In PukDF of PKCS#15 the public key value can be presented by 'direct value', by path or by path and reference.
For the different cards the public key can be stored in EF, internal EF or in card specific SDO (security data objects).
A new card handle allows to read out the public key from the card specific SDOs.
Thanks to Andreas Schwier.
http://www.opensc-project.org/pipermail/opensc-devel/2012-September/018455.html
In PKCS#11 FW, the 'certificate' FW object is used to create corresponding 'public'key' FW object
or to get some of its attributes.
Seg.fault occured when, in the same session, the related certificate was destroyed and after that
there was the attempt to get such public key attributes.
"The encoding of {public,private}GOSTR3410Key uses tag [CONTEXT 3] which is reserved for KEAKey.
Caused by the fact, that the specifications (pkcs15,iso) don't define a encoding for GOST,
the genericKey encoding [CONTEXT 4] from iso-7816 should be used." (Andre)
Decode/encode 'subjectName' attribute from the 'CommonPubkeyAttributes'
Use macros for the size of the asn1_entry tables.
Use short call form for debug messages.
Procedure to convert the pkcs15 public key to EVP_PKEY type key.
Coding style issues.
EC parameters can be presented in a three forms: namedCurve, OID and implicit data.
This new data type will facilitate manipulation of ec-parameters in the OpenSC tools and library.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5386 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c: In function 'sc_pkcs15_pubkey_from_spki_filename':
pkcs15-pubkey.c:944: warning: 'buflen' may be used uninitialized in this function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5256 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c:787:5: warning: no previous prototype for function
'sc_pkcs15_read_der_file' [-Wmissing-prototypes]
int sc_pkcs15_read_der_file(sc_context_t *ctx, char * filename,
^
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5131 c6295689-39f2-0310-b995-f0e70906c6a9
support routines. Add definitions for EC keys,
parameters and extensions to structures.
Add the sc_card_find_ec_alg, sc_pkcs15_decode_pubkey_ec,
sc_pkcs15_encode_pubkey_ec, sc_pkcs15emu_add_ec_prkey,
sc_pkcs15emu_add_ec_pubkey routines.
Only EC named curves are currently supported.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4902 c6295689-39f2-0310-b995-f0e70906c6a9
to pkcs15-pubkey.c and call the new sc_pkcs15_pubkey_from_spki.
Add sc_pkcs15_pubkey_from_spki_filename to allow a file to
contain the subjectPubkeyInfo, which will be used the the PIV
driver when EC is implemented. The format of the file, is the
same as an X509 certificate subjectPublicKeyInfo and what
OpenSSL calls an EVP_PKEY, which includes the algorithm,
any parameters and the public key.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4874 c6295689-39f2-0310-b995-f0e70906c6a9
sc_pkcs15_cert now has pointer to sc_pkcs15_pubkey, allowing it to
be removed and used separatly.
sc_pkcs15_pubkey now has pointer to sc_algorithm_id to faclitate
addition of other key algorithms and their parameters.
Various code changes to free these structures and references
to the structures have been changed.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4805 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
Working now with GOST R 34.10:
$ pkcs15-init --store-private-key key --key-usage sign,decrypt --auth-id 2 --id 1 --pin "12345678"
$ pkcs15-init --store-certificate my_cert --id 1 --pin "12345678"
But have problem: no CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if pub_key object was removed (see parse_x509_cert, asn1_decode_gostr3410_params)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3859 c6295689-39f2-0310-b995-f0e70906c6a9
void sc_mem_clear(void *ptr, size_t len);
to clear a memory buffer. If OpenSSL is used this function
is a wrapper for OPENSSL_cleanse, otherwise memset is currenlty used.
Use this function to clear memory buffers with sensitive content.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2601 c6295689-39f2-0310-b995-f0e70906c6a9
building PC/SC, OpenCT or USBToken support,
use ifdef's directly in source.
- Because of above, add HAVE_PCSCLITE for winconfig.h
- Remove unnecessary includes for log.h, opensc.h and
errors.h in libopensc sources, they're already taken
care by internal.h.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1406 c6295689-39f2-0310-b995-f0e70906c6a9
Jochen Friedrich)
- Fixed one bug in sc_copy_asn1_entry(), one in
sc_pkcs15init_add_object() and one in pkcs15-crypt
(patches also by Jochen)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@609 c6295689-39f2-0310-b995-f0e70906c6a9
in struct sc_pkcs15_card; this way we can have 'floating'
objects that don't belong in any DF, for e.g. generating
public key objects from certificates
- Removed some unused function prototypes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@572 c6295689-39f2-0310-b995-f0e70906c6a9