
r = sc_pkcs15init_delete_by_path(profile, p15card, &pukf->path);
|
||||
if (r != SC_SUCCESS) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"generate key: failed to delete existing key file\n");
|
||||
goto failed;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
/* create */
|
||||
|
@ -580,12 +579,12 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
if (r != SC_SUCCESS) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"generate key: pukf create file failed\n");
|
||||
goto failed;
|
||||
goto err;
|
||||
}
|
||||
|
||||
r = sc_pkcs15init_authenticate(profile, p15card, pukf,
|
||||
SC_AC_OP_UPDATE);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_UPDATE) failed");
|
||||
|
||||
/* generate key pair */
|
||||
|
@ -597,7 +596,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
gendat.key_length = keybits;
|
||||
gendat.modulus = NULL;
|
||||
r = sc_card_ctl(card, SC_CARDCTL_ENTERSAFE_GENERATE_KEY, &gendat);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate RSA key pair failed");
|
||||
|
||||
/* get the modulus */
|
||||
|
@ -611,7 +610,7 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
buf = (u8 *) malloc(3);
|
||||
if (!buf) {
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto failed;
|
||||
goto err;
|
||||
}
|
||||
buf[0] = 0x01;
|
||||
buf[1] = 0x00;
|
||||
|
@ -624,9 +623,13 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
|||
/* free public key */
|
||||
free(gendat.modulus);
|
||||
|
||||
failed:
|
||||
err:
|
||||
if (pukf)
|
||||
sc_file_free(pukf);
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
if (tfile)
|
||||
sc_file_free(tfile);
|
||||
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* GPK specific operation for PKCS15 initialization
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* Incrypto34 specific operation for PKCS15 initialization
|
||||
*
|
||||
* Copyright (C) 2005 ST Incard srl, Giuseppe Amato <giuseppe dot amato at st dot com>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Function prototypes for pkcs15-init
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*/
|
||||
|
||||
#ifndef PKCS15_INIT_H
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
* JCOP specific operation for PKCS15 initialization
|
||||
*
|
||||
* Copyright 2003 Chaskiel Grundman <cg2v@andrew.cmu.edu>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
* a generic implementation; that is how PINs and keys are stored
|
||||
* on the card. These should be implemented in pkcs15-<cardname>.c
|
||||
*
|
||||
* Copyright (C) 2002, Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002, Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -727,10 +727,6 @@ sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
|
|||
if (aid) {
|
||||
sc_log(ctx, "finalize profile for AID %s", sc_dump_hex(aid->value, aid->len));
|
||||
app = sc_find_app(card, aid);
|
||||
if (!app) {
|
||||
sc_log(ctx, "Cannot find oncard application");
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
||||
}
|
||||
}
|
||||
else if (card->app_count == 1) {
|
||||
app = card->app[0];
|
||||
|
@ -813,7 +809,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||
* For this, create a 'virtual' AUTH object 'SO PIN', accessible by the card specific part,
|
||||
* but not yet written into the on-card PKCS#15.
|
||||
*/
|
||||
sc_log(ctx, "Add virtual SO_PIN('%s',flags:%X,reference:%i,path:'%s')", pin_obj->label,
|
||||
sc_log(ctx, "Add virtual SO_PIN('%.*s',flags:%X,reference:%i,path:'%s')", (int) sizeof pin_obj->label, pin_obj->label,
|
||||
pin_attrs->flags, pin_attrs->reference, sc_print_path(&pin_ainfo.path));
|
||||
r = sc_pkcs15_add_object(p15card, pin_obj);
|
||||
LOG_TEST_RET(ctx, r, "Failed to add 'SOPIN' AUTH object");
|
||||
|
@ -1009,7 +1005,7 @@ sc_pkcs15init_store_pin(struct sc_pkcs15_card *p15card, struct sc_profile *profi
|
|||
auth_info->auth_id = args->auth_id;
|
||||
|
||||
/* Now store the PINs */
|
||||
sc_log(ctx, "Store PIN(%s,authID:%s)", pin_obj->label, sc_pkcs15_print_id(&auth_info->auth_id));
|
||||
sc_log(ctx, "Store PIN(%.*s,authID:%s)", (int) sizeof pin_obj->label, pin_obj->label, sc_pkcs15_print_id(&auth_info->auth_id));
|
||||
r = sc_pkcs15init_create_pin(p15card, profile, pin_obj, args);
|
||||
if (r < 0)
|
||||
sc_pkcs15_free_object(pin_obj);
|
||||
|
@ -1683,7 +1679,7 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
|||
cert_info->path = existing_path;
|
||||
}
|
||||
|
||||
sc_log(ctx, "Store cert(%s,ID:%s,der(%p,%i))", object->label,
|
||||
sc_log(ctx, "Store cert(%.*s,ID:%s,der(%p,%i))", (int) sizeof object->label, object->label,
|
||||
sc_pkcs15_print_id(&cert_info->id), args->der_encoded.value, args->der_encoded.len);
|
||||
|
||||
if (!profile->pkcs15.direct_certificates)
|
||||
|
@ -1832,8 +1828,8 @@ sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *p15card,
|
|||
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)auth_objs[ii]->data;
|
||||
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
|
||||
|
||||
sc_log(ctx, "check PIN(%s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
||||
auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
|
||||
sc_log(ctx, "check PIN(%.*s,auth_method:%i,type:%i,reference:%i,flags:%X)",
|
||||
(int) sizeof auth_objs[ii]->label, auth_objs[ii]->label, auth_info->auth_method, pin_attrs->type,
|
||||
pin_attrs->reference, pin_attrs->flags);
|
||||
/* Find out if there is AUTH pkcs15 object with given 'type' and 'reference' */
|
||||
if (auth_info->auth_method == auth_method && pin_attrs->reference == reference)
|
||||
|
@ -2332,6 +2328,8 @@ sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_prof
|
|||
break;
|
||||
default:
|
||||
sc_log(ctx, "Unsupported ID style: %i", id_style);
|
||||
if (allocated)
|
||||
sc_pkcs15_free_pubkey(pubkey);
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported ID style");
|
||||
}
|
||||
|
||||
|
@ -3310,11 +3308,11 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
|
||||
if (!r && pin_obj) {
|
||||
memcpy(&auth_info, pin_obj->data, sizeof(auth_info));
|
||||
sc_log(ctx, "found PIN object '%s'", pin_obj->label);
|
||||
sc_log(ctx, "found PIN object '%.*s'", (int) sizeof pin_obj->label, pin_obj->label);
|
||||
}
|
||||
|
||||
if (pin_obj) {
|
||||
sc_log(ctx, "PIN object '%s'; pin_obj->content.len:%i", pin_obj->label, pin_obj->content.len);
|
||||
sc_log(ctx, "PIN object '%.*s'; pin_obj->content.len:%i", (int) sizeof pin_obj->label, pin_obj->label, pin_obj->content.len);
|
||||
if (pin_obj->content.value && pin_obj->content.len) {
|
||||
if (pin_obj->content.len > pinsize)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_BUFFER_TOO_SMALL, "PIN buffer is too small");
|
||||
|
@ -3410,6 +3408,7 @@ sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
int r = 0;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
assert(file != NULL);
|
||||
sc_log(ctx, "path '%s', op=%u", sc_print_path(&file->path), op);
|
||||
|
||||
if (p15card->card->caps & SC_CARD_CAP_USE_FCI_AC) {
|
||||
|
|
|
@ -76,15 +76,21 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "cosm_write_tokeninfo() label '%s'; flags 0x%X", label, flags);
|
||||
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file))
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Cannot find "COSM_TITLE"-token-info");
|
||||
if (sc_profile_get_file(profile, COSM_TITLE"-token-info", &file)) {
|
||||
rv = SC_ERROR_INCONSISTENT_PROFILE;
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot find "COSM_TITLE"-token-info");
|
||||
}
|
||||
|
||||
if (file->size < 16)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "Unsufficient size of the "COSM_TITLE"-token-info file");
|
||||
if (file->size < 16) {
|
||||
rv = SC_ERROR_INCONSISTENT_PROFILE;
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Unsufficient size of the "COSM_TITLE"-token-info file");
|
||||
}
|
||||
|
||||
buffer = calloc(1, file->size);
|
||||
if (!buffer)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY, "Allocation error in cosm_write_tokeninfo()");
|
||||
if (!buffer) {
|
||||
rv = SC_ERROR_OUT_OF_MEMORY;
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Allocation error in cosm_write_tokeninfo()");
|
||||
}
|
||||
|
||||
if (label)
|
||||
strncpy(buffer, label, file->size - 4);
|
||||
|
@ -109,6 +115,9 @@ cosm_write_tokeninfo (struct sc_pkcs15_card *p15card, struct sc_profile *profile
|
|||
if (rv > 0)
|
||||
rv = 0;
|
||||
|
||||
err:
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
free(buffer);
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
|
||||
}
|
||||
|
@ -427,7 +436,7 @@ cosm_create_pin(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
|
||||
pin_attrs = &auth_info->attrs.pin;
|
||||
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%s'; ref 0x%X; flags %X", pin_obj->label, pin_attrs->reference, pin_attrs->flags);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "create '%.*s'; ref 0x%X; flags %X", (int) sizeof pin_obj->label, pin_obj->label, pin_attrs->reference, pin_attrs->flags);
|
||||
if (sc_profile_get_file(profile, COSM_TITLE "-AppDF", &pin_file) < 0)
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "\""COSM_TITLE"-AppDF\" not defined");
|
||||
|
||||
|
@ -574,6 +583,8 @@ cosm_get_temporary_public_key_file(struct sc_card *card,
|
|||
rv = sc_file_add_acl_entry(file, SC_AC_OP_PSO_VERIFY_SIGNATURE, SC_AC_NONE, 0);
|
||||
if (!rv)
|
||||
rv = sc_file_add_acl_entry(file, SC_AC_OP_EXTERNAL_AUTHENTICATE, SC_AC_NONE, 0);
|
||||
if (rv < 0)
|
||||
sc_file_free(file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to add ACL entry to the temporary public key file");
|
||||
|
||||
*pubkey_file = file;
|
||||
|
@ -696,17 +707,19 @@ cosm_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
|
|||
rv = sc_select_file(p15card->card, &file->path, NULL);
|
||||
if (rv == 0) {
|
||||
rv = cosm_delete_file(p15card, profile, file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to delete private key file");
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to delete private key file");
|
||||
}
|
||||
else if (rv != SC_ERROR_FILE_NOT_FOUND) {
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Select private key file error");
|
||||
}
|
||||
|
||||
rv = sc_pkcs15init_create_file(profile, p15card, file);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
|
||||
SC_TEST_GOTO_ERR(ctx, SC_LOG_DEBUG_NORMAL, rv, "Failed to create private key file");
|
||||
|
||||
key_info->key_reference = file->path.value[file->path.len - 1];
|
||||
|
||||
err:
|
||||
if (file)
|
||||
sc_file_free(file);
|
||||
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
|
||||
|
@ -781,11 +794,11 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
|
|||
SC_FUNC_CALLED(ctx, 1);
|
||||
switch(op) {
|
||||
case SC_AC_OP_ERASE:
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%s',type:%X)", object->label, object->type);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%.*s',type:%X)", (int) sizeof object->label, object->label, object->type);
|
||||
rv = awp_update_df_delete(p15card, profile, object);
|
||||
break;
|
||||
case SC_AC_OP_CREATE:
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; create object('%s',type:%X)", object->label, object->type);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; create object('%.*s',type:%X)", (int) sizeof object->label, object->label, object->type);
|
||||
rv = awp_update_df_create(p15card, profile, object);
|
||||
break;
|
||||
}
|
||||
|
@ -808,8 +821,10 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INCONSISTENT_PROFILE, "cannot find "COSM_TITLE"-token-info");
|
||||
|
||||
buf = calloc(1, file->size);
|
||||
if (!buf)
|
||||
if (!buf) {
|
||||
sc_file_free(file);
|
||||
SC_FUNC_RETURN(ctx, 1, SC_ERROR_OUT_OF_MEMORY);
|
||||
}
|
||||
|
||||
label_len = strlen(tinfo->label) > (file->size - 4) ? (file->size - 4) : strlen(tinfo->label);
|
||||
memcpy(buf, tinfo->label, label_len);
|
||||
|
@ -830,6 +845,7 @@ cosm_emu_update_tokeninfo(struct sc_profile *profile, struct sc_pkcs15_card *p15
|
|||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update token info (label:'%s',flags:%X,p15card->flags:%X)", buf, flags, p15card->flags);
|
||||
rv = sc_pkcs15init_update_file(profile, p15card, file, buf, file->size);
|
||||
free(buf);
|
||||
sc_file_free(file);
|
||||
|
||||
if (rv > 0)
|
||||
rv = 0;
|
||||
|
|
|
@ -260,8 +260,8 @@ static int sc_hsm_generate_key(struct sc_profile *profile, struct sc_pkcs15_card
|
|||
|
||||
memset(&cvc, 0, sizeof(cvc));
|
||||
|
||||
strcpy(cvc.car, "UTCA00001");
|
||||
strcpy(cvc.chr, "UTTM00001");
|
||||
strlcpy(cvc.car, "UTCA00001", sizeof cvc.car);
|
||||
strlcpy(cvc.chr, "UTTM00001", sizeof cvc.chr);
|
||||
|
||||
switch(object->type) {
|
||||
case SC_PKCS15_TYPE_PRKEY_RSA:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Initialize Cards according to PKCS#15
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* Card profile information (internal)
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*/
|
||||
|
||||
#ifndef _OPENSC_PROFILE_H
|
||||
|
|
|
@ -5,65 +5,16 @@ cardinfo {
|
|||
label = "SmartCard-HSM";
|
||||
manufacturer = "CardContact";
|
||||
|
||||
max-pin-length = 16;
|
||||
max-pin-length = 15;
|
||||
min-pin-length = 6;
|
||||
pin-encoding = ascii-numeric;
|
||||
}
|
||||
|
||||
# Default settings.
|
||||
# This option block will always be processed.
|
||||
option default {
|
||||
macros {
|
||||
protected = *=$SOPIN, READ=NONE;
|
||||
unprotected = *=NONE;
|
||||
so-pin-flags = local, initialized, soPin;
|
||||
so-min-pin-length = 8;
|
||||
so-pin-attempts = 3;
|
||||
so-auth-id = 3;
|
||||
odf-size = 256;
|
||||
aodf-size = 256;
|
||||
cdf-size = 512;
|
||||
prkdf-size = 256;
|
||||
pukdf-size = 256;
|
||||
dodf-size = 256;
|
||||
}
|
||||
}
|
||||
|
||||
filesystem {
|
||||
DF MF {
|
||||
path = 3F00;
|
||||
type = DF;
|
||||
|
||||
# This is the DIR file
|
||||
EF DIR {
|
||||
type = EF;
|
||||
file-id = 2F00;
|
||||
acl = *=NONE;
|
||||
}
|
||||
|
||||
# Here comes the application DF
|
||||
DF PKCS15-AppDF {
|
||||
type = DF;
|
||||
exclusive-aid = E8:2B:06:01:04:01:81:C3:1F:02:01;
|
||||
acl = *=NONE;
|
||||
|
||||
EF PKCS15-TokenInfo {
|
||||
ACL = $unprotected;
|
||||
}
|
||||
|
||||
EF PKCS15-PrKDF {
|
||||
size = $prkdf-size;
|
||||
acl = $protected;
|
||||
}
|
||||
|
||||
EF PKCS15-PuKDF {
|
||||
size = $pukdf-size;
|
||||
acl = $protected;
|
||||
}
|
||||
|
||||
EF PKCS15-CDF {
|
||||
acl = $unprotected;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -10,7 +10,9 @@ LIBS = $(top_builddir)/src/libsm/libsm.la \
|
|||
$(top_builddir)/src/libopensc/libopensc.la \
|
||||
$(top_builddir)/src/common/libcompat.la
|
||||
|
||||
if ENABLE_OPENSSL
|
||||
lib_LTLIBRARIES = libsmm-local.la
|
||||
endif
|
||||
|
||||
libsmm_local_la_SOURCES = smm-local.c sm-module.h \
|
||||
sm-global-platform.c sm-cwa14890.c \
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
TOPDIR = ..\..
|
||||
|
||||
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
|
||||
TARGET = smm-local.dll
|
||||
|
||||
OBJECTS = smm-local.obj sm-global-platform.obj sm-cwa14890.obj sm-card-iasecc.obj sm-card-authentic.obj
|
||||
|
@ -17,3 +18,7 @@ $(TARGET): $(OBJECTS) ..\libsm\libsm.lib ..\libopensc\opensc.lib
|
|||
|
||||
.c.obj:
|
||||
cl $(COPTS) /c $<
|
||||
|
||||
!ELSE
|
||||
all:
|
||||
!ENDIF
|
||||
|
|
|
@ -60,11 +60,11 @@ static int ask_and_verify_pin(struct sc_pkcs15_object *pin_obj)
|
|||
u8 *pass;
|
||||
|
||||
if (pin_info->attrs.pin.flags & SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN) {
|
||||
printf("Skipping unblocking pin [%s]\n", pin_obj->label);
|
||||
printf("Skipping unblocking pin [%.*s]\n", (int) sizeof pin_obj->label, pin_obj->label);
|
||||
return 0;
|
||||
}
|
||||
|
||||
sprintf(prompt, "Please enter PIN code [%s]: ", pin_obj->label);
|
||||
sprintf(prompt, "Please enter PIN code [%.*s]: ", (int) sizeof pin_obj->label, pin_obj->label);
|
||||
pass = (u8 *) getpass(prompt);
|
||||
|
||||
if (SC_SUCCESS != sc_lock(card))
|
||||
|
|
|
@ -260,7 +260,7 @@ void sc_test_print_object(const struct sc_pkcs15_object *obj)
|
|||
|
||||
printf("%s", kind);
|
||||
if (obj->label[0])
|
||||
printf(" [%s]\n", obj->label);
|
||||
printf(" [%.*s]\n", (int) sizeof obj->label, obj->label);
|
||||
else
|
||||
printf(" (no label)\n");
|
||||
printf("\tCom. Flags : ");
|
||||
|
|
|
@ -3,8 +3,7 @@ TOPDIR = ..\..
|
|||
!INCLUDE $(TOPDIR)\win32\Make.rules.mak
|
||||
|
||||
TARGETS = opensc-tool.exe opensc-explorer.exe pkcs15-tool.exe pkcs15-crypt.exe \
|
||||
pkcs11-tool.exe cardos-tool.exe eidenv.exe sc-hsm-tool.exe openpgp-tool.exe dnie-tool.exe \
|
||||
iasecc-tool.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe westcos-tool.exe \
|
||||
pkcs11-tool.exe cardos-tool.exe eidenv.exe openpgp-tool.exe iasecc-tool.exe \
|
||||
$(PROGRAMS_OPENSSL)
|
||||
|
||||
$(TARGETS): versioninfo-tools.res util.obj
|
||||
|
|
|
@ -130,8 +130,8 @@ static const char *option_help[] = {
|
|||
/* E */ "Erase (reset) the card",
|
||||
"Verify PIN (CHV1, CHV2, CHV3...)",
|
||||
"PIN string",
|
||||
"Delete key (1, 2, 3 or all)"
|
||||
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)"
|
||||
"Delete key (1, 2, 3 or all)",
|
||||
/* d */ "Dump private data object number <arg> (i.e. PRIVATE-DO-<arg>)",
|
||||
};
|
||||
|
||||
static const struct ef_name_map openpgp_data[] = {
|
||||
|
@ -315,6 +315,7 @@ static int decode_options(int argc, char **argv)
|
|||
key_id = optarg[0] - '0';
|
||||
else /* Arg string is 'all' */
|
||||
key_id = 'a';
|
||||
break;
|
||||
case 'd':
|
||||
do_dump_idx = optarg[0] - '0';
|
||||
opt_dump_do++;
|
||||
|
|
|
@ -104,41 +104,41 @@ static EVP_PKEY * evpkey = NULL;
|
|||
|
||||
static int load_object(const char * object_id, const char * object_file)
|
||||
{
|
||||
FILE *fp;
|
||||
FILE *fp = NULL;
|
||||
sc_path_t path;
|
||||
size_t derlen;
|
||||
u8 *der = NULL;
|
||||
u8 *body;
|
||||
size_t bodylen;
|
||||
int r;
|
||||
int r = -1;
|
||||
struct stat stat_buf;
|
||||
|
||||
if(!object_file || (fp=fopen(object_file, "r")) == NULL){
|
||||
printf("Cannot open object file, %s %s\n",
|
||||
(object_file)?object_file:"", strerror(errno));
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (0 != stat(object_file, &stat_buf)) {
|
||||
printf("unable to read file %s\n",object_file);
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
derlen = stat_buf.st_size;
|
||||
der = malloc(derlen);
|
||||
if (der == NULL) {
|
||||
printf("file %s is too big, %lu\n",
|
||||
object_file, (unsigned long)derlen);
|
||||
return-1 ;
|
||||
goto err;
|
||||
}
|
||||
if (1 != fread(der, derlen, 1, fp)) {
|
||||
printf("unable to read file %s\n",object_file);
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
/* check if tag and length are valid */
|
||||
body = (u8 *)sc_asn1_find_tag(card->ctx, der, derlen, 0x53, &bodylen);
|
||||
if (body == NULL || derlen != body - der + bodylen) {
|
||||
fprintf(stderr, "object tag or length not valid\n");
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
sc_format_path(object_id, &path);
|
||||
|
@ -146,11 +146,17 @@ static int load_object(const char * object_id, const char * object_file)
|
|||
r = sc_select_file(card, &path, NULL);
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "select file failed\n");
|
||||
return -1;
|
||||
r = -1;
|
||||
goto err;
|
||||
}
|
||||
/* leave 8 bits for flags, and pass in total length */
|
||||
r = sc_write_binary(card, 0, der, derlen, derlen<<8);
|
||||
|
||||
err:
|
||||
free(der);
|
||||
if (fp)
|
||||
fclose(fp);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -159,49 +165,49 @@ static int load_cert(const char * cert_id, const char * cert_file,
|
|||
int compress)
|
||||
{
|
||||
X509 * cert = NULL;
|
||||
FILE *fp;
|
||||
FILE *fp = NULL;
|
||||
u8 buf[1];
|
||||
size_t buflen = 1;
|
||||
sc_path_t path;
|
||||
u8 *der = NULL;
|
||||
u8 *p;
|
||||
size_t derlen;
|
||||
int r;
|
||||
int r = -1;
|
||||
|
||||
if (!cert_file) {
|
||||
printf("Missing cert file\n");
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if((fp=fopen(cert_file, "r"))==NULL){
|
||||
printf("Cannot open cert file, %s %s\n",
|
||||
cert_file, strerror(errno));
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
if (compress) { /* file is gziped already */
|
||||
struct stat stat_buf;
|
||||
|
||||
if (0 != stat(cert_file, &stat_buf)) {
|
||||
printf("unable to read file %s\n",cert_file);
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
derlen = stat_buf.st_size;
|
||||
der = malloc(derlen);
|
||||
if (der == NULL) {
|
||||
printf("file %s is too big, %lu\n",
|
||||
cert_file, (unsigned long)derlen);
|
||||
return -1 ;
|
||||
goto err;
|
||||
}
|
||||
if (1 != fread(der, derlen, 1, fp)) {
|
||||
printf("unable to read file %s\n",cert_file);
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
cert = PEM_read_X509(fp, &cert, NULL, NULL);
|
||||
if(cert == NULL){
|
||||
printf("file %s does not conatin PEM-encoded certificate\n",
|
||||
cert_file);
|
||||
return -1 ;
|
||||
goto err;
|
||||
}
|
||||
|
||||
derlen = i2d_X509(cert, NULL);
|
||||
|
@ -209,7 +215,6 @@ static int load_cert(const char * cert_id, const char * cert_file,
|
|||
p = der;
|
||||
i2d_X509(cert, &p);
|
||||
}
|
||||
fclose(fp);
|
||||
sc_hex_to_bin(cert_id, buf,&buflen);
|
||||
|
||||
switch (buf[0]) {
|
||||
|
@ -219,20 +224,25 @@ static int load_cert(const char * cert_id, const char * cert_file,
|
|||
case 0x9e: sc_format_path("0500",&path); break;
|
||||
default:
|
||||
fprintf(stderr,"cert must be 9A, 9C, 9D or 9E\n");
|
||||
return 2;
|
||||
r = 2;
|
||||
goto err;
|
||||
}
|
||||
|
||||
r = sc_select_file(card, &path, NULL);
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "select file failed\n");
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
/* we pass length and 8 bits of flag to card-piv.c write_binary */
|
||||
/* pass in its a cert and if needs compress */
|
||||
r = sc_write_binary(card, 0, der, derlen, (derlen<<8) | (compress<<4) | 1);
|
||||
|
||||
return r;
|
||||
err:
|
||||
free(der);
|
||||
if (fp)
|
||||
fclose(fp);
|
||||
|
||||
return r;
|
||||
}
|
||||
static int admin_mode(const char* admin_info)
|
||||
{
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* pkcs11-tool.c: Tool for poking around pkcs11 modules/tokens
|
||||
*
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002 Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
|
|
@ -140,7 +140,7 @@ static char * get_pin(struct sc_pkcs15_object *obj)
|
|||
return strdup(opt_pincode);
|
||||
}
|
||||
|
||||
sprintf(buf, "Enter PIN [%s]: ", obj->label);
|
||||
sprintf(buf, "Enter PIN [%.*s]: ", (int) sizeof obj->label, obj->label);
|
||||
while (1) {
|
||||
pincode = getpass(buf);
|
||||
if (strlen(pincode) == 0)
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
* a generic implementation; that is how PINs and keys are stored
|
||||
* on the card. These should be implemented in pkcs15-<cardname>.c
|
||||
*
|
||||
* Copyright (C) 2002, Olaf Kirch <okir@lst.de>
|
||||
* Copyright (C) 2002, Olaf Kirch <okir@suse.de>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -1015,7 +1015,7 @@ is_cacert_already_present(struct sc_pkcs15init_certargs *args)
|
|||
|
||||
if (!cinfo->authority)
|
||||
continue;
|
||||
if (strcmp(args->label, objs[i]->label))
|
||||
if (strncmp(args->label, objs[i]->label, sizeof objs[i]->label))
|
||||
continue;
|
||||
/* XXX we should also match the usage field here */
|
||||
|
||||
|
@ -2852,7 +2852,7 @@ static int verify_pin(struct sc_pkcs15_card *p15card, char *auth_id_str)
|
|||
if (opt_no_prompt)
|
||||
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||
|
||||
if (0 < strnlen(pin_obj->label, sizeof pin_obj->label))
|
||||
if (pin_obj->label[0])
|
||||
snprintf(pin_label, sizeof(pin_label), "User PIN [%s]", pin_obj->label);
|
||||
else
|
||||
snprintf(pin_label, sizeof(pin_label), "User PIN");
|
||||
|
|
|
@ -233,7 +233,7 @@ static void print_cert_info(const struct sc_pkcs15_object *obj)
|
|||
struct sc_pkcs15_cert *cert_parsed = NULL;
|
||||
int rv;
|
||||
|
||||
printf("X.509 Certificate [%s]\n", obj->label);
|
||||
printf("X.509 Certificate [%.*s]\n", (int) sizeof obj->label, obj->label);
|
||||
print_common_flags(obj);
|
||||
printf("\tAuthority : %s\n", cert_info->authority ? "yes" : "no");
|
||||
printf("\tPath : %s\n", sc_print_path(&cert_info->path));
|
||||
|
@ -435,7 +435,7 @@ static int read_data_object(void)
|
|||
continue;
|
||||
}
|
||||
else {
|
||||
if (strcmp(opt_data, cinfo->app_label) && strcmp(opt_data, objs[i]->label))
|
||||
if (strcmp(opt_data, cinfo->app_label) && strncmp(opt_data, objs[i]->label, sizeof objs[i]->label))
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -477,8 +477,8 @@ static int list_data_objects(void)
|
|||
int idx;
|
||||
struct sc_pkcs15_data_info *cinfo = (struct sc_pkcs15_data_info *) objs[i]->data;
|
||||
|
||||
if (0 < strnlen(objs[i]->label, sizeof objs[i]->label))
|
||||
printf("Data object '%s'\n", objs[i]->label);
|
||||
if (objs[i]->label[0] != '\0')
|
||||
printf("Data object '%.*s'\n",(int) sizeof objs[i]->label, objs[i]->label);
|
||||
else
|
||||
printf("Data object <%i>\n", i);
|
||||
printf("\tapplicationName: %s\n", cinfo->app_label);
|
||||
|
@ -527,7 +527,7 @@ static void print_prkey_info(const struct sc_pkcs15_object *obj)
|
|||
unsigned char guid[40];
|
||||
size_t guid_len;
|
||||
|
||||
printf("Private %s Key [%s]\n", types[7 & obj->type], obj->label);
|
||||
printf("Private %s Key [%.*s]\n", types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
||||
print_common_flags(obj);
|
||||
printf("\tUsage : [0x%X]", prkey->usage);
|
||||
for (i = 0; i < usage_count; i++)
|
||||
|
@ -613,7 +613,7 @@ static void print_pubkey_info(const struct sc_pkcs15_object *obj)
|
|||
const unsigned int af_count = NELEMENTS(access_flags);
|
||||
int have_path = (pubkey->path.len != 0) || (pubkey->path.aid.len != 0);
|
||||
|
||||
printf("Public %s Key [%s]\n", types[7 & obj->type], obj->label);
|
||||
printf("Public %s Key [%.*s]\n", types[7 & obj->type], (int) sizeof obj->label, obj->label);
|
||||
print_common_flags(obj);
|
||||
printf("\tUsage : [0x%X]", pubkey->usage);
|
||||
for (i = 0; i < usage_count; i++)
|
||||
|
@ -757,7 +757,7 @@ static void print_skey_info(const struct sc_pkcs15_object *obj)
|
|||
unsigned char guid[40];
|
||||
size_t guid_len;
|
||||
|
||||
printf("Secret %s Key [%s]\n", types[3 & obj->type], obj->label);
|
||||
printf("Secret %s Key [%.*s]\n", types[3 & obj->type], (int) sizeof obj->label, obj->label);
|
||||
print_common_flags(obj);
|
||||
printf("\tUsage : [0x%X]", skey->usage);
|
||||
for (i = 0; i < usage_count; i++)
|
||||
|
@ -824,8 +824,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
|
|||
|
||||
fprintf(outf,"---- BEGIN SSH2 PUBLIC KEY ----\n");
|
||||
|
||||
if (obj->label && strlen(obj->label))
|
||||
fprintf(outf,"Comment: \"%s\"\n", obj->label);
|
||||
if (obj->label[0] != '\0')
|
||||
fprintf(outf,"Comment: \"%.*s\"\n", (int) sizeof obj->label, obj->label);
|
||||
|
||||
fprintf(outf,"%s", uu);
|
||||
fprintf(outf,"---- END SSH2 PUBLIC KEY ----\n");
|
||||
|
@ -836,8 +836,8 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
|
|||
if (r < 0)
|
||||
return;
|
||||
|
||||
if (obj->label && strlen(obj->label))
|
||||
fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, sizeof obj->label, obj->label);
|
||||
if (obj->label[0] != '\0')
|
||||
fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, (int) sizeof obj->label, obj->label);
|
||||
else
|
||||
fprintf(outf,"ssh-%s %s\n", alg, uu);
|
||||
}
|
||||
|
@ -1109,11 +1109,11 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_object_t *pin_obj)
|
|||
if (opt_no_prompt) {
|
||||
// defer entry of the PIN to the readers pinpad.
|
||||
if (verbose)
|
||||
printf("%s [%s]: entry deferred to the reader keypad\n", prompt, pin_obj->label);
|
||||
printf("%s [%.*s]: entry deferred to the reader keypad\n", prompt, (int) sizeof pin_obj->label, pin_obj->label);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
printf("%s [%s]: ", prompt, pin_obj->label);
|
||||
printf("%s [%.*s]: ", prompt, (int) sizeof pin_obj->label, pin_obj->label);
|
||||
if (pinfo->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
|
||||
return NULL;
|
||||
|
||||
|
@ -1232,9 +1232,9 @@ static void print_pin_info(const struct sc_pkcs15_object *obj)
|
|||
size_t i;
|
||||
|
||||
if (obj->type == SC_PKCS15_TYPE_AUTH_PIN)
|
||||
printf("PIN [%s]\n", obj->label);
|
||||
printf("PIN [%.*s]\n", (int) sizeof obj->label, obj->label);
|
||||
else if (obj->type == SC_PKCS15_TYPE_AUTH_AUTHKEY)
|
||||
printf("AuthKey [%s]\n", obj->label);
|
||||
printf("AuthKey [%.*s]\n", (int) sizeof obj->label, obj->label);
|
||||
|
||||
print_common_flags(obj);
|
||||
if (obj->auth_id.len)
|
||||
|
@ -1299,7 +1299,7 @@ static int list_apps(FILE *fout)
|
|||
for (i=0; i<p15card->card->app_count; i++) {
|
||||
struct sc_app_info *info = p15card->card->app[i];
|
||||
|
||||
fprintf(fout, "Application '%s':\n", info->label);
|
||||
fprintf(fout, "Application '%.*s':\n", (int) sizeof info->label, info->label);
|
||||
fprintf(fout, "\tAID: ");
|
||||
for(j=0;j<info->aid.len;j++)
|
||||
fprintf(fout, "%02X", info->aid.value[j]);
|
||||
|
@ -1673,7 +1673,7 @@ static int learn_card(void)
|
|||
sc_path_t tpath;
|
||||
struct sc_pkcs15_cert_info *cinfo = (struct sc_pkcs15_cert_info *) certs[i]->data;
|
||||
|
||||
printf("[%s]\n", certs[i]->label);
|
||||
printf("[%.*s]\n", (int) sizeof certs[i]->label, certs[i]->label);
|
||||
|
||||
memset(&tpath, 0, sizeof(tpath));
|
||||
tpath = cinfo->path;
|
||||
|
|
|
@ -23,7 +23,7 @@ SM_DEF = /DENABLE_SM
|
|||
# - uncomment the line starting with OPENSSL_DEF
|
||||
# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"
|
||||
# - set the OPENSSL_LIB below to your openssl lib file
|
||||
OPENSSL_DEF = /DENABLE_OPENSSL
|
||||
#OPENSSL_DEF= /DENABLE_OPENSSL
|
||||
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
|
||||
!IF "$(BUILD_FOR)" == "WIN64"
|
||||
OPENSSL_DIR = C:\OpenSSL-Win64
|
||||
|
@ -45,8 +45,10 @@ OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32
|
|||
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib
|
||||
!ENDIF
|
||||
|
||||
PROGRAMS_OPENSSL = pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe westcos-tool.exe
|
||||
PROGRAMS_OPENSSL = cryptoflex-tool.exe pkcs15-init.exe netkey-tool.exe piv-tool.exe \
|
||||
westcos-tool.exe sc-hsm-tool.exe dnie-tool.exe
|
||||
OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
|
||||
CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS)
|
||||
!ENDIF
|
||||
|
||||
|
||||
|
@ -55,11 +57,12 @@ OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
|
|||
# - uncomment the line starting with ZLIB_DEF
|
||||
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"
|
||||
# - set the ZLIB_LIB below to your zlib lib file
|
||||
ZLIB_DEF = /DENABLE_ZLIB
|
||||
#ZLIB_DEF = /DENABLE_ZLIB
|
||||
!IF "$(ZLIB_DEF)" == "/DENABLE_ZLIB"
|
||||
ZLIB_INCL_DIR = /IC:\zlib-dll\include
|
||||
ZLIB_LIB = C:\zlib-dll\lib\zdll.lib
|
||||
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
|
||||
CANDLEFLAGS = -dzlib="C:\zlib-dll" $(CANDLEFLAGS)
|
||||
!ENDIF
|
||||
|
||||
# Used for MiniDriver
|
||||
|
@ -87,11 +90,11 @@ COPTS = /W3 /D_CRT_SECURE_NO_DEPRECATE /MT /nologo /DHAVE_CONFIG_H $(ALL_INCLUD
|
|||
!IF "$(BUILD_FOR)" == "WIN64"
|
||||
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X64 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT $(LINKDEBUGFLAGS)
|
||||
LIBFLAGS = /nologo /machine:x64
|
||||
CANDLEFLAGS = -dPlatform=x64
|
||||
CANDLEFLAGS = -dPlatform=x64 $(CANDLEFLAGS)
|
||||
!ELSE
|
||||
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:X86 /MANIFEST:NO /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT $(LINKDEBUGFLAGS)
|
||||
LIBFLAGS = /nologo /machine:x86
|
||||
CANDLEFLAGS = -dPlatform=x86
|
||||
CANDLEFLAGS = -dPlatform=x86 $(CANDLEFLAGS)
|
||||
!ENDIF
|
||||
.c.obj::
|
||||
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<
|
||||
|
|
|
@ -1,12 +1,20 @@
|
|||
<?xml version="1.0" encoding="windows-1252"?>
|
||||
<?if $(var.Platform) = x64 ?>
|
||||
<?ifndef OpenSSL ?>
|
||||
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ Light (64bit)" ?>
|
||||
<?else ?>
|
||||
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ (64bit)" ?>
|
||||
<?endif ?>
|
||||
<?define Win64YesNo="yes" ?>
|
||||
<?define PlatformProgramFilesFolder = "ProgramFiles64Folder" ?>
|
||||
<?define PlatformSystemFolder = "System64Folder" ?>
|
||||
<?define PlatformUpgradeCode = "{9A449570-69A2-11E0-9CC6-955B4824019B}" ?>
|
||||
<?else ?>
|
||||
<?ifndef OpenSSL ?>
|
||||
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@ Light" ?>
|
||||
<?else ?>
|
||||
<?define ProductName = "@OPENSC_VS_FF_PRODUCT_NAME@" ?>
|
||||
<?endif ?>
|
||||
<?define Win64YesNo="no" ?>
|
||||
<?define PlatformProgramFilesFolder = "ProgramFilesFolder" ?>
|
||||
<?define PlatformSystemFolder = "SystemFolder" ?>
|
||||
|
@ -97,7 +105,7 @@
|
|||
<Directory Id="INSTALLDIR" Name="OpenSC">
|
||||
<!-- opensc.conf sample goes to installation directory -->
|
||||
<Component Id="opensc.conf" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf.win" Name="opensc.conf" KeyPath="yes"/>
|
||||
<File Source="$(var.SOURCE_DIR)\etc\opensc.conf" Name="opensc.conf" KeyPath="yes"/>
|
||||
<!-- -->
|
||||
<RegistryKey Id="OpenscRegs" Root="HKLM" Key="Software\[Manufacturer]\OpenSC" Action="createAndRemoveOnUninstall">
|
||||
<RegistryValue Type="string" Name="ConfigFile" Value="[INSTALLDIR]opensc.conf"/>
|
||||
|
@ -108,12 +116,14 @@
|
|||
|
||||
<!-- Tools have their own folder -->
|
||||
<Directory Id="INSTALLDIR_TOOLS" Name="tools">
|
||||
<?ifdef zlib ?>
|
||||
<Component Id="zlib1.dll" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.zlib)\zlib1.dll" Vital="yes"/>
|
||||
</Component>
|
||||
<?endif ?>
|
||||
<Component Id="opensc.dll" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\libopensc\opensc.dll" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="smm_local.dll" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\smm\smm-local.dll" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="opensc_explorer.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\opensc-explorer.exe" Vital="yes"/>
|
||||
</Component>
|
||||
|
@ -129,30 +139,31 @@
|
|||
<Component Id="eidenv.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\eidenv.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="pkcs15_init.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-init.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="pkcs15_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="pkcs15_crypt.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-crypt.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="sc_hsm_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\sc-hsm-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="dnie_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\dnie-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="openpgp_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\openpgp-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="iasecc_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\iasecc-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<?ifdef OpenSSL ?>
|
||||
<Component Id="libeay32.dll" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.OpenSSL)\libeay32.dll" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="smm_local.dll" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\smm\smm-local.dll" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="cryptoflex_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\cryptoflex-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="pkcs15_init.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\pkcs15-init.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="netkey_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\netkey-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
|
@ -162,7 +173,15 @@
|
|||
<Component Id="westcos_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\westcos-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="sc_hsm_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\sc-hsm-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<Component Id="dnie_tool.exe" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\tools\dnie-tool.exe" Vital="yes"/>
|
||||
</Component>
|
||||
<?endif ?>
|
||||
</Directory>
|
||||
<?ifdef OpenSSL ?>
|
||||
<Directory Id="INSTALLDIR_PROFILES" Name="profiles">
|
||||
<Component Id="cyberflex.profile" Guid="*" Win64="$(var.Win64YesNo)">
|
||||
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\cyberflex.profile"/>
|
||||
|
@ -255,6 +274,7 @@
|
|||
<File Source="$(var.SOURCE_DIR)\src\pkcs15init\isoApplet.profile"/>
|
||||
</Component>
|
||||
</Directory>
|
||||
<?endif ?>
|
||||
</Directory>
|
||||
</Directory>
|
||||
</Directory>
|
||||
|
@ -272,8 +292,14 @@
|
|||
<Feature Id="Complete" Level="1" Title="OpenSC software suite" Display="expand">
|
||||
<Feature Id="OpenSC_core" Level="1" Title="OpenSC core library" Description="Core DLL and configuration file used by all other components." Absent="disallow">
|
||||
<ComponentRef Id="opensc.dll"/>
|
||||
<?ifdef zlib ?>
|
||||
<ComponentRef Id="zlib1.dll"/>
|
||||
<?endif ?>
|
||||
<ComponentRef Id="opensc.conf"/>
|
||||
<?ifdef OpenSSL ?>
|
||||
<ComponentRef Id="libeay32.dll"/>
|
||||
<ComponentRef Id="smm_local.dll"/>
|
||||
<?endif ?>
|
||||
</Feature>
|
||||
<Feature Id="OpenSC_pkcs11" Level="1" Title="OpenSC PKCS#11 module" Description="PKCS#11 module usd by most open source and cross-platform software (like Firefox, Putty, TrueCrypt, OpenVPN etc)" TypicalDefault="install">
|
||||
<ComponentRef Id="opensc_pkcs11.dll"/>
|
||||
|
@ -293,17 +319,18 @@
|
|||
<ComponentRef Id="pkcs11_tool.exe"/>
|
||||
<ComponentRef Id="cardos_tool.exe"/>
|
||||
<ComponentRef Id="eidenv.exe"/>
|
||||
<ComponentRef Id="pkcs15_init.exe"/>
|
||||
<ComponentRef Id="dnie_tool.exe"/>
|
||||
<ComponentRef Id="pkcs15_tool.exe"/>
|
||||
<ComponentRef Id="pkcs15_crypt.exe"/>
|
||||
<ComponentRef Id="sc_hsm_tool.exe"/>
|
||||
<ComponentRef Id="openpgp_tool.exe"/>
|
||||
<ComponentRef Id="iasecc_tool.exe"/>
|
||||
<?ifdef OpenSSL ?>
|
||||
<ComponentRef Id="cryptoflex_tool.exe"/>
|
||||
<ComponentRef Id="pkcs15_init.exe"/>
|
||||
<ComponentRef Id="netkey_tool.exe"/>
|
||||
<ComponentRef Id="piv_tool.exe"/>
|
||||
<ComponentRef Id="westcos_tool.exe"/>
|
||||
<ComponentRef Id="sc_hsm_tool.exe"/>
|
||||
<ComponentRef Id="dnie_tool.exe"/>
|
||||
<ComponentRef Id="cyberflex.profile"/>
|
||||
<ComponentRef Id="flex.profile"/>
|
||||
<ComponentRef Id="gpk.profile"/>
|
||||
|
@ -334,6 +361,7 @@
|
|||
<ComponentRef Id="schsm.profile"/>
|
||||
<ComponentRef Id="openpgp.profile"/>
|
||||
<ComponentRef Id="isoApplet.profile"/>
|
||||
<?endif ?>
|
||||
</Feature>
|
||||
<Feature Id="OpenSC_menu" Level="1" Title="Start menu entries" Description="Start menu entries: link to documentation">
|
||||
<ComponentRef Id="ProgramMenuDir"/>
|
||||
|
|
Loading…
Reference in New Issue