This fixes a problem reported in Nitrokey forum at
https://support.nitrokey.com/t/veracrypt-encryption-with-nitrokey-error/2872
as inability to save the VeraCrypt's keyfile onto the token
after deleting an existing one, unless the PKCS11 is reinitialized.
Reason: commit cbc53b9 "OpenPGP: Support write certificate for Gnuk"
introduced a condition on getting the blob handle, which is surplus
(the pgp_find_blob() function actually does that) and prevents
the blob refresh upon deletion, breaking the logic introduced
earlier in commit 9e04ae4 and causing the higher-level effect reported.
While at it, corrected comments to actually reflect the flow logic.
Tested on Fedora 33 using the repro steps from the forum and Nitrokey Pro.
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
Option --use-locking has C_Initialize pass in parameters with the
CKF_OS_LOCKING_OK to tell module to use threads. The default is it passes NULL
which says threads are not needed.
The following is not designed to be used by the general user. There are for debugging
and test scripts and only compiled if the system has threads.
Option --test-threads <arg> can be passed multiple times. Each one starts a thread.
<arg> is a list of 2 byte commands seperated by ":". The thread will execute these.
Current commands are:
IN - C_Initialize(NULL)
IL - C_Initialize with CKF_OS_LOCKING_OK
Pn - Pause for n seconds
GI - C_GetInfo
SL - C_GetSlotList
Tn - C_GetTokenInfo from slot_index n
These are just enough calls to see if threads are working in the module.
Output is written to stderr.
Changes to be committed:
modified: doc/tools/pkcs11-tool.1.xml
modified: src/tools/Makefile.am
modified: src/tools/pkcs11-tool.c
While trying to setup an OpenSC context, the global_locking
and detect cards, it is possible that multiple threads may
call C_Initialize. The current code tries to prevent this using
"if (context == NULL)" but this is not a mutex, and
multiple threads may endup overwrite contexts and global locking and
cause additional problems, with pcsc and segfault.
FireFox appears to do this see #2032
The PR adds a mutex or Critical section to make sure only one
thread creates the context sets the global_locking and does
the initial detect cards, etc.
This allows the global_lock (if requested) to be setup
which is then used for other calls.
All but the first call to C_Initialize will return with CKR_OK,
others will return CKR_CRYPTOKI_ALREADY_INITIALIZED.
Date: Mon Jan 11 12:47:12 2021 -0600
Changes to be committed:
modified: src/pkcs11/pkcs11-global.c
Fixes#2139
Added code to support mechanism GENERIC-SECRET-KEY-GEN.
Improved --help and doc/tools/pkcs11-tool.1.xml because key gen
of symmetric keys pass CKA_VALUE_LEN which is length of key in bytes.
Tested with:
./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \
--login --label generic-64 --keygen --key-type GENERIC:64 \
--mechanism GENERIC-SECRET-KEY-GEN
./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --login -O
config option for MyEID: "disable_hw_pkcs1_padding"
If user set this option to non zero, OpenSC is forced to calculate padding
in software. This will allow users to use RSA 1024 with SHA512.
The --signature-format openssl in pkcs11-tool does the correct
operation to convert the OpenSSL formated signature to rs for PKCS11
This commit modifies pkcs11/openssl.c to convert back to sequence
for EVP_VerifyFinal
Without this mod the signature file was passed unmodified to
PKCS11, then to EVP_VerifyFinal but this violates PKCS11 standard.
On branch ECDSA-flags
Changes to be committed:
modified: openssl.c
This PR is based on discussion with @popovec in
https://github.com/OpenSC/OpenSC/issues/2181
and https://github.com/OpenSC/OpenSC/pull/2187
which was cherry-picked as 5e5300816c8
This has been tested with PIV, MyEID and Smartcard-HSM.
with ECDSA keys.
The main fixes include :
- Setting "flags" in card drivers
- added code to sc_pkcs15-compute-signature for handle ECDSA with hashes
- code in framework-pkcs15.c
Signatures made by pkcs11-tool -sigm verify with openssl
but pkcs11-tool --verify does not work with ECDSA but does with RSA
I suspect it has to do with:
and some then creating the wrong PKCS11 mechanisms
It should work with the epass2003 which does hashes in the driver.
CKM_ECDSA and CKM_ECDSA_SHA1 cannot be registered in the same way.
We need to use sc_pkcs11_register_sign_and_hash_mechanism ()
for CKM_ECDSA_SHA1.
This fix also enables more ECDSA-SHAxxx mechanisms in framework-pkcs15.c
Tested: MyEID 4.0.1 (secp256r1 with SHA1, SHA224, SHA256, SHA384, SHA512)
CI tests (Travis + OsEID) for ECDSA-SHAxxx mechanisms are also enabled.
Information about "Life cycle status byte" is now available in listing.
Also src/libopensc/types.h update - added more LCSB definitions.
iso7816_process_fci () update: improved tag 0x8A parsing.
Fixes in card-flex.c and card-miocos.c - SC_FILE_STATUS_xxx is not
bitfield.
Function sc_pkcs15init_update_file(): we will try to select the file, if
file can not be selected, the file is created, and select operation is
repeated. In both cases, the "selected_file" variable contains the current
FCI of the selected file.
Then the sc_pkcs15init_authenticate () function is called, but not with
"selected_file" variable, but "file" variable where the FCP data is present
(from the file creation operation).
Difference between FCP and FCI (pkcs15-init -C / MyEID card).
62 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 00
6F 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 01
Here it is clear that the data from FCP are outdated. The card changed the
TAG 0x8a from 0 to 1 ("no information given", "creation state".) We need to
respect the authority of the card, FCI is to be used in next code, not FCP.
modified: src/pkcs15init/pkcs15-lib.c
Jakub Jelen
alt3r 3go
ihsinme
Zhang Xiaohui
Vincent JARDIN
Doug Engert
Peter Popovec
Frank Morgner