When the application (NSS) does not use WaitForSlotEvent and just
opportunistically tries to detect card and reader removals with
C_GetSlotInfo() and C_GetSessionInfo(), we might get errors in
various plcaes, in the sc_lock() function, when we try to transfer
other messages or when we ask for the reader status.
This is generally too late to call any disconnect functions because no
PC/SC handles are valid anymore. The reader state from PCSC
is searched by name so we can be pretty sure it is very similar
reader (with same name as the old one) and I hope we can reuse the
reader structure and just call the pcsc_connect() on that as we do
with invalid handles.
Otherwise we detect this issue in the refresh_attributes() (called
from C_GetSlotInfo()), where we can report the slot change in the
expected manner.
Fixes#1822
The error was
fuzz_pkcs15_reader.c: In function ‘fuzz_get_chunk’:
fuzz_pkcs15_reader.c:66:19: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
66 | *chunk_size = (uint16_t) data->Data;
| ^
cc1: all warnings being treated as errors
The negative integers were parsed uterly wrong, resulting in undefined
shift overflows as reported by oss-fuzz.
The current implementation takes negated values (properly masked) and
calculates two's complement in the end, which results in correct values
and correct data handling.
https://oss-fuzz.com/testcase-detail/5125815506829312
Reported by clang analyzer:
src/libopensc/asn1.c:2115:14: warning: The right operand of '<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
if (halflen < r_len || halflen < s_len) {
* pkcs11-register: Fixed detection of already registered OpenSC
Anny configuration of onepin-opensc-pkcs11.so and opensc-pkcs11.so
should be enough to skip registering the default module again.
* Use onepin module for generic NSS DB
fixes https://github.com/OpenSC/OpenSC/issues/1818
May have the disadvantage that some other programs that use NSS don't
see the signature keys. However, we currently only know for sure that
Chromium is using the generic NSS DB.
The corresponding GET DATA command only returns the serial,
nothing else.
Tested with CardOS 5.0 and 5.3 cards. The serial number
is the same as shown with other tools
Changed four places where "<" should be "<=" so Le will be set correctly
Previous for 65K (extended) or 256 (short) Le is left set to 0.
This then caused Le to be to be not added to APDU as Le==0
Code later converts actual Le in APDU to be set to 0 to mean 256 or 65K.
SC_APDU_CASE_*_EXT are changed to SC_APDU_CASE_* so sc_detect_apdu_cse
to set the cse based on card capabilities as well as data chaining.
This commit is not well tested and neds review.
On branch fix-1731
Changes to be committed:
modified: src/libopensc/card.c
buf_len is a CK_ULONG (unsigned long). But if the attribute is sensitive
or is not extractable or is invalid for the object then the library set
the buffer length value to (CK_LONG)-1.
It is more friendly to see "-1" instead of "18446744073709551615" (on
64-bits CPU)
opensc-tool: for options --version, --list-readers, -D, etc. we do not
need to connect card/reader. This removes unnecessary error messages
if card is not present in card reader or if reader is not available.
util.c: use symbolic error codes, pass error codes to caller without change.
CID 344928 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH)
suspicious_sizeof: Passing argument object_handles of type CK_OBJECT_HANDLE_PTR and argument objects_length * 8UL /* sizeof (CK_OBJECT_HANDLE_PTR) */ to function realloc is suspicious. In this case, sizeof (CK_OBJECT_HANDLE_PTR) is equal to sizeof (CK_OBJECT_HANDLE), but this is not a portable assumption.
CID undefined (#1 of 1): Unchecked return value (CHECKED_RETURN)
10. check_return: Calling RSA_set0_key without checking return value (as is done elsewhere 7 out of 8 times).
* The fail_msg() in cmocka has a way not to fail, which confuses coverity. Adding explicit retunr/exit should address this issue
* Reformat some code in p11test
Option -r is used in other opensc tools to specify card reader. pkcs15-tool
uses -r to specify cerfificate. This fix intorduces warning message if -r
is used, and for future versions of pkcs15-tool -r is used to specify
reader.
sc-ossl-compat.h will check if OpenSSL has been built with or without some
deprecated defines. OpenSSL will provide defines for some of these if
built to still support depreacted routines but not if built with
"no-depracted". .
This commit will define some of the needed defines if ther are not
defined by OpenSSL. Thus if a distro builds OpenSSL with "no-depracted"
it can still be used.
On branch fix-1755
Changes to be committed:
modified: src/libopensc/sc-ossl-compat.h
When card supports SC_ALGORITHM_RSA_PAD_PKCS1 but not SC_ALGORITHM_RSA_HASH_NONE, then the DigestInfo need to be removed.
Current check make requires the card to not support both SC_ALGORITHM_RSA_PAD_PKCS1 and SC_ALGORITHM_RSA_HASH_NONE to have the removal done.
when importing a private key onto a pkcs15 card, if the card does not support
extended APDUs, we need to use chaining to store keys longer than 255 bytes.
While for RSA keys, this check was included, it was missing for EC keys.
This patch adds the SC_APDU_FLAGS_CHAINING flag to apdu.flags if data length is
greater than 255 and the card caps does not include SC_CARD_CAP_APDU_EXT.
Fixes#1747
The check condition is obviously wrong. It should check for EQUAL. The original bitwise check caused any other language to turn into DE because as long as a bit is filtered, it will hit.
Fixes regression from commit 3688dfe which did not consider that
the zero prefixing tests were too generic and matched EC keys too.
This simplifies the code even further and avoids data copying
when possible. Proper test is now included to do data value prefixing
only for the RSA keys it is needed.
Closes#1701.
At the point when gemsafe_match_card is called, the card type is already known,
either because of a previous match at card.c, or because it is forced at opensc.conf.
With this redundant match it's not possible to force selection on opensc.conf.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
This adds support for a minimalistic, small and fast card profile based on IAS-ECC.
Based on information from https://installer.id.ee/media/id2019/TD-ID1-Chip-App.pdf
and proprietary driver snoops.
Thanks to @metsma and @frankmorgner.
Change-Id: I2e4b4914d8a3b991d9a639728695abf4a2362ca0
Encode the component ID to be key type and component ID. This allows
each combination to be unique and direct mapping to card component
ID type in the code by just taking the low byte. This simplifies
the code, and reduces confusion as there is now only one #define
for each component.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.
This updates the following:
* detection code properly announces 3K and 4K RSA support
when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)
This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.
Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
* pgp: initialize ecc keys for OPC3
* Add supported ECC algorithms by card version
* Add tasks identified so far
* pgp: Recognize ECC set on card
* pgp: get_pubkey_pem read ECC pubkey from card
* pgp: minor code changes for ECC compatibility
* pgp: expand sc_cardctl_openpgp_keygen_info to hold ec info
* Fix segfault problem in pkcs15-pubkey.c
* pgp: enable key generation with pkcs15-init and ECC
* pgp: adapt calculate_and_store_fingerprint to accept ECC
* pgp: adapt rest of pgp_gen_key and subfunctions to accept ECC
* pgp: add kdf parameters for ECDH fingerprint calculation
* pgp: enable key import with pkcs15-init and ECC
* pkcs15-pubkey: fix_ec_parameters onlz accpets explicit data or named_curve
* Fix some mistakes during merge
* More clean up for PR
* Fix some ugly alignments
* Improve code readability
* Prevent unitialized variable by using FUNC_RETURN
* OpenPGP: add length check
* pgp: save exponent length in bits for sc_cardctl_openpgp_keystore_info_t
* pgp: length checks and reallocations
* pgp: oid init added
* OpenPGP: slightly re-factor pgp_update_new_algo_attr()
* replace loop copy with memcpy()
* use ushort2bebytes() to set RSA modulus & exponent
* use symbolic name SC_OPENPGP_KEYFORMAT_RSA_STD for the key import format
* OpenPGP: slighly re-factor pgp_parse_and_set_pubkey_output()
* check for RSA modulus & exponent lengths not being a multiple of 8
* make sure RSA modulus & exponent lengths are always set
* remove a left-over RSA setting from the EC code
* pgp: adding BYTES4BITS
* pgp: initialization of values in pgp_build_extended_header_list based on key type
* pgp: add BYTES4BITS and remove unnecessary tests
* Fix broken pgp_update_new_algo_attr
* pgp: fix the ecpoint_len variable
* Add object type "secrkey" to help of --type switch in pkcs11-tool
Reading an object with pkcs11-tool requires the `--type` switch. The help for that switch is currently incomplete as it is missing the (not very friendly named" *secrkey* option used to read out a secret key object.
I have added this information to the help description.
* Update man page
Describe secrkey option of pkcs11-tool's --type switch in man page
Framework-pkcs15.c silently ignores adding objects if MAX_OBJECTS
is exceeded while creating the fw_data objects. This simple fix
is to change the MAX_OBJECTS from 64 to 128. A better fix would
be to realloc the objects arrays as needed.
__pkcs15_create_data_object and __pkcs15_create_secret_key_object
now return rv like the other __pkcs15_create_*_object routines.
pkcs15_dobj_get_value now calls sc_pkcs15_read_data_object just like
the other pkcs15_*_get_value routines. The problem was introduced
in 0c3412bb 2018-04-09 which added:
`return sc_to_cryptoki_error(SC_SUCCESS, "C_GetAttributeValue");`
before trying to read the data object.
The MAX_OBJECT problem was discovered while trying to use a new PIV
card with 24 standard cert objects and 10 other objects for a total
of 106 objects. Each cert object corresponds to a cert, pubkey,
private key, and the cert object itself for a possible 112 data objects.
The pkcs15_dobj_get_value was found while running:
running pkcs11-tool -r -y data --application-id 2.16.840.1.101.3.7.2.1.1
using git bisect to locate the bad commit. The pkcs11 data objects are
created last from the pkcs15 objects which are a linked list with no limits.
On branch fix-object-restrictions
modified: src/pkcs11/framework-pkcs15.c
* consistently use term "Invalid key ID; must be 1, 2, or 3" in error messages
about invalid key IDs instead of various alternatives.
* use error type SC_ERROR_INVALID_ARGUMENTS instead of SC_ERROR_INVALID_DATA
when the key_id was passed to the respective function
* harmonize the checks to consistently use 'key_id < ... || key_id > ...'
In addition, initialize a variable to keep clang & compilers on OSX happy.
Combine sequences
sc_log(..., "...");
LOG_FUNC_RETURN(...);
where c_log() prints a constant string
by
LOG_TEST_RET(..., "...");
This change results in shorter, more concise code as well as
better harmonized error messages.
Don't terminate the messages with a period, because they are going to end up
as the first argument to a format string of the form "%s: ...".
I.e. they will be part of a longer string and terminated by a colon anyway.
When card->sm_ctx.ops.free_sm_apdu gets called in sc_sm_single_transmit
with a prior transmission error, then `sm_encrypt` still tries to
decrypt the response and hence, accesses the previously uninitialized
`resp`.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'apdu_data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(apdu_data)' instead of additional magic constants.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(data)' instead of strange strlen() calculations.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants.
Random data from PIV card is obtained using GENERAL AUTHENTICATE command
for a request of a Challenge from the card. "00 87 00 9B 04 7C 02 81 00"
Usually 8 bytes are returned.
NIST 800-73-3_PART2, "A.1 Authentication of the PIV Card Application Administrator"
"Table 11. Authentication of PIV Card Application Administrator" shows an example of
how to do this.
Some cards (one I have: 3b:7d:96:00:00:80:31:80:65:b0:83:11:17:d6:83:00:90:00)
will not allow 2 of these commands in a row. (Maybe assuming command is only
used as in Table 11 and is expecting the second command.)
Code was added to card-piv.c so if "6A 80" is returned, try the command one more time.
For any other GENERAL AUTHENTICATE failure, SC_ERROR_NOT_SUPPORTED is returned.
piv_get_challenge may be called within a loop from sc_get_challenge if more random
data is needed thus causing the the 2 commands to sent in a row.
On branch piv-improved-matching
Changes to be committed:
modified: card-piv.c
Not all PIV applets are the same. Different versions of NIST 800-73 and improperly implemented
or not implemented required features of NIST 800-73 cases problems. Have a look at the card_issues
listed in card-piv.c. The PIV driver has tried to detect the differences based on clues found in
the ATR historical bytes and vendor version numbers for some cards.
At the same time it has tried to support the possibility there are multiple applets
on a card that the user may want to use at the same time from different applications.
This has lead to some detection problems with Dual CAC/PIV cards. The same cards
sold by the vendor may have only a PIV applet that may not be the same PIV applet that
is on the Dual PIV/CAC cards.
http://www.cac.mil/Portals/53/Documents/CAC-utilziation-and-variation-matrix-v2.03-20May2016.doc
defines a number of official CAC cards in active service. A table of the ATRs for these is now used
to detect these cards. The PIV version of the CCC is also read to see if any CAC PKI objects
are defined in the CCC, indicating it is a Dual CAC/PIV, even if the ATR is not listed.
A more conservative approach to try and handle multiple applets on a card is used. Based
on issues with the implementation of the PIV applet this may not be possible to do.
So for many cards no additional detection will be done at the start of every transaction,
and the login state can not be detected correctly.
ATRs for PIVKEY are also in the match table, as these cards have a log of issues.
Other PIV cards in the future or not yet tested may not be covered properly by this patch.
Extra debugging was added with "PIV_MATCH" to help with these other cards.
With "debug = 7;", `grep PIV_MATCH opensc-debug.log` can be used to see how a card
type and card_issues are derived.
On branch piv-improved-matching
Changes to be committed:
modified: card-piv.c
modified: cards.h
Same information is printed a few line below in same function, the only
difference is that there it takes care of case when label is NULL pointer
unlike this line
secondly, every function call to cosm_write_tokeninfo() in this file
passes label=NULL, and then it tries to print a null pointer
Fixes errors like
src/libopensc/log.h:48:47: error: '%s' directive argument is null
[-Werror=format-overflow=]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. pkcs15-init is using XKU but it should use cert KU to check private key usage instead.
2. Don't mark imported keys as ALWAYSSENSITIVE and NEVEREXTRACTABLE as they are not.
3. When importing keys from PKCS#12 files (with several certs inside), use consecutive IDs for additional certificates (instead of starting from 45).
PKCS#15 token label may be padded with spaces, trim it when making a PKCS#11 token label in order not to loose closing parenthesis.
I would actually prefer for the token label to be "myCard (User PIN)" instead of current "User PIN (myCard)"
before:
$ pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): OMNIKEY AG CardMan 3121 00 00
token label : User PIN (myCard
...
after:
$ pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): OMNIKEY AG CardMan 3121 00 00
token label : User PIN (myCard)
...
1. Show pinpad reader capabilities even for uninitialised tokens. This way pinpad can be used during initialisation.
2. Make possible to create so-pin object during initialisation even if no so-pin was provided (on the command line) but pinpad reader is used and card profile contains so-pin data.
This fixes problem as stated in:
https://github.com/OpenSC/OpenSC/issues/1292#issuecomment-431879472
pkcs15-crypt.c will treat keys with user_consent like PKCS#11 would.
SC_AC_CONTEXT_SPECIFIC is set when doing a verify so a card driver can
take action if needed.
card-piv.c is currently the only driver doing so.
It uses this to hold the card lock so both the VERIFY and following crypto
operations are in the same transaction. The card enforces this restriction.
Without this additional APDUs may be sent before every transaction to test
that the expected applet is selected.
Unlike the circumvention of using ignore_user_consent=true and pin caching
this modification allows a pin pad reader to be used for keys requiring user_consent.
On branch pkcs15-context-specific
Changes to be committed:
modified: pkcs15-crypt.c
pkcs15: added function to get a specific supported algorithm, checking also OID.
This is needed because for AES there are different OIDs for each key length.
For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524>.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
pkcs11-tool --test --login
fails to complete all of its tests.
This commit consists of a patch from @dengert.
To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.
With this change, the command
pkcs11-tool --test --login
succeeds.
Instead of only expecting a key length, and implicitly assuming RSA
as the key algorithm, introduce option --key-type to pass the key type
as a string.
When generating the key determine key algorithm and attributes based on
the key type passed.
If no key was given, default to "rsa2048".
* when listing public keys, do not cut object labels in compact mode
* when listing private keys in compact mode, left align labels
* make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X"
- Added session_object flag to sc_pkcs15init_skeyargs to enable on-card session objects.
- Corrections to handling native and extractable flags
- Allow creating an empty secret key EF for receiving an unwrapped key later.
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
Commit e5707b545e broke signing using minidriver on Windows.
More specifically changing #define SC_ALGORITHM_RSA_PAD_NONE from 0x00000000 to 0x00000001 caused a call to sc_pkcs1_encode() to fail as the padding algorithm was not specified anywhere in the CardSignData() implementation. It kind of worked as long as SC_ALGORITHM_RSA_PAD_NONE was 0x00000000, but the above mentioned commit broke this.
Now padding algorithm has to be explicitly specified, otherwise a call to sc_pkcs1_encode() will fail.
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
modified: src/libopensc/pkcs15-infocamere.c
modified: src/libopensc/pkcs15-starcert.c
modified: src/pkcs15init/pkcs15-lib.c
Changed isf_acl to also need SO PIN for CREATE.
modified: src/pkcs15init/starcos.profile
* localize variables
* print errors to stderr
* release allocated resources
* return error code on error - improve non-interactive use
* do not show help on unknown commands when used non-interactively
* make 'interactive' a global variable
* set it when opensc was called with the SCRIPT argument
* document the behaviour in the manual page
Make interactive a global variable and set it in main.
When arguments are given, compare them like ambguous_match() does,
and show the matching ones only.
Add documentation of the 'help' command to the manual page.
In main loop on multiple matches, show help on matching commands only.
* most importantly: immediately return success on exact match
- this allows one command to be a prefix of another one
- it fixes the long-standing breakage between 'find' and 'find_tags'
* fail on second prefix-only match instead of waiting until the end
* check all parameters
* add comments
* inform caller on whether the match was ambiguous or there was no match
* move printing error messages to processing loopt in main()
Accept a file name as a second argument to the 'random' command
to allow storing the generated random bytes to the file given.
Forbid writing binary data to stdout in interactive mode.
* limit buffer to SC_MAX_EXT_APDU_BUFFER_SIZE
* fix buffer length calculation to correctly calculate the available space
* add length checks when parsing passed data into buffer
* consistently show ellipsis for repeatable arguments as 3 dots
* embrace alternative mandatory arguments with curly braces
* use hyphens instead of spaces within non-literal arguments
for improved alignment with the manual page
Sc_asn1_read_tag can return SC_ERROR_ASN1_END_OF_CONTENTS
which indicates the tag and length are OK, but any value
is not completely contained in the buffer supplied. card-piv.c
can use this when reading just the beginning of a object to
determine the size of a buffer needed to hold the object.
As most of the drivers do not modify these, we can mark them as const.
Two drivers that we cannot convert are dnie and masktech.
section size
.data 35232 -> 25472
.data.rel.ro 36928 -> 46688
Remove aid_file and aidfile variables in card-piv.c. These are not needed
as piv_select_aid parses the returned data from a SELECT AID command.
In response to e-mail from X41 group on 6/11/2018.
On branch x41-piv-2
Changes to be committed:
modified: card-piv.c
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
In Minidriver, when the DLL is called in multiple threads, this can
lead to a deinitialization of OpenSSL's OIDs in one thread making them
unavailable from other threads of the same process. As result, CVCs
cannot be veriefied anymore during chip authentication.
This removes code related to the old CAC 1 specification, while
preserving the CAC 2 functionality including CAC Alt token detection
for the tokens without CCC or ACA.
The detection based on SELECT APPLET APDU is improved to require also
the READ BUFFER APDU working, which should fail on misbehaving Java cards.
macOS 10.13 ships with ccid driver 1.4.27 (fixed in 1.4.29) and this version identifies these readers wrongly as pinpad readers.
Signed-off-by: Raul Metsma <raul@metsma.ee>
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
Structure `x509cert_info` fields `subject` and `issuer`
are doubled in size up to 512 bytes.
We have to use dynamic memory allocation
to completely overcome the issue.
Relates to OpenSC/OpenSC#1412.
Make sure to have an empty line between information printed for individual
objects, but not in short mode.
This makes output of -D and -C more consistent.
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'pkcs15-tool --read-ssh-key' is now able to read NIST ECC keys from card.
Only 256, 384 and 521 field lengths are supported (same as allowed in
ssh-keygen -t ecdsa). Issue #803 is partialy fixed by this patch.
Openssh PKCS11 interface patches for ECC are now available, please check
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
* Refactor cac_properties_t structure to make its creation more readable
* Avoid manual allocation in cac_get_acr() and clean up bogus pointers
* Avoid bogus comments
* Properly check lengths of retrieved values
Previously, the code handled all the data objects as SimpleTLV,
which caused invalid encoding when we tried to merge TL + V buffers
into single PKCS#15 buffers.
This change is using GET PROPERTIES APDU after applet selection
to explore objects, figure out encoding and check the status of
PKI objects initialization to avoid reading them.
The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
If cardos cards are initialized by other software and there is a pinref
without the msb set, also the pin verify works without that bit set.
This patch changes pin initialisation so that the pin is created in mf
which has the effect that pin verify works without | 0x80 to the
pin ref.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
- limit length of data to write even in raw mode to the real length
- cluster variuable definitions
- restrict scope of variables
- introduce a variable length to make the purpose more obious
- start preprocessor directives at column one
- add comments where needed
- harmonize coding style: space after "if" and casts
Put the arguments passed to option -d into an array instead of only
storing the latest value.
During output, iterate over the values passed in via the option.
* new function sc_compacttlv_find_tag()
Add function sc_compacttlv_find_tag() to search for a tag in a
compact-TLV structure.
* OpenPGP: use sc_compacttlv_find_tag()
While doing so, fix a typo affection OpenPGP v3.x cards
opensc-notify doesn't propose a GUI that can be displayed to the users,
so it doesn't make sense to display it in the application list/launcher
Fixes: #1379
Instead ogf blindly using "%lu", use "%"SC_FORMAT_LEN_SIZE_T"u"
to cope with the various implementations.
This fixes a bug introduced in commit 20b1d829
Instead of simply searching for a trigger byte with the risk of
getting garbage, correctly parse historical bytes from ATR as well
as the "historical bytes" DO as compact TLV structures.
In addition
- prepare for additional data used in OpenPGP cards 3.x
- ignore [per the spec] chaining capability fo OpenPGP cards 1.x
This is also done in the official AusweisApp2 and avoids confusion with
other tokens that also have an EF.CardAccess and are capable of
verifying the PIN via PACE.
Fixes https://github.com/OpenSC/OpenSC/issues/1360
Let sc_get_challenge() do sc_lock() and loop through the card driver's
get_challenge() until enough bytes were collected. The card driver's
get_challenge() now returns the number of bytes collected (less or equal
than requested) or an error code.
- Allow more code re-use.
- PIV driver now uses ASN.1 parser for reading the random bytes
sc_pkcs15_verify_pin say:
/* if pin cache is disabled, we can get here with no PIN data.
* in this case, to avoid error or unnecessary pin prompting on pinpad,
* check if the PIN has been already verified and the access condition
* is still open on card.
*/
It then call sc_pkcs15_get_pin_info
A context specific login is used in PKCS#11 to force the user
to enter the PIN again and a verify command be sent to the card.
(Actually it could be a different value for the PINi depending on the card)
sc_pkcs15_get_pin_info will then call the card driver, but does not
say why it is testing the login status.sc_pkcs15_get_pin_info may return
SC_PIN_STATE_LOGGED_IN=1 and sc_pkcs15_verify_pin will then skip sending
the actual verify command to the card via _sc_pkcs15_verify_pin
To avoid this, sc_pkcs15_get_pin_info will set data.pin_type = pin_info->auth_method;
In the case of a context specific login, this is SC_AC_CONTEXT_SPECIFIC
and the card driver can take action and can return SC_PIN_STATE_LOGGED_IN=0
so the verify will be done.
The PIV driver card-piv.c does this. Other drivers could do something similar.
Date: MOn May 21 20:40:00 2018 -0500
On branch History-fixes
Changes to be committed:
modified: card-piv.c
modified: pkcs15-pin.c
If a PIV card does not have or support a Discovery Object and
is known to lose the login state when the PIV AID is selected,
nothing was done in piv_card_reader_lock_obtained.
If was_reset > 0 select the PIV AID to at least get the
PIV AID selected.
For other cards either reading the Discovery a object and/or
selecting the PIV AID will make sure the PIV AID is selected.
If multiple applications are using the card, this will allow
the first one to select the AID, and any others that handle
a reset will not cause interference wit the first.
On branch History-fixes
Changes to be committed:
modified: card-piv.c
&& is replaced by || in the test of valid key references
for retired keys found in the Historic object.
For retired keys, the user_consent flag was being set by default.
Thus a C_Login(CKU_CONTEXT_SPECIFIC) would be required.
NIST 800-73 only requires PIN_Always on the Sign Key.
To extend the usefullnes of "retired keys" on non government
issued PIV-like cards, code had already been added
to use the certificate keyUsage flags to override the NIST
defined key usage flags. The NONREPUDATION flag is now used
to set the user_consent flag.
So rather then always requiring C_Login(CKU_CONTEXT_SPECIFIC)
for any retured key, the code only requires it for non government
cards where teh certificate has NONREPUDATION.
Changes to be committed:
modified: card-piv.c
modified: pkcs15-piv.c
* Previously, it was dependent on ATR blocks, but it did
not allow enrolling various types of cards without knowning
their ATR in advance.
* Improved documnetation for this option in configuration files
Resolves: #1265
Using the forced-driver prevents parsing of additional constructions
in configuration files (for example flags based on ATRs). This
implementation replaces transparently the existing list defined in
card_drivers.
Resolves: #1266
Frank Morgner
Jakub Jelen
pkubaj
Nuno Goncalves
Raul Metsma
alex-nitrokey
Andreas Schwier
Andreas Kemnade
Doug Engert
Peter Popovec
Ludovic Rousseau
Rosen Penev
programatix
Jó Ágila Bitsch
Daniel Kouril
carblue
Dmitriy Fortinskiy
Peter Marschall
Timo Teräs
Ludovic Rousseau
Martin Paljak
alegon01
Pierre Ossman
Scott Gayou
Alex Karabanov
Hannu Honkanen
opensignature
Alexander Paetzelt
Mat
Khem Raj
Luka Logar
Shahin Hajikhorasani
Mounir IDRASSI
Steve Ross
Lars Silvén
Lars Silvén
Jakub Jelen
Vadim Penzin
gabrielmuller
Nicholas Wilson
konstantinpersidskiy
Priit Laes
Alon Bar-Lev
Eugene Bright
Leif Erik Wagner
Gianfranco Costamagna
Stanislav Brabec
ytoku
Laurent Bigonville
Peter Marschall
rmartinc