Lars Silvén
8257e0186d
The PKCS#11 specifies that the PIN parameter(s) in C_Login and C_SetPIN
...
always should be used, even if a PIN pad reader is used. PIN must only
be fetched from the PIN pad reader if the corresponding parameter is
null.
Before this commit PIN was always fetch from the reader if the PIN could
be fetched from the reader.
The 'pkcs11-tool has also been updated. Before parameters was never
taken from the command line if a PID pad reader was used. Now PINs from
the command line is always used but if not existing the PIN is fetched
from the reader if a reader with a PIN pad is used, otherwise the user
is prompted for PIN(s) from the CLI.
2020-04-08 09:54:07 +02:00
Jakub Jelen
5721961be2
pkcs11-tool: Properly report invalid signatures
...
Comparison is always false because rv <= 0.
Thanks lgtm
2020-03-04 21:27:56 +01:00
Jakub Jelen
0a610319bd
pkcs11-tool: Fix wrong printf arguments
...
This argument should be of type 'unsigned int' but is of type 'unsigned long'
Thanks lgtm
2020-03-04 21:27:56 +01:00
Frank Morgner
0cd19b59e1
pkcs11-tool: add --usage-wrap (disabled by default)
...
fixes https://github.com/OpenSC/OpenSC/issues/1913
2020-02-01 22:29:35 +01:00
Frank Morgner
45a77ab88d
Merge pull request #1772 from Jakuje/idprime
...
Add support for Gemalto IDPrime smart cards
2020-01-31 15:49:29 +01:00
Frank Morgner
ee1c8073c2
pkcs11-tool: allow tests with keys that don't require PIN
...
... such as the 9e key of a PIV card.
2020-01-17 16:04:39 +01:00
Jakub Jelen
40c41cee0c
pkcs11-tool: Make the SHA256 default for OAEP decryption
...
It is already default in all the other functions and it really makes sense since
the SHA1 is being obsoleted
2020-01-07 13:29:53 +01:00
Priit Laes
0b4b7fbaf0
openssl: Drop all compatibility checks for <=openssl-1.0.0
2020-01-06 15:47:07 +01:00
Julian Strobl
e9aa163fe5
pkcs11-tool: fix output of test_decrypt
...
Before the output looked like this, if a public key was not found:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
RSA-X-509: RSA-PKCS: testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
```
Now:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3) -- can't find corresponding public key, skipping
testing key 3 (IDKey4) -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Julian Strobl
81940e123b
pkcs11-tool: align output for test_signature
...
Before it was a bit confusing, e.g.:
```
testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
RSA-X-509: OK
couldn't find the corresponding pubkey
testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```
The error message in line 3 is for IDKey3 and not for IDKey2.
With this patch the output is aligned with `test_verify`:
```
testing key 1 (IDKey2) with 1 mechanism
RSA-X-509: OK
testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Frank Morgner
07cff0e168
fixed 341844 Incorrect deallocator used
2019-11-05 21:49:30 +01:00
Frank Morgner
53ff7182fb
pkcs11-tool: disable wrap/unwrap test ( #1808 )
...
... until https://github.com/OpenSC/OpenSC/issues/1796 is resolved
2019-10-01 11:52:33 +02:00
Frank Morgner
e2491a7d7f
pkcs11-tool: fixed displaying secret key attributes ( #1807 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1805
2019-10-01 11:51:55 +02:00
Frank Morgner
25bc8fc167
fix https://github.com/OpenSC/OpenSC/issues/1786
...
Thanks to Alexandre Gonzalo
2019-09-16 13:06:38 +02:00
Raul Metsma
3a192e2c87
pkcs11-tool: Add extractable option to key import
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
Doug Engert
a2dd500624
Fix pkcs11-tool encryption error Fix #1694
...
Make sure data being encrypted is less then the modulus.
On branch pkcs11-tool-encryption
Changes to be committed:
modified: ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
Jakub Jelen
e501c5ae81
Unbreak build without OpenSSL
2019-05-21 18:44:06 +02:00
Frank Morgner
e275b34269
fixed 339157 Unused value
2019-05-14 14:50:17 +02:00
Frank Morgner
86ba3ea489
fixed Wrong type of arguments to formatting function
2019-05-02 10:08:28 +02:00
Frank Morgner
8382f243b2
fixed 337891 Out-of-bounds write
2019-04-25 15:44:11 +02:00
Frank Morgner
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11
2019-04-25 14:51:54 +02:00
alegon01
e21cb5712c
Fix in encrypt_decrypt(), initialize the mgf
2019-04-24 14:03:35 +02:00
Dmitriy Fortinskiy
8cf1e6f769
pkcs11-tool: List supported GOST mechanisms
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
a5382d32fd
pkcs11-tool: Show GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
0e12b1dc71
pkcs11-tool: Generate GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
4614beb87e
pkcs11-tool: Add keys access flags
2019-04-17 16:40:41 +02:00
Raul Metsma
91a1dd9af4
Option to delete object by index
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
Raul Metsma
3935d501bf
Implement Secret Key write object
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
Frank Morgner
fe95520e3e
explicitly import libpkcs11.h
2019-04-08 11:16:13 +02:00
Jakub Jelen
fc4d600634
pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
...
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
alegon01
f631b5f733
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:39:52 +02:00
alegon01
4913feadb8
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:38:12 +02:00
alegon01
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
alegon01
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
alegon01
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
Frank Morgner
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
alegon01
7271fe610b
Add support for the OpenSsl signature format for the signature verification.
2019-02-18 16:03:41 +01:00
alegon01
9ae507c5f8
Fix indentation.
2019-02-12 14:09:26 +01:00
alegon01
b63a868e68
Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined.
2019-02-12 10:42:39 +01:00
alegon01
973625773b
Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a.
2019-02-07 10:42:48 +01:00
alegon01
084624f340
Fix CKM_RSA_PKCS in encrypt_decrypt().
2019-02-05 12:03:51 +01:00
alegon01
9aa413bd7e
Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported.
2019-02-05 11:35:42 +01:00
alegon01
d25fbe3cec
Remove 2 useless comments in encrypt_decrypt().
2019-02-05 11:24:33 +01:00
alegon01
3d09823df0
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting.
2019-02-04 14:26:02 +01:00
alegon01
f030aa2c25
Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data().
2019-02-04 14:23:13 +01:00
alegon01
9b7605ff3c
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized.
2019-02-01 15:27:55 +01:00
alegon01
cf617da4bd
Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it.
2019-02-01 11:37:47 +01:00
alegon01
2be799f739
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
2019-02-01 11:35:25 +01:00
alegon01
16ca73ae40
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal().
2019-02-01 11:19:33 +01:00
alegon01
968bfa8444
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt().
2019-02-01 09:16:59 +01:00