This adds support for a minimalistic, small and fast card profile based on IAS-ECC.
Based on information from https://installer.id.ee/media/id2019/TD-ID1-Chip-App.pdf
and proprietary driver snoops.
Thanks to @metsma and @frankmorgner.
Change-Id: I2e4b4914d8a3b991d9a639728695abf4a2362ca0
Encode the component ID to be key type and component ID. This allows
each combination to be unique and direct mapping to card component
ID type in the code by just taking the low byte. This simplifies
the code, and reduces confusion as there is now only one #define
for each component.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.
This updates the following:
* detection code properly announces 3K and 4K RSA support
when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)
This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.
Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
* pgp: initialize ecc keys for OPC3
* Add supported ECC algorithms by card version
* Add tasks identified so far
* pgp: Recognize ECC set on card
* pgp: get_pubkey_pem read ECC pubkey from card
* pgp: minor code changes for ECC compatibility
* pgp: expand sc_cardctl_openpgp_keygen_info to hold ec info
* Fix segfault problem in pkcs15-pubkey.c
* pgp: enable key generation with pkcs15-init and ECC
* pgp: adapt calculate_and_store_fingerprint to accept ECC
* pgp: adapt rest of pgp_gen_key and subfunctions to accept ECC
* pgp: add kdf parameters for ECDH fingerprint calculation
* pgp: enable key import with pkcs15-init and ECC
* pkcs15-pubkey: fix_ec_parameters onlz accpets explicit data or named_curve
* Fix some mistakes during merge
* More clean up for PR
* Fix some ugly alignments
* Improve code readability
* Prevent unitialized variable by using FUNC_RETURN
* OpenPGP: add length check
* pgp: save exponent length in bits for sc_cardctl_openpgp_keystore_info_t
* pgp: length checks and reallocations
* pgp: oid init added
* OpenPGP: slightly re-factor pgp_update_new_algo_attr()
* replace loop copy with memcpy()
* use ushort2bebytes() to set RSA modulus & exponent
* use symbolic name SC_OPENPGP_KEYFORMAT_RSA_STD for the key import format
* OpenPGP: slighly re-factor pgp_parse_and_set_pubkey_output()
* check for RSA modulus & exponent lengths not being a multiple of 8
* make sure RSA modulus & exponent lengths are always set
* remove a left-over RSA setting from the EC code
* pgp: adding BYTES4BITS
* pgp: initialization of values in pgp_build_extended_header_list based on key type
* pgp: add BYTES4BITS and remove unnecessary tests
* Fix broken pgp_update_new_algo_attr
* pgp: fix the ecpoint_len variable
* Add object type "secrkey" to help of --type switch in pkcs11-tool
Reading an object with pkcs11-tool requires the `--type` switch. The help for that switch is currently incomplete as it is missing the (not very friendly named" *secrkey* option used to read out a secret key object.
I have added this information to the help description.
* Update man page
Describe secrkey option of pkcs11-tool's --type switch in man page
Framework-pkcs15.c silently ignores adding objects if MAX_OBJECTS
is exceeded while creating the fw_data objects. This simple fix
is to change the MAX_OBJECTS from 64 to 128. A better fix would
be to realloc the objects arrays as needed.
__pkcs15_create_data_object and __pkcs15_create_secret_key_object
now return rv like the other __pkcs15_create_*_object routines.
pkcs15_dobj_get_value now calls sc_pkcs15_read_data_object just like
the other pkcs15_*_get_value routines. The problem was introduced
in 0c3412bb 2018-04-09 which added:
`return sc_to_cryptoki_error(SC_SUCCESS, "C_GetAttributeValue");`
before trying to read the data object.
The MAX_OBJECT problem was discovered while trying to use a new PIV
card with 24 standard cert objects and 10 other objects for a total
of 106 objects. Each cert object corresponds to a cert, pubkey,
private key, and the cert object itself for a possible 112 data objects.
The pkcs15_dobj_get_value was found while running:
running pkcs11-tool -r -y data --application-id 2.16.840.1.101.3.7.2.1.1
using git bisect to locate the bad commit. The pkcs11 data objects are
created last from the pkcs15 objects which are a linked list with no limits.
On branch fix-object-restrictions
modified: src/pkcs11/framework-pkcs15.c
* consistently use term "Invalid key ID; must be 1, 2, or 3" in error messages
about invalid key IDs instead of various alternatives.
* use error type SC_ERROR_INVALID_ARGUMENTS instead of SC_ERROR_INVALID_DATA
when the key_id was passed to the respective function
* harmonize the checks to consistently use 'key_id < ... || key_id > ...'
In addition, initialize a variable to keep clang & compilers on OSX happy.
Combine sequences
sc_log(..., "...");
LOG_FUNC_RETURN(...);
where c_log() prints a constant string
by
LOG_TEST_RET(..., "...");
This change results in shorter, more concise code as well as
better harmonized error messages.
Don't terminate the messages with a period, because they are going to end up
as the first argument to a format string of the form "%s: ...".
I.e. they will be part of a longer string and terminated by a colon anyway.
When card->sm_ctx.ops.free_sm_apdu gets called in sc_sm_single_transmit
with a prior transmission error, then `sm_encrypt` still tries to
decrypt the response and hence, accesses the previously uninitialized
`resp`.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'apdu_data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(apdu_data)' instead of additional magic constants.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(data)' instead of strange strlen() calculations.
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants.
Random data from PIV card is obtained using GENERAL AUTHENTICATE command
for a request of a Challenge from the card. "00 87 00 9B 04 7C 02 81 00"
Usually 8 bytes are returned.
NIST 800-73-3_PART2, "A.1 Authentication of the PIV Card Application Administrator"
"Table 11. Authentication of PIV Card Application Administrator" shows an example of
how to do this.
Some cards (one I have: 3b:7d:96:00:00:80:31:80:65:b0:83:11:17:d6:83:00:90:00)
will not allow 2 of these commands in a row. (Maybe assuming command is only
used as in Table 11 and is expecting the second command.)
Code was added to card-piv.c so if "6A 80" is returned, try the command one more time.
For any other GENERAL AUTHENTICATE failure, SC_ERROR_NOT_SUPPORTED is returned.
piv_get_challenge may be called within a loop from sc_get_challenge if more random
data is needed thus causing the the 2 commands to sent in a row.
On branch piv-improved-matching
Changes to be committed:
modified: card-piv.c
Not all PIV applets are the same. Different versions of NIST 800-73 and improperly implemented
or not implemented required features of NIST 800-73 cases problems. Have a look at the card_issues
listed in card-piv.c. The PIV driver has tried to detect the differences based on clues found in
the ATR historical bytes and vendor version numbers for some cards.
At the same time it has tried to support the possibility there are multiple applets
on a card that the user may want to use at the same time from different applications.
This has lead to some detection problems with Dual CAC/PIV cards. The same cards
sold by the vendor may have only a PIV applet that may not be the same PIV applet that
is on the Dual PIV/CAC cards.
http://www.cac.mil/Portals/53/Documents/CAC-utilziation-and-variation-matrix-v2.03-20May2016.doc
defines a number of official CAC cards in active service. A table of the ATRs for these is now used
to detect these cards. The PIV version of the CCC is also read to see if any CAC PKI objects
are defined in the CCC, indicating it is a Dual CAC/PIV, even if the ATR is not listed.
A more conservative approach to try and handle multiple applets on a card is used. Based
on issues with the implementation of the PIV applet this may not be possible to do.
So for many cards no additional detection will be done at the start of every transaction,
and the login state can not be detected correctly.
ATRs for PIVKEY are also in the match table, as these cards have a log of issues.
Other PIV cards in the future or not yet tested may not be covered properly by this patch.
Extra debugging was added with "PIV_MATCH" to help with these other cards.
With "debug = 7;", `grep PIV_MATCH opensc-debug.log` can be used to see how a card
type and card_issues are derived.
On branch piv-improved-matching
Changes to be committed:
modified: card-piv.c
modified: cards.h
Same information is printed a few line below in same function, the only
difference is that there it takes care of case when label is NULL pointer
unlike this line
secondly, every function call to cosm_write_tokeninfo() in this file
passes label=NULL, and then it tries to print a null pointer
Fixes errors like
src/libopensc/log.h:48:47: error: '%s' directive argument is null
[-Werror=format-overflow=]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. pkcs15-init is using XKU but it should use cert KU to check private key usage instead.
2. Don't mark imported keys as ALWAYSSENSITIVE and NEVEREXTRACTABLE as they are not.
3. When importing keys from PKCS#12 files (with several certs inside), use consecutive IDs for additional certificates (instead of starting from 45).
PKCS#15 token label may be padded with spaces, trim it when making a PKCS#11 token label in order not to loose closing parenthesis.
I would actually prefer for the token label to be "myCard (User PIN)" instead of current "User PIN (myCard)"
before:
$ pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): OMNIKEY AG CardMan 3121 00 00
token label : User PIN (myCard
...
after:
$ pkcs11-tool --list-slots
Available slots:
Slot 0 (0x0): OMNIKEY AG CardMan 3121 00 00
token label : User PIN (myCard)
...
1. Show pinpad reader capabilities even for uninitialised tokens. This way pinpad can be used during initialisation.
2. Make possible to create so-pin object during initialisation even if no so-pin was provided (on the command line) but pinpad reader is used and card profile contains so-pin data.
This fixes problem as stated in:
https://github.com/OpenSC/OpenSC/issues/1292#issuecomment-431879472
pkcs15-crypt.c will treat keys with user_consent like PKCS#11 would.
SC_AC_CONTEXT_SPECIFIC is set when doing a verify so a card driver can
take action if needed.
card-piv.c is currently the only driver doing so.
It uses this to hold the card lock so both the VERIFY and following crypto
operations are in the same transaction. The card enforces this restriction.
Without this additional APDUs may be sent before every transaction to test
that the expected applet is selected.
Unlike the circumvention of using ignore_user_consent=true and pin caching
this modification allows a pin pad reader to be used for keys requiring user_consent.
On branch pkcs15-context-specific
Changes to be committed:
modified: pkcs15-crypt.c
pkcs15: added function to get a specific supported algorithm, checking also OID.
This is needed because for AES there are different OIDs for each key length.
For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524>.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
pkcs11-tool --test --login
fails to complete all of its tests.
This commit consists of a patch from @dengert.
To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.
With this change, the command
pkcs11-tool --test --login
succeeds.
Instead of only expecting a key length, and implicitly assuming RSA
as the key algorithm, introduce option --key-type to pass the key type
as a string.
When generating the key determine key algorithm and attributes based on
the key type passed.
If no key was given, default to "rsa2048".
* when listing public keys, do not cut object labels in compact mode
* when listing private keys in compact mode, left align labels
* make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X"
- Added session_object flag to sc_pkcs15init_skeyargs to enable on-card session objects.
- Corrections to handling native and extractable flags
- Allow creating an empty secret key EF for receiving an unwrapped key later.
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
Commit e5707b545e broke signing using minidriver on Windows.
More specifically changing #define SC_ALGORITHM_RSA_PAD_NONE from 0x00000000 to 0x00000001 caused a call to sc_pkcs1_encode() to fail as the padding algorithm was not specified anywhere in the CardSignData() implementation. It kind of worked as long as SC_ALGORITHM_RSA_PAD_NONE was 0x00000000, but the above mentioned commit broke this.
Now padding algorithm has to be explicitly specified, otherwise a call to sc_pkcs1_encode() will fail.
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
modified: src/libopensc/pkcs15-infocamere.c
modified: src/libopensc/pkcs15-starcert.c
modified: src/pkcs15init/pkcs15-lib.c
Changed isf_acl to also need SO PIN for CREATE.
modified: src/pkcs15init/starcos.profile
* localize variables
* print errors to stderr
* release allocated resources
* return error code on error - improve non-interactive use
* do not show help on unknown commands when used non-interactively
* make 'interactive' a global variable
* set it when opensc was called with the SCRIPT argument
* document the behaviour in the manual page
Make interactive a global variable and set it in main.
When arguments are given, compare them like ambguous_match() does,
and show the matching ones only.
Add documentation of the 'help' command to the manual page.
In main loop on multiple matches, show help on matching commands only.
* most importantly: immediately return success on exact match
- this allows one command to be a prefix of another one
- it fixes the long-standing breakage between 'find' and 'find_tags'
* fail on second prefix-only match instead of waiting until the end
* check all parameters
* add comments
* inform caller on whether the match was ambiguous or there was no match
* move printing error messages to processing loopt in main()
Accept a file name as a second argument to the 'random' command
to allow storing the generated random bytes to the file given.
Forbid writing binary data to stdout in interactive mode.
* limit buffer to SC_MAX_EXT_APDU_BUFFER_SIZE
* fix buffer length calculation to correctly calculate the available space
* add length checks when parsing passed data into buffer
* consistently show ellipsis for repeatable arguments as 3 dots
* embrace alternative mandatory arguments with curly braces
* use hyphens instead of spaces within non-literal arguments
for improved alignment with the manual page
Sc_asn1_read_tag can return SC_ERROR_ASN1_END_OF_CONTENTS
which indicates the tag and length are OK, but any value
is not completely contained in the buffer supplied. card-piv.c
can use this when reading just the beginning of a object to
determine the size of a buffer needed to hold the object.
As most of the drivers do not modify these, we can mark them as const.
Two drivers that we cannot convert are dnie and masktech.
section size
.data 35232 -> 25472
.data.rel.ro 36928 -> 46688
Remove aid_file and aidfile variables in card-piv.c. These are not needed
as piv_select_aid parses the returned data from a SELECT AID command.
In response to e-mail from X41 group on 6/11/2018.
On branch x41-piv-2
Changes to be committed:
modified: card-piv.c
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
In Minidriver, when the DLL is called in multiple threads, this can
lead to a deinitialization of OpenSSL's OIDs in one thread making them
unavailable from other threads of the same process. As result, CVCs
cannot be veriefied anymore during chip authentication.
This removes code related to the old CAC 1 specification, while
preserving the CAC 2 functionality including CAC Alt token detection
for the tokens without CCC or ACA.
The detection based on SELECT APPLET APDU is improved to require also
the READ BUFFER APDU working, which should fail on misbehaving Java cards.
macOS 10.13 ships with ccid driver 1.4.27 (fixed in 1.4.29) and this version identifies these readers wrongly as pinpad readers.
Signed-off-by: Raul Metsma <raul@metsma.ee>
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
Structure `x509cert_info` fields `subject` and `issuer`
are doubled in size up to 512 bytes.
We have to use dynamic memory allocation
to completely overcome the issue.
Relates to OpenSC/OpenSC#1412.
Make sure to have an empty line between information printed for individual
objects, but not in short mode.
This makes output of -D and -C more consistent.
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'pkcs15-tool --read-ssh-key' is now able to read NIST ECC keys from card.
Only 256, 384 and 521 field lengths are supported (same as allowed in
ssh-keygen -t ecdsa). Issue #803 is partialy fixed by this patch.
Openssh PKCS11 interface patches for ECC are now available, please check
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
* Refactor cac_properties_t structure to make its creation more readable
* Avoid manual allocation in cac_get_acr() and clean up bogus pointers
* Avoid bogus comments
* Properly check lengths of retrieved values
Previously, the code handled all the data objects as SimpleTLV,
which caused invalid encoding when we tried to merge TL + V buffers
into single PKCS#15 buffers.
This change is using GET PROPERTIES APDU after applet selection
to explore objects, figure out encoding and check the status of
PKI objects initialization to avoid reading them.
The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
If cardos cards are initialized by other software and there is a pinref
without the msb set, also the pin verify works without that bit set.
This patch changes pin initialisation so that the pin is created in mf
which has the effect that pin verify works without | 0x80 to the
pin ref.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
- limit length of data to write even in raw mode to the real length
- cluster variuable definitions
- restrict scope of variables
- introduce a variable length to make the purpose more obious
- start preprocessor directives at column one
- add comments where needed
- harmonize coding style: space after "if" and casts
Put the arguments passed to option -d into an array instead of only
storing the latest value.
During output, iterate over the values passed in via the option.
* new function sc_compacttlv_find_tag()
Add function sc_compacttlv_find_tag() to search for a tag in a
compact-TLV structure.
* OpenPGP: use sc_compacttlv_find_tag()
While doing so, fix a typo affection OpenPGP v3.x cards
opensc-notify doesn't propose a GUI that can be displayed to the users,
so it doesn't make sense to display it in the application list/launcher
Fixes: #1379
Instead ogf blindly using "%lu", use "%"SC_FORMAT_LEN_SIZE_T"u"
to cope with the various implementations.
This fixes a bug introduced in commit 20b1d829
Instead of simply searching for a trigger byte with the risk of
getting garbage, correctly parse historical bytes from ATR as well
as the "historical bytes" DO as compact TLV structures.
In addition
- prepare for additional data used in OpenPGP cards 3.x
- ignore [per the spec] chaining capability fo OpenPGP cards 1.x
This is also done in the official AusweisApp2 and avoids confusion with
other tokens that also have an EF.CardAccess and are capable of
verifying the PIN via PACE.
Fixes https://github.com/OpenSC/OpenSC/issues/1360
Let sc_get_challenge() do sc_lock() and loop through the card driver's
get_challenge() until enough bytes were collected. The card driver's
get_challenge() now returns the number of bytes collected (less or equal
than requested) or an error code.
- Allow more code re-use.
- PIV driver now uses ASN.1 parser for reading the random bytes
sc_pkcs15_verify_pin say:
/* if pin cache is disabled, we can get here with no PIN data.
* in this case, to avoid error or unnecessary pin prompting on pinpad,
* check if the PIN has been already verified and the access condition
* is still open on card.
*/
It then call sc_pkcs15_get_pin_info
A context specific login is used in PKCS#11 to force the user
to enter the PIN again and a verify command be sent to the card.
(Actually it could be a different value for the PINi depending on the card)
sc_pkcs15_get_pin_info will then call the card driver, but does not
say why it is testing the login status.sc_pkcs15_get_pin_info may return
SC_PIN_STATE_LOGGED_IN=1 and sc_pkcs15_verify_pin will then skip sending
the actual verify command to the card via _sc_pkcs15_verify_pin
To avoid this, sc_pkcs15_get_pin_info will set data.pin_type = pin_info->auth_method;
In the case of a context specific login, this is SC_AC_CONTEXT_SPECIFIC
and the card driver can take action and can return SC_PIN_STATE_LOGGED_IN=0
so the verify will be done.
The PIV driver card-piv.c does this. Other drivers could do something similar.
Date: MOn May 21 20:40:00 2018 -0500
On branch History-fixes
Changes to be committed:
modified: card-piv.c
modified: pkcs15-pin.c
If a PIV card does not have or support a Discovery Object and
is known to lose the login state when the PIV AID is selected,
nothing was done in piv_card_reader_lock_obtained.
If was_reset > 0 select the PIV AID to at least get the
PIV AID selected.
For other cards either reading the Discovery a object and/or
selecting the PIV AID will make sure the PIV AID is selected.
If multiple applications are using the card, this will allow
the first one to select the AID, and any others that handle
a reset will not cause interference wit the first.
On branch History-fixes
Changes to be committed:
modified: card-piv.c
&& is replaced by || in the test of valid key references
for retired keys found in the Historic object.
For retired keys, the user_consent flag was being set by default.
Thus a C_Login(CKU_CONTEXT_SPECIFIC) would be required.
NIST 800-73 only requires PIN_Always on the Sign Key.
To extend the usefullnes of "retired keys" on non government
issued PIV-like cards, code had already been added
to use the certificate keyUsage flags to override the NIST
defined key usage flags. The NONREPUDATION flag is now used
to set the user_consent flag.
So rather then always requiring C_Login(CKU_CONTEXT_SPECIFIC)
for any retured key, the code only requires it for non government
cards where teh certificate has NONREPUDATION.
Changes to be committed:
modified: card-piv.c
modified: pkcs15-piv.c
* Previously, it was dependent on ATR blocks, but it did
not allow enrolling various types of cards without knowning
their ATR in advance.
* Improved documnetation for this option in configuration files
Resolves: #1265
Using the forced-driver prevents parsing of additional constructions
in configuration files (for example flags based on ATRs). This
implementation replaces transparently the existing list defined in
card_drivers.
Resolves: #1266
The following errors occured during a compilation using gcc 8:
In function »gids_create_file.constprop«,
inserted by »gids_save_certificate.isra.8« beicard-gids.c:1548:7:
card-gids.c:465:2: Error: »strncpy« output may be truncated copying 8 bytes from a string of length 8 [-Werror=stringop-truncation]
strncpy(record->filename, filename, 8);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-oberthur.c: In function »sc_pkcs15emu_oberthur_add_prvkey«:
pkcs15-oberthur.c:741:5: Error: »strncpy« output may be truncated copying 254 bytes from a string of length 254 [-Werror=stringop-truncation]
strncpy(kobj.label, objs[ii]->label, sizeof(kobj.label) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* reader-pcsc: Do not temporarily set SC_READER_REMOVED on all readers
Fixes#1324.
* reader-cryptotokenkit: Do not temporarily set SC_READER_REMOVED on all readers
See #1324.
It was used to make pkcs11-tool work with vendor defined PKCS#11
modules. If this behavior is still desired, pass the define
ZERO_CKAID_FOR_CA_CERTS during the build
Don't pretend that we're capable of performing memory locking. The
implementation of that, `sc_mem_alloc_secure()` (also removed), was
almost unused anyway.
Workaround to not detect the MUSCLE applet as whatever other card driver
selects an AID first. MUSCLE applet will always return 9000, which will
confuse other card drivers. Since this bug is not going to go away any
time soon, we simply detect the MUSCLE applet first and hope that other
applets don't have a similar bug.
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
When loaded as PKCS#11 module, OpenSC will reuse the application
identifier for each instance. We don't want to put any burdon on the
primary GApplication, so we use a non unique ID.
fixes https://github.com/OpenSC/OpenSC/issues/1332
The PKCS#15 emulation layer for the CAC uses a single PIN. Set its
label to "PIN" (rather than the card type "CAC I" or "CAC II"), so
that the PIN label will be omitted from the token label, providing
more space for the card holder name instead.
This is intended to match the behavior used for PIV cards, which
was changed with commit 56c8f59b25.
* Handle errors as intended in sc_pkcs15emu_openpgp_add_data()
If a data object can be read, but it cannot be added to the PKCS#15
framework, return from this function with an error; do not continue
reading other data objects. Otherwise, do not return an error from
this function when a data object cannot be read or is empty.
Improve existing comments for clarity.
* Address other compiler warnings when using --disable-optimization
Certain variables that are not initialized when they are declared
prevent the build from completing, when --disable-optimization is
passed to ./configure.
1. In epass2003_set_security_env, remove unused code, add condition
check of ec and rsa
2. Line 1709 - add return check of hash_data
3. In epass2003_decipher API, the old sign using apdu.le = 256, now add
condition check of rsa
4. Line 2731-2734 - After login successful, need get session status,
adjust code, improve condition check of data->cmd.
Remove all the code related to the old GUI and PIN PAD.
This code was initially developed by Zetes and had the ability to
display a dialog to request the PIN to the user. It was also able to
manage some specific proprietary pin pads.
As the Belgian government/fedict has now its own implementation, all
these old crufts can be removed.
https://github.com/OpenSC/OpenSC/issues/1296
Some ActivIdentity CAC/PIV cards lose the login state when selecting
the PIV AID SC_CARD_TYPE_PIV_II_CAC and CI_PIV_AID_LOSE_STATE were added
so piv_card_reader_lock_obtained will try and do a SELECT PIV AID.
card->type is reset to its original value if piv_match_card_continued
fails to match a card as PIV.
pkcs15-piv.c now uses sc_card_ctl which checks card->ops->card_ctl for NULL.
closes https://github.com/OpenSC/OpenSC/pull/1307
fixes https://github.com/OpenSC/OpenSC/issues/1297
We can't check for `tag == SC_ASN1_TAG_EOC` directly, because this
would also be true for a tag of 0x80 (with `class ==
SC_ASN1_CLASS_CONSTRUCTED`). So what we do is we check for the output
buffer to be NULL!
fixes https://github.com/OpenSC/OpenSC/issues/1273
1. Buffer underrun in epass2003_decipher().
2. The parameter `data' in update_secret_key() must be constant.
(Discovered by Clang 4.0.0 on OpenBSD 6.2.)
Fixes#1286. The behaviour of pkcs11-tool will follow the standard -
send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will
write plain bytes.
ATR and differences between 3.4/3.5 are based on
https://github.com/CardContact/sc-hsm-embedded
Actually, 3.5 is untested, but 3.4 is almost identical, so we hope that
for 3.5 everything is fine.
In order to satisfy some concerns over the use of <card>_match_card
and <card>_init, this modification will do that at the cost of additional
overhead of repeating some card commands.
Hopefully this commit will not be needed.
On branch piv-aid-discovery
Changes to be committed:
modified: card-piv.c
As requested and as the alternative solution see:
https://github.com/OpenSC/OpenSC/pull/1256#issuecomment-365319444
In order to not pass a card lock and the card->drv_data from piv_match_card
piv_match_card is split in 2 parts.
the piv_match_card_continued is called from piv_init. piv_init may
now return with SC_ERROR_INVALID_CARD to single to sc_connect_card to look
for additional drivers.
Cosmetic change to indicate neo_version is really a Yubico version.
Change wording on the comments when setting card_issues.
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c
Some CAC card return '6A80` Incorrect parameters in APDU when trying to
read the Discovery object. If it fails other then not found, then we can
not use the Discovery object to test for the active AID.
The test is done in piv_match_card just after doing a SELECT AID for the PIV.
and set CI_DISCOVERY_USELESS if needed. piv_card_reader_lock_obtained will
then not use the Discovery object.
Some older PIV cards, prior to the introduction of the PIV
Discovery and History objects, may get errors trying to read them.
Ignore these errors too.
Remove comment and remove code to check verify Lc=0 as requested in:
https://github.com/OpenSC/OpenSC/pull/1256#pullrequestreview-96124443
They can easily be added back in.
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c
Framework-pkcs15.c will now set pin_info->auth_method to SC_AC_CONTEXT_SPECIFIC
iso7816.c iso7816_build_pin_apdu treats this the same as SC_AC_CHV
card-piv.c piv_pin_cmd sets priv->xcontext_specific=1 and calls sc_lock before
the verify command. If the verify fails sc_unlock is called.
Later after the next card command returns, if priv->context_specific==1 piv_check_sw
will call sc_unlock as the application may not have requested the crypto but
some other command.
Some additional calls to sc_lock and sc_unlock have been added to make sure
PIV internal command sequences including the crypto command ('87') and any get
responses are always protected by a lock.
This guarantees the card is locked for verify and the next command
which should be the crypto operation. The PIV card also inforces this restriction
on the card.
This is based on suggestions in:
://github.com/OpenSC/OpenSC/pull/1256#issuecomment-361975751
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c
modified: src/libopensc/iso7816.c
modified: src/libopensc/types.h
modified: src/pkcs11/framework-pkcs15.c
Many OpenSC drivers try and detect during match if the card supports
their AID by doing a SELECT FILE for the AID.
But this can cause problems with cards such as Yubico that do not ignore
SELECT AID commands for applications they do not support. Other cards may
have the same problems. Selecting the wrong AID can also lose the security
state.
The card-piv.c will now uses the GET DATA to read the PIV Discovery Object '7E'
which is a ISO standard template that will contain the AID of the currently
active application. The driver will then double check that the template is
for the PIV application.
If the template contains the PIV AID, then no SELECT AID is done.
PIV standards say there can only be one PIV application on a card.
PIV standards also say PIV must be the the default application,
but Yubico does not follow this.
The command fails only then will a SELECT AID be done.
Thus this can avoid the Yubico problem.
This logic is used in both "match" and in the piv_card_reader_lock_obtained
routine.
Additional logic was in piv_card_reader_lock_obtained was added to handle
when the card reset was received by some other program. Multiple programs
may be trying to use the PIV application on the card, and thus multiple
programs will all receive that the card was reset. The first program to receive
the card was reset will do all of the above logic, and may leave the card in
a state will cause other programs to not have to do much at all.
The intent of all of this is to avoid sending extra commands to the card
including SELECT AID that could change the card state when not needed.
On branch piv-aid-discovery
Changes to be committed:
modified: card-piv.c
Also add PIV card types to sc_pkcs15_is_emulation_only
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c
modified: src/libopensc/pkcs15-syn.c
Use names that are specific to EAC, not the German ID card (nPA),
because Protocol and Commands are defined by BSI TR-03110 and ICAO.
Functions that are nPA specific are moved to card-npa.h.
RutokenS returns data with little endian byte order, due to this
fact token wouldn't work with standard function. So function for
parsing fcp from little endian data was inplemented.
The maximum length for sending and receiving data can now be found in DO
7F66. For now, we just use the default values for short/extended length
capabiliites.
PKI-Applets may not be active if the card has been reset or unpowered.
The SELECT command used to activate the applet, is identical to the one
used during card matching or initialization.
Some "unfriendly" cards return SW 90 00 to any instruction including
the ACA file selection and therefore they are identified as CAC card.
To avoid this, we will try to read the assumed ACA file and we will
mark the card as matched only if we will read something from that file.
We do not parse the content yet.
To avoid infinite loop on "unfriendly" cards, we assume that
read data instruction always returns some data. It it does not,
we can safely assume the file is not there or it is not the card
we are looking for.
Windows/macOS (minidriver/tokend) handle the authentication status and
perform an explicit logout on shutdown. PKCS#11 standard requires a
session for logging into the card; when closing the session we perform
an explicit logout. Hence, the authentication status should be reset
even if not performing a reset on disconnect.
partially implements https://github.com/OpenSC/OpenSC/issues/1215
Refactored OpenPGP code so that future versions of the card will be
accessed using the logic for OpenPGP V2. We hope that backward
compatibility of the standard will keep the new versions functional.
CardDeleteContext may be called at any time, interrupting any ongoing
operation with the same PCARD_DATA. This leads to a race condition when
CardDeleteContext deletes, for example, the sc_context_t which the
interrupted call still wants to access. We have seen and fixed this
problem in https://github.com/OpenSC/OpenSC/issues/973 specifically for
the PIN entry process, however, it also applies to all other calls to
the md.
The new implementation removes the need for global data in the md.
* Avoid GCC 7 warnings with -Werror
-Werror=implicit-fallthrough=
libopensc/card-incrypto34.c
not sure if this is a bug or intention
libopensc/card-rutoken.c
most probably intention
libopensc/card-westcos.c
remove bogus if so the compile is not confused
I will fill a separate bug to gcc probably
pkcs15init/pkcs15-iasecc.c
Simplify the log and avoid compiler confusion
sm/sm-common.c
explicit fallthrough
tools/pkcs11-tool.c
use explicit fallthrough comment
tools/pkcs15-init.c
The fallthrough is obvious here
-Werror=format-truncation=
libopensc/pkcs15-itacns.c
use explicit string lengths
pkcs11/framework-pkcs15.c
calculate the truncation
tests/pintest.c
avoid sprintf
tools/pkcs15-crypt.c
avoid sprintf
tools/pkcs15-init.c
calculate the truncation
- fixed printing tags on multiple bytes
- align indenting with raw tags
- use OpenSSL's human readable OID database
- only print the canonical names for universal tags
When building without OpenPACE there are two unused variables in
sc_hsm_init() that cause compiler to emit warnings about them.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
In minidriver before performing a card operation we currently check whether
the supplied card handles have changed.
If they did the card in reader might have been changed so we reinitialize
it.
However, in few places in reinitialization call path an error returned by
some operation would leave the context in an inconsistent state.
So let's walk through this path to make sure that functions there will exit
cleanly if an error happens.
Also, make sure that all card operations that actually do something have
the necessary check call in the first place and also that they all
consistently check whether VENDOR_SPECIFIC pointer is not NULL before
dereferencing it.
This is a cleanup part of "Keep track of card resets by other contexts in
minidriver" (that is, it does not include the actual reset handling code
introduced by that commit), simplified.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Many cards need multiple PINs to work correctly since different on-card
keys are secured by different PINs (this is true for for example OpenPGP
card).
Smart Card Minidriver API has supported such cards since version 6.02
(Vista+).
Use the same method as PKCS#11 driver does to discover user and sign PINs,
for consistency.
However, if there is a default container on card we'll make sure that its
PIN is an user PIN and if there is no default container we'll mark the one
with the user PIN as default.
All other PINs securing containers on card are added as next PINs, up to
MD_MAX_PINS.
Use this opportunity to also fix two cases where a pointer-to-DWORD
variable was passed as pointer-to-size_t parameter to
md_dialog_perform_pin_operation() - they are of different size on Win64.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
This will help when p11-kit is usead and wil allow for additional
CK*_* things to be defined that have a much better chance of being
unique.
OR in "OSC" to any CK*_VENDOR_DEFINED thing.
with #define SC_VENDOR_DEFINED 0x4F534300 /* OSC */
This follows Netscapes convention of doing the same but
using: #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
The current 2 defines CKA_* are for internal attributes.
On branch OSC_VENDOR_DEFINED
Changes to be committed:
modified: pkcs11-opensc.h
* Add missing SHA224 RSA algorithms
* Fix wrong replacement in pkcs11-tool manual page
* Add MGF and PSS_PARAMS definitions in PKCS#11 header file
* Inspect PSS signature parameters in pkcs11-spy
* Enable RSA-PSS signatures in pkcs11-tool
* Added short names to RSA-PSS methods
* Reintroduce portable NORETURN indication for functions and use it to avoid compilers complaining
Use the ASN.1 decoder's SC_ASN1_BIT_FIELD decoder to properly decode
into a machine word. As _bitstring_extension is used only for the OID
2.5.29.15 by all callers, which is at most 9 bits wide, this is a
reasonable thing to do.
Note, that there are a number of card drivers that still use
`sc_read_binary` in the wrong way. Unfortunately, I don't have the time
to go through all of them.
Fixes https://github.com/OpenSC/OpenSC/issues/1112
* Support for new MinInt agent card
This card uses the same ATR as the existing card, but the applet installed
does not have the same AID. This card actually works exactly as the
IASECC_SAGEM.
Unify iasecc_init for AMOS/SAGEM and MI cards
* cac: Make the retransmitted APDU valid by restoring the resplen
* cac: Check SWs for all the APDUs and report the errors to underlying layers
* cac: Fallback from CACv1 to CACv2 when CACv1 instruction is not recognized
for the lack of other pointers how to recongnize them
* avoid goto
- use UI framework
- timeout progressbar is running backwards
- cancelling is disabled by default
- removes card specific UI strings, use opensc.conf for that instead
- icon can be loaded by file
Pressing the cancel button in the PIN pad dialog should not close the
dialog. The application will still wait for the request to complete
even if the dialog is gone. Instead, we tell the user to press the
cancel butten on the PIN pad if the reader does not support SCardCancel.
When the dialog is shown in a separate thread and the user removes the
card, both, the thread for the pin pad operation and the main thread
are trying to access the card and context handles. Even worse, the main
thread deletes the context handle, which may result in a segmentation
fault for the thread with the pin pad operation.
- themable in the sense of using OS native design
- user messages on PIN pad dialog are identical to Base CSP, which still displays the dialog for PIN entry if no PIN pad is available
- adds progress bar to dialog
- Uses Smartcard icon extracted from DDORes.dll
- requires windows vista/windows server 2008 or above
tools/pkcs15-tool.c:
Dead assignment: Value stored to 'c' is never read
tools/pkcs11-tool.c:
Dead assignment: Value stored to 'n' is never read
Dead assignment: Value stored to 'rv' is never read
libopensc/card-cac.c:
Dead assignemnt: Value stored to 'tl_head_len' is never read
Dead increment: Value stored to 'outp' is never read
common/libpkcs11.c:
Memory leak in case of C_UnloadModule() fails
libopensc/pkcs15-pubkey.c:
Potential memory leaks
pkcs11/mechanism.c:
Potential memory leak
pkcs11/framework-pkcs15.c:
Potential memory leaks
Dereference of null pointer
Dead assignments
tools/sc-hsm-tool.c:
Function call argument is an uninitialized value
Dead assignment: Value stored to 'r' is never read
libopensc/card-openpgp.c:
Dead assignment: ignoring the errors in case of sc_pkcs15_encode_pubkey() failed
libopensc/pkcs15-cac.c:
Dead assignments: ignoring return values
libopensc/pkcs15-coolkey.c:
Dead assignments: ignoring return values
libopensc/card-sc-hsm.c:
Dereference of undefined pointer value: Properly check the file allocation
pkcs11/slot.c:
Dead assignment
pkcs15init/pkcs15-cflex.c:
Dereference of null pointer
Uninitialized argument values
MyEID does not support RAW RSA signature for 2048 bit key.
(Source: MyEID reference manual 2.1.4)
This hack uses decipher operation for calculating
RAW 2048 bit signature.
* Simplify CardOS 5.0 support (removing explicit 5.3 marker since the behavior should be the same)
* Restore RSA_PKCS signatures functionality
Closes https://github.com/OpenSC/OpenSC/pull/1079
Quoting from PKCS#11:
The CKA_ALWAYS_AUTHENTICATE attribute can be used to force re-authentication (i.e. force the user to provide a PIN) for each use of a private key. “Use” in this case means a cryptographic operation such as sign or decrypt. This attribute may only be set to CK_TRUE when CKA_PRIVATE is also CK_TRUE.
Re-authentication occurs by calling C_Login with userType set to CKU_CONTEXT_SPECIFIC immediately after a cryptographic operation using the key has been initiated (e.g. after C_SignInit).
Closes https://github.com/OpenSC/OpenSC/pull/1066
Calculating intrinsic key would probably be not wise, because
it would leak out information about the secret key. Try to
generate globally unique IDs just by using a random one.
- fixes decoding of SecretKeyAttributes
- adds support for algorithmReferences
- adds support for algIndependentKeys (PKCS#15 Generic keys)
- implements encoding of SKDF
- don't use private data on card matching
- instead, return 1 for every known ATR and only select the applet if the ATR is unknown.
- card initialization always selects the applet.
Advantage: decouples memeory management in matching from initializing the card.
Disadvantage: Applet is selected twice in case of an unknown ATR (once for matching and a second time for initializing the card).
Fixes https://github.com/OpenSC/OpenSC/issues/1042
- eac: allow CA without EF.CardSecurity
- sc-hsm: implemented CA based on document PKI
- sc-hsm: adds receive limit for SoC card
- introduces dedicated card type for SoC card
- md: integrate card's PIN pad capabilities
- installer: added SC-HSM SoC card to registry
- pkcs15-tool: Added support for PIN entry on card
- change/unblock PIN: add support for PIN entry on card
- added OpenPACE to macOS build
- travis-ci: install gengetopt/help2man via brew
- sc-hsm: Cache EF.C_DevAut
- sc-hsm: Prevent unnecessary applet selection and state resets
- sc-hsm: added support for session pin
- sc-hsm: avoid multiple AID selection
- sc-hsm: Use the information from match_card for all subsequent selections of the applet
- sc-hsm: cache optional files as empty files (Decoding the files will reveal that they were not existing prior caching. This avoids selecting the file though we have already tried to cache the file before.)
- use dedicated directory for CVC trust anchors
- appveyor: added OpenPACE to windows build
regression of 45a7ea9737075b5901fe7a5d65ed898733140315:
due to the change in the linkage, the symbols should be found in
opensc.dll instead of the static support libraries.
Add code to support OpenSSL initialization correctly when using OpenSSL-1.1
Tested with OpenSSL-1.1.0c and OpenSSL-1.1.0e.
Changes to be committed:
modified: src/tools/piv-tool.c
Communication defined by ISO/IEC 14443 is identical to T=1, so make
sure we connect in the right mode to the card so that the constructed
APDUs can be handled by the card.
CKA_SPKI is a vendor defined attribute to be used internally
as input to to OpenSSL d2i_PUBKEY
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: framework-pkcs15.c
modified: mechanism.c
modified: openssl.c
modified: pkcs11-opensc.h
OpenSC opennssl.c in sc_pkcs11_verify_data assumes that it can
retieve the CKA_VALUE for a public key object, and expect it to
be usable as RSA.
But internally sc_pkcs15_pubkey can have a "raw" or "spki"
version of the public key as defined by PKCS#15. Card drivers
or pkcs15-<card> routines may store either the "raw" or "spki"
versions. A get attribute request for CKA_VALUE for a public key
will return either the raw, spki or will derived rsa verison of the
pubkey.
This commit will test if the CKA_VALUE is a spki and use d2i_PUBKEY
which takes a spki version and returns an EVP_KEY. If it not an spki
the current method, d21_PublicKey(EVP_PKEY_RSA,...) is used which
only works for RSA.
The problem was found while testing pkcs11-tool -t -l where
the verify tests would fail with a CKR_GENERAL_ERROR because
the card driver stored the public key as a spki.
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: src/pkcs11/openssl.c
Date: Fri Apr 07 07:50:00 2017 -0600
- pcsc driver takes over all the functionality
- no dedicated reader driver config values for cardmod, use application
specific blocks to define a different behavior for the pcsc reader if
needed
- removes legacy code; requiring at least libpcsclite 1.6.5
Fixes https://github.com/OpenSC/OpenSC/issues/892
Keygen should write public keys with explicit CKA_PRIVATE=false by default (possibility to modify by --private switch)
Related to 4df35b92 discussing writing separate objects years ago.
* Set security context for CardOS 5.3 with p1=0x41 (as Coolkey does)
* Do not emulate signatures in CardOS 5.3
Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the
actual implementation in cardos_compute_signature().
It might be bogus also in previous version, but I don't have a way
to verify against these cards.
* Do not advertise RSA-X-509 mechanism for CardOS 5.3 (card strips padding)
For testing RSA-X-509, we are generating random bytes for signing. It
may happen that the modulus is smaller than the random number
generated, which triggers an error in the card. With this change, we
are setting the most significant byte to 0x00 to assure the random
number is smaller than the modulus.
card-cac.c
* CLANG_WARNING: The left operand of '<' is a garbage value
card-coolkey.c
* CLANG_WARNING: overwriting variable
* CPPCHECK_WARNING: memory leak / overwrite variable
* CLANG_WARNING: null pointer dereference
* UNUSED_VALUE: unused return value
card-gids.c
* CLANG_WARNING: Branch condition evaluates to a garbage value
* SIZEOF_MISMATCH: suspicious_sizeof
card-myeid.c
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
* CLANG_WARNING: overwriting variable
* (rewrite not to confuse coverity)
pkcs15-cac.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-coolkey.c
* UNUSED_VALUE: unused return value
pkcs15-piv.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-sc-hsm.c
* DEADCODE
pkcs11/framework-pkcs15.c
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
pkcs15init/pkcs15-lib.c
* CLANG_WARNING: Assigned value is garbage or undefined
pkcs15init/pkcs15-myeid.c
* UNREACHABLE: Probably wrong placement of code block
tests/p15dump.c
* IDENTICAL_BRANCHES
pkcs15-init.c
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
pkcs15-tool.c
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
* MISSING_BREAK: The above case falls through to this one.
sc-hsm-tool.c
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
westcos-tool.c
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
* (rewrite not to confuse coverity)
card-cac.c
* Avoid malloc with 0 argument
gids-tool.c
* FORWARD_NULL -- copy&paste error
scconf.c
* CLANG_WARNING: Call to 'malloc' has an allocation size of 0 bytes
closes#982
According to minidriver specs CardReadFile() method output parameters are
optional so don't return SCARD_E_INVALID_PARAMETER when they are NULL.
Also, use this opportunity to walk through this function helpers to make
sure they correctly return error status.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
According to minidriver specs CardGetChallenge() method parameters
are purely for output and do not have a meaning of requested challenge
length, so remove a misleading log line.
There is also no need to have a special case for pcbChallengeData being
NULL since in this case the function would have exited early anyway with
SCARD_E_INVALID_PARAMETER (also, it was just dereferenced in the previous
code line).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since last commit GCC warns us about problems with format strings and their
arguments in minidriver, so let's fix these warnings just as we did in rest
of the OpenSC code.
Most of these warnings were about DWORDs being printed as ints, there were
also some format directives and size_t size specifiers missing and various
misc format / parameter disagreements.
Attempt was made to keep log strings as-is, only the most obvious typos
were fixed.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Commit "Add GCC format checking attributes to log functions" added format
and parameter checking to OpenSC log functions.
Minidriver, however, logs most of its output via a dedicated log function,
so this function needs such attributes, too.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Mingw currently links to msvcrt.dll as C runtime.
This library is documented by Microsoft as off-limits to applications and
its feature set vary between Windows versions.
Due to this, presence of particular printf() format string directives
depends on which Windows version the code is run.
This is, naturally, bad, so mingw developers introduced ability to replace
formatted output functions with built-in equivalents with defined feature
set by setting "__USE_MINGW_ANSI_STDIO" macro to 1.
There are, however, no built-in equivalents for "_s" suffixed functions.
Fortunately, they are used only a few times in minidriver so let's simply
replace them with equivalent code using standard functions.
This also allows skipping "MINGW_HAS_SECURE_API" macro definition so any
future uses will be caught by compiler.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Looks like Travis CI build server found a few cases of log function format
string not being a string literal (now that log functions have necessary
attributes to check for such things).
Some instances clearly aren't a real problem, but to be future-proof and to
avoid compiler warnings let's fix all of them (that I was able to find in
code).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since "Add GCC format checking attributes to log functions" commit GCC
warns us about problems with format strings and their arguments provided
to OpenSC message logging functions.
This commit fixes all cases where GCC warned about incorrect format on
64-bit Linux, 32-bit and 64-bit mingw builds (with SM and OpenSSL enabled).
Well, almost all since on mingw GCC does not recognize "ll" size specifier
(present at least since Visual Studio 2005, also in mingw own CRT) so these
(few) warnings about it remain.
In most cases format size specifier for size_t type was missing (usually
size was left at default int level, with is different on 64-bit x86).
Some formats had too few / too many arguments.
In some cases pointers were printed as integers.
Some long variables were missing "l" prefix (especially with regard to %x
format).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
GCC can check format and parameter correctness in printf()-like functions
for us so let's add necessary attributes to our log functions to emit a
warning where their way of being called is likely in need to be inspected
for correctness.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver currently has basic support for unblocking card PIN by providing
PUK as an administrator password to CardUnblockPin() function.
However, this doesn't work for example when trying to unblock PIN via
system smartcard PIN unblock screen accessible after pressing Ctrl+Alt+Del
as it wants to use challenge / response authentication.
MS Smart Card Minidriver specification (version 7.07) explicitly says that
challenge / response is the only authentication mode that Windows uses to
authenticate an administrator.
Unfortunately, this way of unblocking PIN seems to not be widely supported
by cards.
However, we can simply treat the provided response to challenge as PUK.
Because (at least) Ctrl+Alt+Del PIN unblock screen accepts only hex string,
every PUK digit X has to be input as '3X' (without quotes) there.
Also the response string is not hidden behind asterisks on this screen as
it should been.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver contained a hack since commit 7ef766b785 in 2010 to print to
debug file directly under mingw (instead of using normal OpenSC logging
system), as there was problem with "%S" format specifier then.
However, on recent mingw versions "%S" format works fine so let's remove
this hack.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Some of existing code prints pointer differences, but without taking into
account that printf length modifier required for this differs between
systems.
Add SC_FORMAT_LEN_PTRDIFF_T macro for this, just as we have for size_t
variables.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Add "--reset" parameter with optional argument to opensc-tool which
resets a card in reader. Both cold or warm resets are possible
(cold is default).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
C_OpenSession() creates a long int session handle from address of allocated
session struct, however it has to be taken into consideration that on Win64
long int is still 32-bit, so the address is going to be truncated and
because of that not guaranteed to be unique.
Add session handle uniqueness check to catch when there is already a
session with the same handle present.
This also fixes a warning when building on 64-bit mingw.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
This commit fixes most of warnings shown by GCC on 64-bit Linux, 32-bit and
64-bit mingw builds (with SM and OpenSSL enabled).
These warnings were mostly caused by missing casts.
In minidriver there was also a bit of unused variables and dead code.
Remaining warnings on mingw are mostly caused by GCC not recognizing on
this platform "ll" size specifier (present at least since
Visual Studio 2005, also in mingw own CRT) and "z" size specifier (this one
will be fixed in next commits).
There is also a warning about pointer truncation on Win64 when making
PKCS#11 object handle from pointer to this object.
This is a legitimate warning, since it could result in the same handles
being generated from different pointers and so from different objects.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Currently, minidriver build is broken on mingw. Let's make it work again.
For this, include adapted cardmod-mingw-compat.h with few function argument
decorations from Alon Bar-Lev's old build repository to make mingw build
almost self-contained - still requires cardmod.h from CNG, however.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>