The original ECC code in OpenSC stored the ecpointQ as a DER encoded OCTET STRING.
Shortly before 0.13.0, code changes where made to store the ecpointQ as raw data
without the DER encoding.
Only some of the code was changed to support this but not all, and the comments
that said the ecpointQ was in DER where not changed either.
Some card drivers continued to work, using the original code in all place,
while some cards failed, as they where using a mixture of original code and
0.13.0 code.
This commit fixes these problems.
The ecpointQ is stored in raw format
A new structure type sc_pkcs15_u8 is defined.
The ecpointQ are changed to use the struct sc_pkcs15_u8. This was done to avoid
the confusion of using struct sc_pkcs15_der to hold non-DER encoded data.
(There may be other uses for this too...)
Comments are change is many places.
sc_pkcs15_decode_pubkey_ec was fixed to store the raw ecpointQ correctly.
sc_pkcs15_pubkey_from_spki was change to get the sc_ec_params from the alg_id
and fix up u.ec.params. Unfortunately the OpenSC code has two places EC parameters
are stored. They can get out of sync, or there may still be code
that looks in the wrng oplace. o(TODO get it to only only place.)
The u.ec.params.field_length is now set in a number of places, as this is need
in many of the PKCS#11 routines.
framework-pkcs15.c will now correctly return the DER encode ecpointQ,
for the CKA_EC_POINT attribute using pubkey->data which has the DER encoding
for the ecpointQ.
framework-pkcs15.c will look for the EC parameters in either the u.ec.params.der,
or in the alg_id->params. (TODO get it to only only place.)
pkcs15-myeid.c has some comments, as it looks like the code is storing a TLV
rather then a DER encoding of the ecpointQ. With the wrong encoding PKCS#11 will
return the wrong attribute for CKA_ECDSA_PARAMS.
pkcs15-piv.c is changed so emulation of a pubkey taken from a certificate will
work correctly.
card-dnie.c:1481:2: error: too few arguments to function `sc_pkcs1_strip_01_padding'
The prototype of sc_pkcs1_strip_01_padding() changed between the patch
submission and its integration.
fixes a lot of warnings which pass a const buffer to the APDU's data
Note that a non-const data member is only required for sc_allocate_apdu
sc_free_apdu. They are currently used with an explicit typecast.
However, sc_allocate_apdu and sc_free_apdu both are not used once in the
entire project. One might also simply throw both functions away.
-- Both are thrown away. (VT)
Cards formatted with one-pin profile can not be used (for modification
of the data on the card with pkcs15-init -X for example) after this
commit, which prevent the reading of 5015/4946 (containing the
profile).
The part of the code was simply commented out without comment.
Maybe it was used for testing purposes, and not removed for
the commit ?
From @geoffbeier:
(https://github.com/OpenSC/OpenSC/pull/171#issuecomment-20407132)
So it sounds like the right fix is to:
* check the return value of sc_ctx_log_to_file() and have sc_do_log_va()
return if it's anything other than SC_SUCCESS.
* Inside sc_ctx_log_to_file() make sure to set ctx->debug_file to NULL
whenever it does call fclose() on it.
* Inside sc_do_log_va() where it currently calls fclose() check
if(ctx->debug_file && ctx->debug_file != stdout &&ctx->debug_file != stderr)
Cards formatted with one-pin profile can not be used (for modification
of the data on the card with pkcs15-init -X for example) after this
commit, which prevent the reading of 5015/4946 (containing the
profile).
The part of the code was simply commented out without comment.
Maybe it was used for testing purposes, and not removed for
the commit ?
0x9B is defined as the Card Management Key, and probably shouldn't be
regenerated. 0x9E is the Card Authentication key which is what you
should be generating keys for. This also brings piv-tool in line with
the documentation that states 0x9A, 0x9C, 0x9D and 0x9E are the proper
keyIds to use.
In a supplement to f5d53ab01783b0c37802e35f063fdbe5814bdbc7.
Subject and Issuer, returned by pkcs#15 framework, are already encoded as ASN1 sequence.
No need to wrap them in a second ASN1 sequence frame.
* iso7816_check_sw() emits a "informational message" (from ISO7816-4 table 6)
* SW-s which are not known or not meaningful for internal API get translated
to SC_ERROR_CARD_CMD_FAILED by default, so use it also in the SW table
* Remove undefined SW-s and move generic SW-s to their sequential location.
This commit improves 8fc679bf40
When creating new DATA object, keep it's value in 'data' member of
'sc-pkcs15-data-info' data.
Used by pkcs15init emulation layer to store DATA value into a proprietary placement.
New member keeps the value of the PKCS#15 DATA object.
Internal pkcs15 procedure that reads DATA object is modified
to check if requested data are already vailable in 'data-info',
an only then try to read the content of dedicated on-card file.
For some emulated PKCS#15 systems value of DATA object is kept as 'direct' value
in a proprietary attribute files and so the common read procedure could not be used.
; some efforts to unify layout of code source.
Initiated by discussion in https://github.com/OpenSC/OpenSC/pull/134 .
SC_ERROR_MEMORY_FAILURE has to be used as a resulting code of the card related operations,
and not as result of the memory allocation problems.
New 'warning' category of SC_ERRORs introduced -- SC_WARNING_xx .
Error text and SC_ERROR associated with return codes 6300 and 6200 has been changed.
EVP_CIPHER_CTX_set_padding needs to be called after EVP_EncryptInit_ex
and EVP_DecryptInit_ex, otherwise padding is re-enabled, which in turn
causes buffer overruns
In set_security_env, the algorithmInfo structure (from the TokenInfo file of
PKCS#15) is parsed to see, what algorithm IDs are supported for signature
operations.
Using the information from AlgorithmInfo set in set_security_env when
computing signatures.
Fixed incorrect order of code blocks. If neither a reference to rsa_sig nor to
rsa_pure_sig is found in AlogirthmInfo, boths methods are enabled before (and
not after) trying pure_sig
All the other option values are initialized to NULL, so do the same to
opt_auth_id.
(Although, as they're all static globals, they should be set to 0 at
runtime anyway, I think...)
Signed-Off-By: Anthony Foiani <anthony.foiani@gmail.com>
It seems that this suffered some copy and paste damage at some point.
Change so that we check each return value immediately after the API
call.
Signed-Off-By: Anthony Foiani <anthony.foiani@gmail.com>
t457 (https://www.opensc-project.org/opensc/ticket/457)
For some cards that currently use the common iso-7816 operations
only SELECT with return of FCI/FCP can be applied.
In iso-7816 'select-file' handle, if 'SELECT without FCI' fails with error code 6A86,
then retry 'SELECT with FCI'. Other error code can be added.
Sorry for the 'coding style' noise.
In PukDF of PKCS#15 the public key value can be presented by 'direct value', by path or by path and reference.
For the different cards the public key can be stored in EF, internal EF or in card specific SDO (security data objects).
A new card handle allows to read out the public key from the card specific SDOs.
CK_VERSION is included into PKCS#11 data but is not specified by PKCS#15.
CK_VERSION can be provided by card's pkcs15 emulator or by the card's driver,
including the cards with the native support of pkcs#15 (and thus without pkcs15 emulator).
That's why the more general solution is to have these data included into 'sc-card' data type.
Thanks to Andreas Schwier.
http://www.opensc-project.org/pipermail/opensc-devel/2012-September/018455.html
In PKCS#11 FW, the 'certificate' FW object is used to create corresponding 'public'key' FW object
or to get some of its attributes.
Seg.fault occured when, in the same session, the related certificate was destroyed and after that
there was the attempt to get such public key attributes.
To hold the raw certificate blob in 'sc_pkcs15_cert' data use the 'sc_pkcs15_der' data type.
also:
; in 'pkcs15-cert.c' use short call of the debug messages;
; in 'destroy-object' pkcs15 framework handler take into account the multi-application cards:
-- when binding card use the application info;
-- when finalizing profile use the application ID.
Fix autoreconf warnings:
$ autoreconf -vis -Wall
[...]
src/common/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/libopensc/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/minidriver/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs11/Makefile.am:10: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs15init/Makefile.am:36: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/scconf/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/sm/Makefile.am:8: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tests/Makefile.am:9: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tools/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
select_object_path: Fixed misplaced return and wrong return code. This bug is the cause why a profile
must include a template even for fully emulated cards.
sc_pkcs15init_store_certificate: Added a call to the emulation layer when the private key
description requires an update after storing a certificate. Should not break existing code.
sc_pkcs15init_delete_object: Now calling the emulation layer before the frameworks tries to delete
files itself. An emulation that deletes object explicitly and leaves the deletion of some objects
to the framework will now need to completely handle deleting objects (by calling the methods of the
framework).
sc_pkcs15init_update_certificate: Missing call to the emulation layer added.
in previous version
first of all the 'reader' option's value was converted to hexadecimal form,
used as ATR value
and all present readers where scanned to find the inserted card with such ATR.
Only after this the 'reader' option was used as reader's number or reader's name.
Currently in use the 'hex-to-bin' procedure accepts for conversion one digit,
and so even if the 'reader' option value is one digit,
the useless search over all present readers take place.
In the current version the order of checks if kept (ATR, reader's number, reader's name),
but enforced the validity check of ATR, presented by 'reader' option.
Also the option is accepted as reader's number only if the 'entire' option's string can be converted to integer.
Thanks to 'jbwisemo' for cooperation.
https://www.opensc-project.org/opensc/ticket/404
'PACE' is extremely card specific protocol and has not to be ostensibly
present in the common part of OpenSC:
* currently in OpenSC there is no card driver that supports or uses this protocol;
* amazing content of the common 'sc_perform_pace' -- beside the verbose logs
the only substantial action is to call the card/reader specific handler.
According to the current sources and the pull request 83
this 'common' procedure is called by the card driver or
card specific tool/operation.
* currently the 'PACE' can be thouroghly tested only by one person (Frank Morgner),
and only using the OpenSSL patched with the PACE specific patch.
So, at least a dedicated configuration option could be introduced when comiting PACE to the common part.
* common 'sc_perfom_pace' has the same role as the 'initialize-SM' handler of the existing SM framework
and can be implemented as card specific SM, as the others cards do.
This confirmed by Frank Morgner, the author of PACE commits and nPA card driver, himself.
(https://github.com/OpenSC/OpenSC/pull/83)
If tlvblock is not stored then the value is lost and the allocated
mempry is leaked.
Coverity: Resource leak (RESOURCE_LEAK)
Calling allocation function "pgp_build_tlv" on "tlvblock".
Coverity: Missing break in switch (MISSING_BREAK)
"A break statement was missing. The case SC_PKCS15_TYPE_PRKEY_EC was then
managed as a SC_PKCS15_TYPE_PRKEY_DSA" (Ludovic Rousseau)
"the break here has no sense, because LOG_TEST_RET will always return SC_ERROR_NOT_SUPPORTED before"
(Frank Morgner https://github.com/OpenSC/OpenSC/pull/85)
'break' is kept to satisfy coverity.
Fixed issues in pkcs11-tool/test_signature is card has RSA and ECDSA keys
Fixed bug in sc_pkcs11_signature_size that returns the wrong ECDSA signature size
Limit the number of cases when applicated re-selection of application DF to strict minimum.
I.e. only when pkcs11 login session is not locked and private key PKCS#15 object do not
contain the 'path' attribute.
"The encoding of {public,private}GOSTR3410Key uses tag [CONTEXT 3] which is reserved for KEAKey.
Caused by the fact, that the specifications (pkcs15,iso) don't define a encoding for GOST,
the genericKey encoding [CONTEXT 4] from iso-7816 should be used." (Andre)
* Make the OPENSC_DEBUG environment variable work even when no
conf file is available.
https://www.opensc-project.org/opensc/ticket/388
Signed-off-by: Viktor Tarasov <viktor.tarasov@gmail.com>
Thanks to 'crank'.
https://www.opensc-project.org/opensc/ticket/439
Some pkcs11 callers (i.e. netscape) will pass in the ASN.1 encoded SEQUENCE OF SET,
while OpenSC just keeps the SET in the issuer/subject field.
According to ch.4.2 of MyEID reference manual v1.7.6 the only possible value of P2 of 'SELECT' APDU is '00'.
For this reason, when caller do not request to return 'sc_file' data,
use the non-null dummy 'sc_file' pointer in the call of iso->select_file,
and thus avoid the P2 different from '00'.
Also log calls are replaced by its short forms,
and resolved the 'trailing spaces' issues.
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.
OpenSC will not cache a PIN that protects a user_consent
object as one would expect.
This mods allows PINs to be cached even if protecting a
user_consent object by adding
pin_cache_ignore_user_consent = true;
option in opensc.conf.
Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
Harmonize the allowed PIN length in CHANGE & UNBLOCK with the one in VERIFY,
making sure they are large enough for OpenPGP, which allows up ro 32 characters,
and giving additional security margin for other cards.
In VERIFY, allow the user to enter the PIN unteractively if it was not given
on the command line, and if the card reader does not support PIN input.
If it was not given on the command line and the card reader supports PIN input,
then the bahaviour is unchanged: enter PIN via card reader.
In file included from pkcs15.c:30:
cardctl.h:870: error: expected specifier-qualifier-list before 'time_t'
Change-Id: I5faad5462ba6268fd7cf48a04f41e1755597ad0c
The card contains only 1 certificate, which can be used for encrypting.
But this certificate is bound with authentication key, so when decrypting,
the authentication key will be presented to check.
This commit allows to bypass the check in driver. However, it is not enough.
The users have to import the same key to "Encryption key" to help the card find
right key to work.
OpenPGP: Add log and comments.
OpenPGP: Pretend to select dummy files.
Some files are needed by pkcs15init, but not exist in OpenPGP card.
We pretend to know these dummy files to make pkcs15init successful.
Compilation error on windows:
when declaring array use explicit size, add pkcs15-openpgp.obj in Makefile.mak
OpenPGP-pkcs15int: Add more debug log.
OpenPGP-pkcs15init: Add more checks in key generation.
Check for key ID. Set default key.
Check for result of key generation from driver.
Example command:
pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key quan-key.pem --auth-id 3 --verify-pin --extractable --id 3
pkcs15init-OpenPGP: Some parts in openpgp.profile are not used.
We need this function to use OpenPGP's specific action flow instead pkcs15init's default.
This will help to avoid redundant steps which may make the overall process fail.
OpenPGP: Some indentations need to be tab-size-independent.
OpenPGP: Check for null data when storing fingerprints.
OpenPGP: Allow to provide creation time to store (when gen/import key).
Old: Only store current time.
New: Can provide time to store, not only calculate current time.
OpenPGP: Correct setting content of pubkey blobs after key generation.
cardctl: Add definitions to support key import in OpenPGP.
OpenPGP: Add support for key import at driver level.
openpgp-tool: PIN verfication support.
openpgp-tool: Add notification in case of error.
openpgp-tool: Add manual for key generation and PIN verification.
Correct the way to parse response data.
Updated wrong blob for pubkey info <~~ Fix.
OpenPGP: Store creation time after generating keys.
OpenPGP: Put_data: Handle the case that DO exists but its blob does not.
When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable.
OpenPGP: Set algorithm attributes before generating key.
OpenPGP: Add dependency of OpenSSL.
OpenPGP: Calculate and store fingerprint.
Calculate and store fingerprint after generating key.
OpenPGP: Update blob of pubkey info.
Update blob holding pubkey info after generating key.
OpenPGP: Add step to update card algorithms.
Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
The code to send the APDU to the piv card when using
piv-tool -s xx:xx:xx... was inadvertently removed
on 2011-04-26 02:29:53 by: 1cdb3fa971
APDU parsing: switch to Frank Morgner's implementation
The missing code is replaced.
The -s option is infrequently used, so the problem
was not spotted earlier.
CKA_ALWAYS_AUTHENTICATE implies CKU_CONTEXT_SPECIFIC login, but all this
key really should need is a C_Login with CKU_USER.
The historical reason for having CKA_ALWAYS_AUTHENTICATE set was to keep
Firefox/NSS from using that particular key for SSL connections. However,
starting with Firefox 8, NSS ignores Non Repudiation certificates for
SSL and that makes the CKA_ALWAYS_AUTHENTICATE workaround unnecessary.
Now that Firefox is fixed, drop the workaround in OpenSC so that
applications that follow the pkcs11 spec wouldn't have to login twice to
access the key.
For some cards some APDUs are always transmitted in a plain mode,
even if SM session is opened.
For these APDUs the 'get_sm_apdu' card's handler returns SUCCESS without wrapped APDU version.
In such cases 'transmit' is called for the plain APDU.
when freeing key object, do not throw an error if supplied key pointer is NULL;
sc_pkcs15_free_prkey() procedure should not free the supplied key pointer,
the body of this procedure is replaced by body of sc_pkcs15_erase_prkey().
staitc sc_pkcs15_erase_prkey() is not more used.
Application path can contain non-zero length path value and AID.
In this case select AID as DF_NAME only if length of path value is zero.
Segfault: dereferencing NULL pointer, thanks to Magosányi Árpád
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* don't zero-fill the DO's contents but empty it
* get rid of unnecessary variables
* select parent DF after deletion (required by to ISO 7816-9)
* don't try to delete MF
Fail on idx > 0 in order to avoid the requirement to read from the DO.
The DO may be read-protected, and this might either fail or produce
wrong results.
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* update comment
* check that blob->data is defined
* fix writing new data to the correct offset
* use calloc() instead of malloc() & memset()
* align pgp_ops function pointer list
* make sure variables of type u8 do only get passed fitting data
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* leave most of the spcial casing in ADPU handling to sc_adpu_transmit()
* use SC_ADPU_CASE_1 for empty buffer (avoids special casing Lc=0)
* clean up log strings & comments
When getting string configuration parameter,
ignore non 'auto-configurated' in configuration file value
(ex. @SOME_VALUE_IN_OPENSC_CONF@) and return it's default value.
Rainer Metsvahi
Doug Engert
Raul Metsma
Viktor Tarasov
Tim Taylor
Frank Morgner
Ludovic Rousseau
Ludovic Rousseau
Charles Bancroft
Jean-Pierre Szikora
JP Szikora
entersafe
German Blanco
Andreas Schwier
Martin Paljak
João Poupino
Dirk-Willem van Gulik
Ondrej Mikle
Zbigniew Halas
Ondrej Mikle
Frank Thater
mescheryakov1
Toni Sjöblom
mtausig
blumentopf
Anthony Foiani
riham
Frank Thater
Peter Marschall
Stef Walter
Nguyễn Hồng Quân
Nguyễn Hồng Quân
Kalev Lember
Diego Elio Pettenò
Mathias Brossard