Hannu Honkanen
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
f74150b53d
Proprietary attribute bits in FCP had to be adjusted due to conflicts with existing attributes. The needed changes were made to both card and OpenSC code.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
c891ad2aad
Fixed version check for key wrapping functionality. Return needed buffer size in myeid_wrap_key, if no buffer or too small buffer is provided.
2018-10-31 10:27:03 +02:00
Lars Silvén
6b8c284d3e
Fixing pointer conversion that is invalid on some architectures.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
550d4eb030
Small fixes to key wrapping and unwrapping. Handle target file ref using sc_sec_env_param type. Transmit initialization vector in symmetric key operations from PKCS#11 layer (mechanism param) to the card driver level, allow setting it in sc_set_security_env.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
2487bc18d1
When creating symmetric keys, use CKK_ definitions (key type) rather than CKM_ definitions (mechanism) to specify the key type.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
7454133272
Added flags to distinguish AES ECB and CBC modes. Added SC_ALGORIHM_UNDEFINED definition to be used with CKK_GENERIC_SECRET type keys. Added sc_sec_env_param type, which can be used to define additional parameters when settings security environment. This is now used for setting IV in symmetric crypto and target EF in key wrapping/unwrapping.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a2156da044
Fix encoding of SC_ASN1_CHOICE entry "parameters" in c_asn1_algorithm_info. Format only the selected entry of the choice.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
ae5675ca22
Fixed MSE for unwrap operation. Fixed wrong P1 when formatting APDU in myeid_unwrap_key.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
aa814fd8e8
Implemented C_Wrap into PKCS#11 interface. Added support for wrapping and unwrapping with secret keys into framework-pkcs15.c and all the way to the card driver level.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a9ee85452e
Resolved a merge conflict. Included both changes manually.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
c217b254fc
MyEID: Initial implementation of key wrapping and unwrapping operations, and the related additions to myeid_set_security_env.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
edd48b3200
pkcs15init:
...
- Added session_object flag to sc_pkcs15init_skeyargs to enable on-card session objects.
- Corrections to handling native and extractable flags
- Allow creating an empty secret key EF for receiving an unwrapped key later.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
9d6ac01c27
pkcs15init: Handle user_consent and set new proprietary information flags in myeid_create_key().
2018-10-31 10:24:19 +02:00
Hannu Honkanen
1c09fa8a22
Handle AES algorithm. Doesn't set any flags, but check for AES is needed to avoid SC_ERROR_NOT_SUPPORTED.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
7fc6c52f81
Set native=1 as default when decoding. Check supported algorithms and set PKCS#11 key type, if key supports AES.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
9772edc7d1
Handle -u option (x509-usage) when storing secret keys.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
a10480d50e
Continued implementation of unwrap: Creation of a target key object on card to receive an unwrapped key. Setting target key path in sc_security_env_t.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
5f51d5d315
Added implementation of C_UnwrapKey all the way from PKCS#11 interface to the card driver level.
...
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
2018-10-31 10:22:16 +02:00
Jakub Jelen
e2b1fb81e0
Restore minimal CAC1 driver for legacy cards ( #1502 )
...
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
2018-10-30 17:27:28 +01:00
Frank Morgner
c3bef7d527
fixed compilation with XCode 10
...
fixes https://github.com/OpenSC/OpenSC/issues/1485
2018-10-24 10:34:43 +02:00
Frank Morgner
5095e29ae3
gio: avoid unneccessary unitialization
2018-10-22 21:44:07 +02:00
Doug Engert
2fd8e278f5
pkcs11/openssl.c - add missing mechanisms fixes #1497
...
On branch pkcs11-openssl-c
Changes to be committed:
modified: ../pkcs11/openssl.c
2018-10-19 08:27:47 +02:00
Vadim Penzin
195d53b8a2
Fix division by zero in SimCList when appending to an empty list.
2018-10-16 12:10:04 +02:00
Frank Morgner
8c535c184f
removed duplicate code for adding padding
...
Fixes padding handling of SC_ALGORITHM_RSA_PAD_NONE introduced with
e5707b545e
2018-10-15 15:21:52 +02:00
Jakub Jelen
46c99e769d
ctx: Move coolkey driver up after improving the matching
...
Fixes #1483
2018-10-15 12:14:22 +02:00
Jakub Jelen
f220d0b77d
coolkey: Improve card matching to avoid mismatches in muscle
2018-10-15 12:14:22 +02:00
Jakub Jelen
55a8478ed6
cac: These functions do not have to be exposed
2018-10-15 12:14:22 +02:00
Frank Morgner
ac276b1202
starcos: fixed decipher with 2.3 ( #1496 )
...
closes https://github.com/OpenSC/OpenSC/issues/765
fixes https://github.com/OpenSC/OpenSC/issues/1495
2018-10-11 22:50:37 +02:00
Luka Logar
d517d8e18d
Fix minidriver padding
...
Commit e5707b545e
broke signing using minidriver on Windows.
More specifically changing #define SC_ALGORITHM_RSA_PAD_NONE from 0x00000000 to 0x00000001 caused a call to sc_pkcs1_encode() to fail as the padding algorithm was not specified anywhere in the CardSignData() implementation. It kind of worked as long as SC_ALGORITHM_RSA_PAD_NONE was 0x00000000, but the above mentioned commit broke this.
Now padding algorithm has to be explicitly specified, otherwise a call to sc_pkcs1_encode() will fail.
2018-10-11 12:47:48 +02:00
Peter Marschall
550665b906
OpenPGP: refactor pgp_get_card_features()
...
Use pgp_parse_alog_attr_blob() to get the algorithm attribute DO's contents.
2018-10-10 14:52:29 +02:00
Peter Marschall
8a564107a8
OpenPGP: introduce gpg_parse_algo_attr_blob()
...
Introduce a central function to parse the algorithm atributes in DOs C1 - C3.
2018-10-10 14:52:29 +02:00
Peter Marschall
248ece23c6
OpenPGP: bail out on non-RSA key generation/import
...
Also add the necessary algorithm info where necessary.
2018-10-10 14:52:29 +02:00
Peter Marschall
c2f02f72bd
OpenPGP: adapt data structures to support RSA alternatives
...
* update callers to use the adapted structures.
2018-10-10 14:52:29 +02:00
Peter Marschall
772d20969a
OpenPGP: first steps to support key types beyond RSA
...
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
2018-10-10 14:52:29 +02:00
Peter Marschall
f1ae31aea4
OpenPGP: expose additional algorithms only with EXT_CAP_ALG_ATTR_CHANGEABLE
...
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
2018-10-10 14:52:29 +02:00
Peter Marschall
44d6116c59
OpenPGP: slight cleanups
...
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
2018-10-10 14:52:29 +02:00
Frank Morgner
ea6f7cfe1d
Added memory locking for secrets ( #1491 )
...
When caching a PIN in memory or using an OpenSSL private key this data should not be swapped to disk.
2018-10-10 14:52:01 +02:00
gabrielmuller
6bf67f7917
onepin option also needs PIN to CREATE
...
I previously changed the default option but forgot to make the same change for onepin.
2018-10-08 21:35:23 +02:00
Peter Marschall
a8db9cb4f0
openpgp-tool: harmonize error messages
...
* use symbolic constants for errors & success
* use util_error() to show errors
* print error messages to stderr
2018-10-04 09:41:31 +02:00
Peter Marschall
e4a0b09968
openpgp-tool: remove unnecessary variable
...
* 'opt_keylen' was only set, but never used => remove
* passing the key length is not an action => do not mark it as such
2018-10-04 09:41:31 +02:00
Jakub Jelen
a5daaaff0c
piv-tool: Error checking
2018-10-01 23:07:34 +02:00
Jakub Jelen
ef724e1e57
pkcs15-authentic: Do not confuse static analyzers
2018-10-01 23:07:34 +02:00
Jakub Jelen
52959df9f6
pkcs15-oberthur: Avoid memory leaks on failures
2018-10-01 23:07:34 +02:00
Jakub Jelen
a1dfdbbdbc
pkcs15-oberthur-awp: Do not confuse cppcheck
2018-10-01 23:07:34 +02:00
Jakub Jelen
e920ef8eb8
opensc-explorer: Make static analyzers happy
2018-10-01 23:07:34 +02:00
Jakub Jelen
16c5a352a4
piv-tool: Avoid memory leaks on realloc failure
2018-10-01 23:07:34 +02:00
Jakub Jelen
9a690a96e0
sc-hsm-tool: Avoid memory leak
2018-10-01 23:07:34 +02:00
Jakub Jelen
bce43e6855
Remove dead code
2018-10-01 23:07:34 +02:00
Jakub Jelen
74105300bf
card-iasecc: Avoid memory leaks on failure
2018-10-01 23:07:34 +02:00