Frank Morgner
ee65ab85ce
Avoid duplicated code by unifying key usage
2015-12-06 10:43:30 +01:00
Frank Morgner
5ed3df9024
extend PIN-revalidation to key preparation
2015-12-06 10:42:45 +01:00
Frank Morgner
3384113616
reset `login_user` with `reset_login_state`
2015-12-06 10:42:45 +01:00
Frank Morgner
b43ea19320
reset login_user on CKR_USER_NOT_LOGGED_IN
2015-12-06 10:42:45 +01:00
Frank Morgner
43a844c949
cardos 4.3+: enable logout command
2015-12-06 10:42:45 +01:00
Frank Morgner
83ef753799
Implemented atomic PKCS#11 transactions
2015-12-06 10:42:45 +01:00
Wouter Verhelst
5de1ec4518
Allow ASN.1 decoding if the file seems incomplete
...
Some cards (e.g., BELPIC) have a hardcoded file length that does not
match the actual file length (e.g., 65535 bytes), and simply return the
data that is actually on the card when asked.
It is useful to still be able to do an ASN.1 decode in that case.
Signed-off-by: Wouter Verhelst <w@uter.be>
2015-12-01 16:20:17 +01:00
Frank Morgner
56d52afb17
Merge pull request #617 from mtrojnar/os_locking
...
Enable OS locking
2015-12-01 11:21:35 +01:00
Michał Trojnara
fa9da7ad01
configurable OS thread locking
2015-12-01 09:19:03 +01:00
Frank Morgner
b6856e8dbf
don't use unicode ticks
2015-11-30 01:33:11 +01:00
Flavio Medeiros
b9adbae5f0
Avoiding conditional directives that split up parts of statements.
2015-11-28 11:33:38 -03:00
German Blanco
d1a1830115
Removing all memory leaks in DNIe but one. Refactoring pending.
2015-11-27 11:32:33 +01:00
Michał Trojnara
f9e614890d
Fix a buffer overflow in thread mutex create
2015-11-26 12:32:47 +01:00
Frank Morgner
a454dd7fc9
Merge pull request #605 from germanblanco/dnie_ui_depends_on_ssl_2
...
DNIe UI moved into card-dnie.c
closes #362
2015-11-21 19:22:07 +01:00
Frank Morgner
d9fc49daa5
reader-pcsc: get tlv properties only when supported
2015-11-17 00:52:49 +01:00
Frank Morgner
641a71a2f4
Merge pull request #601 from frankmorgner/coverity
...
Some more fixes for problems reported by Coverity scan
2015-11-16 12:29:57 +01:00
German Blanco
1596ca4244
DNIe user interface moved into card-dnie.c.
2015-11-10 12:10:56 +01:00
Frank Morgner
f13da8abfa
removed unsupported opensc_pkcs11_install.js
2015-11-02 23:51:28 +01:00
Frank Morgner
622b71970f
add compat_report_rangecheckfailure.c to libcompat
2015-11-01 21:02:34 +01:00
Frank Morgner
d6cea60500
Merge pull request #600 from vletoux/patch_openSSL
...
win32: link OpenSSL statically again
2015-11-01 20:59:49 +01:00
Frank Morgner
613d698d3d
fixed potential NULL dereference
2015-11-01 17:13:24 +01:00
vletoux
8a47f238de
win32: link OpenSSL statically again
2015-11-01 13:35:05 +01:00
Frank Morgner
681e8aef98
Fixed accessing Application label
...
regression of 78018a2b49
2015-11-01 13:22:26 +01:00
Frank Morgner
218a9eb52c
make casting explicit
2015-11-01 13:18:39 +01:00
Frank Morgner
98d7578113
ctbcs.c: fixed out of bounds write
2015-11-01 11:33:40 +01:00
Frank Morgner
a649d66b02
card-westcos.c: fixed dead code
2015-11-01 10:49:19 +01:00
Frank Morgner
a34d1f7dcd
sc-hsm-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
Frank Morgner
4ca7daf31c
pkcs15-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
Frank Morgner
5399c264fb
cryptoflex-tool.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
Frank Morgner
c2ff4f090a
pkcs15-pubkey.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
Frank Morgner
0f9645587a
cwa14890.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
Frank Morgner
21a8e7e5f9
Merge pull request #591 from vletoux/isoApplet
...
isoApplet: fix card not recognized by minidriver
2015-10-31 02:28:21 +01:00
Frank Morgner
451386886d
Merge pull request #573 from frankmorgner/coverity
...
Fix some more memory leaks reported by Coverity
2015-10-31 02:24:51 +01:00
Frank Morgner
8e7049c2fa
removed unused variables
2015-10-30 18:21:40 +01:00
Frank Morgner
fa9ffb7b90
fixed uninitialized variable
...
regression of baab26d871
2015-10-30 18:21:40 +01:00
Frank Morgner
9f0087d968
fixed missing includes
2015-10-30 18:21:40 +01:00
Frank Morgner
ad5d16927c
fixed cflags for onepin module
2015-10-30 16:45:22 +01:00
Frank Morgner
00ea7a68be
Removes unused variables
2015-10-30 12:18:04 +01:00
Frank Morgner
7e29fcd26c
pkcs15-authentic.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
Frank Morgner
f9a73c0b20
pkcs15-sc-hsm.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
Frank Morgner
0853ecd887
pkcs15-pubkey.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
Frank Morgner
98b9b37e12
card-openpgp.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
Frank Morgner
9e1a5447d4
profile.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
fd904fbcb8
pkcs15-oberthur-awp.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
e7316b60e3
pkcs15-myeid.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
baab26d871
pkcs15-lib.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
4f4c4aa5ec
pkcs15-iasecc.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
34b6d95ec6
card-westcos.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
ecf147099a
card-epass2003.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
2963588887
card-authentic.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
Frank Morgner
b96ba14aae
added fall through comment
2015-10-30 12:15:06 +01:00
Andreas Schwier
0caf0d1dd6
sc-hsm: Add missing include introduced by #580
2015-10-29 14:09:01 +01:00
Frank Morgner
decd5ab987
Merge pull request #580 from frankmorgner/select
...
Fix issues related to selecting a file
2015-10-29 13:30:37 +01:00
Frank Morgner
c50a951337
Merge pull request #566 from vletoux/ecc_minidriver
...
First ECC support for the minidriver
2015-10-24 23:32:42 +02:00
vletoux
206eb7124a
isoApplet: fix card not recognized by minidriver
2015-10-23 23:03:25 +02:00
Petr Spacek
52b6505909
export all C_* symbols
...
Header files distributed with PKCS#11 v2.30 define all functions as
extern and some applications (like BIND 9.10) do not work without all
functions.
2015-10-22 18:07:26 +02:00
Frank Morgner
249f258ff2
Merge pull request #584 from marschap/card-openpgp-cleanup2
...
OpenPGP card cleanup
2015-10-17 17:36:40 +02:00
Frank Morgner
4ddf2cc042
Merge pull request #579 from dengert/piv-cac
...
Do not expose access to PIV emulated files from utilities
2015-10-17 17:34:39 +02:00
Frank Morgner
0ca46910f7
use tabs only for indenting
2015-10-16 09:58:01 +02:00
vletoux
35175a814c
minidriver: fix according to frank's comments
2015-10-15 22:40:36 +02:00
Peter Marschall
6109a8792d
OpenPGP: add additional manufacturers
2015-10-15 16:43:10 +02:00
Peter Marschall
a0ca6b2ef0
OpenPGP: set card's version in pgp_init()
2015-10-15 16:43:10 +02:00
Peter Marschall
7078fbd505
OpenPGP: cleanup pgp_init()
...
- use LOG_FUNC_RETURN instead of return for symmetry with LOG_FUNC_CALLED
2015-10-15 16:43:10 +02:00
Peter Marschall
e1db96b73b
OpenPGP: extend pgp_match_card()
...
- explicitly check for supported versions
- log successful matches by AID with their type
- log detection of unsupported OpenPGP-type cards
2015-10-15 16:43:09 +02:00
Peter Marschall
7c2adb1fc8
OpenPGP: 1st preparations for newer versions
...
- add references to new specs
- add new enum _version constants
2015-10-15 16:43:09 +02:00
Peter Marschall
69b482dce6
OpenPGP: cleanup pgp_get_card_features()
...
- bug fix: re-initialize index to start searching at the right place
- get rid of unnecessary variable
- add some line breaks & comemnts for easier understanding
2015-10-15 16:42:58 +02:00
Peter Marschall
2a269c5267
OpenPGP: cleanup pgp_build_tlv()
...
- get rid of intermediate variable
- clarify check in while() loop
- line breaks for easier reading
2015-10-15 16:17:22 +02:00
Peter Marschall
3d492ae376
OpenPGP: cleanup pgp_erase_card()
...
- get rid of unnecessary variable
- use easily understandable hex representation of APDUs
- auto-calculate APDU length based on hex representation
- restrict scope of some variables
- use sc_log() instead of directly writing to console
- line breaks & comments for easier reading/understanding
- fix typo in log message
2015-10-15 16:17:22 +02:00
Peter Marschall
3d4fbd776d
OpenPGP: harmonize coding style
...
- 2 line breaks between functions for easier reading
- function type on separate line
- mark each function as 'ABI' or 'Internal'
- slightly doxygen-ize comments introducing functions
- fix typos in comments
- break over-long comment lines
- break comment lines at sensible places
- consistent calling style for DRVDATA()
- no code change
2015-10-15 16:17:22 +02:00
Peter Marschall
7ba47fd5a9
OpenPGP: consistently use card->ctx in pgp_put_data_plain()
...
- get rid of unnecessary variable
- harmonize coding style: adapt to prevailing use of card->ctx
2015-10-15 16:17:22 +02:00
Peter Marschall
1a05f968bd
OpenPGP: simplify gnuk_write_certificate()
...
- get rid of unnecessary variables
- use for-loop to initialize/check/increase run variable in one place
- restrict variables to the necessary scope
- use ternary operator inside a statement instead of if...else...
2015-10-15 16:17:22 +02:00
Peter Marschall
d2b1c8228f
OpenPGP: set apdu_case on declaration
...
- use ternary operator to set apdu_case immediately on declaration
for the GNUK and non-GNUK case
2015-10-15 16:17:22 +02:00
Peter Marschall
3341c5bb8f
OpenPGP: make logical structure clearer
...
- one line per sub-term in the condition of the conditional statement
2015-10-15 16:17:11 +02:00
Frank Morgner
e316bf3140
Merge pull request #582 from marschap/openpgp-tool-fixes
...
Openpgp tool fixes
2015-10-15 13:13:18 +02:00
Peter Marschall
6498721076
piv: fix typos in usage & man page
2015-10-15 12:51:19 +02:00
Peter Marschall
7de373b3b9
OpenPGP: mark do_erase as an action in openpgp-tool
...
- avoid the unintended output of user info when only erasing was requested
2015-10-15 12:51:10 +02:00
Peter Marschall
524ad56146
OpenPGP: remove unnecessary semicolons in openpgp-tool
...
- this is C, not a shell script
2015-10-15 12:51:10 +02:00
Peter Marschall
392bc08d86
OpenPGP: fix pretty name for gender code 39 in openpgp-tool
...
- use the same term that GnuPG uses
2015-10-15 12:51:10 +02:00
Peter Marschall
e79f1f4b01
OpenPGP: accept -E as option in openpgp-tool
...
- make behaviour match the usage message by accepting '-E' as
alternative short form of '--erase'
2015-10-15 12:51:10 +02:00
Frank Morgner
e1073c09ea
handle checking of file output in sc_select_file
...
fixes https://github.com/OpenSC/OpenSC/issues/576
2015-10-14 23:25:13 +02:00
Frank Morgner
bcf9b2bc84
added error checking
2015-10-14 23:14:47 +02:00
Frank Morgner
e634169a92
added error checking
2015-10-14 23:14:47 +02:00
Frank Morgner
c371c3b5ec
removed unused variable
2015-10-14 23:08:39 +02:00
Frank Morgner
f9011b7dc0
fixed indenting
2015-10-14 22:57:10 +02:00
Frank Morgner
4f13fde7f1
use size_t for a length instead of int
2015-10-14 22:56:53 +02:00
Frank Morgner
4275dac495
fixed indenting
2015-10-14 22:51:55 +02:00
Frank Morgner
0bf1f3755c
removed unused variable
2015-10-14 22:48:45 +02:00
vletoux
fed64b0636
minidriver: fixes according to Frank's comments
2015-10-14 22:48:41 +02:00
Frank Morgner
949d8614d2
removed unused variable
2015-10-14 22:46:55 +02:00
Frank Morgner
0258c91f30
removed unused variable
2015-10-14 22:43:12 +02:00
Frank Morgner
0a96616034
remove unused variable
2015-10-14 22:38:10 +02:00
Frank Morgner
6573a93d4b
fixed memory leak
2015-10-14 22:37:56 +02:00
Frank Morgner
a5685b537e
fixed memory leak
2015-10-14 22:34:44 +02:00
Frank Morgner
15f204c5d6
fixed indenting
2015-10-14 22:32:51 +02:00
Frank Morgner
895005f4df
added error checking
2015-10-14 22:28:49 +02:00
Doug Engert
65bc754b8b
Do not expose access to PIV emulated files from utilities
...
PIV cards uses get/put data not select file and read_binary.
To allow access via pkcs15 emulation card-piv.c emulates
select_file and read_binary but only when used with the path as
created by the piv emulation.
There are no MF.DIR or ED.DIR files.
opensc-tool and opensc-explorer will not work with this emulation.
Patch removes code that caused problems with opensc-tooland opensc-explorer.
2015-10-14 15:27:58 -05:00
Frank Morgner
00daa3f535
added error checking
2015-10-14 22:27:32 +02:00
Frank Morgner
9a82ddea8a
fixed memory leak
2015-10-14 22:26:53 +02:00
vletoux
75d76f5ce4
Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master
...
Conflicts:
src/minidriver/minidriver.c
2015-10-14 22:22:19 +02:00
Frank Morgner
5558b9d368
removed unused parameters
2015-10-14 22:17:33 +02:00
Frank Morgner
2ed4c8ae6c
Adds error checking
2015-10-14 22:16:44 +02:00
Frank Morgner
94772c870a
Adds error checking
2015-10-14 22:15:17 +02:00
Frank Morgner
c9420046c5
Removed unused parameter
2015-10-14 22:08:14 +02:00
Frank Morgner
77b5138860
Removed unused parameter
2015-10-14 22:02:35 +02:00
Frank Morgner
851e0a24ff
Merge pull request #571 from frankmorgner/label
...
Fixes accessing fixed size arrays
2015-10-14 18:56:29 +02:00
Frank Morgner
ee5915700c
Merge pull request #516 from frankmorgner/lock
...
Only re-lock for Windows and Apple
2015-10-13 14:11:29 +02:00
Doug Engert
0b268f789a
Allow PIV driver to use cards where default application in not PIV
...
card-piv.c was not selecting the PIV AID correctly from piv_find_aid.
This cause a CAC card that also has the PIV application to fail a VERIFY command
of the pin would use a VERIFY APDU P2 where P2 for PIV is 80, but for CAC was 00.
A CAC card could work if the caller requested the serial number of the card
which did call piv_select_aid. All the OpenSC tools, minidriver and
PKCS#11 do this, but Tokend does not.
This is a partial fix for https://github.com/OpenSC/OpenSC/issues/570 .
Tokend in later MacOS versions still has other issues.
A more complete solution is needed for cards with multiple applications.
I do not have a CAC card or MAC to do any testing.
Thanks to https://github.com/mouse07410 who has a CAC card, and a Mac,
and has tested this fix.
2015-10-11 19:14:02 -05:00
vletoux
747678c83d
minidriver: remove unnecessary logs on console (certutil -scinfo)
2015-10-11 18:51:36 +02:00
vletoux
b968fcfb1f
minidriver: Windows x509 enrollment works
...
Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
2015-10-11 15:20:04 +02:00
vletoux
bee1a450c9
minidriver: modified configuration functions
2015-10-11 10:39:02 +02:00
vletoux
7551baafbd
minidriver: add crt secure functions (*_s)
2015-10-10 22:07:49 +02:00
vletoux
ebfb76d311
minidriver: fix library import for guid & one compilation warning
2015-10-10 19:01:14 +02:00
vletoux
8f4420cb78
minidriver: factorize container naming code
2015-10-10 15:39:27 +02:00
vletoux
227f48d7b0
minidriver: replace one sprintf by sprintf_s
2015-10-10 14:15:23 +02:00
Frank Morgner
da1d4cc78a
Fix locking issue on OS X
...
Works around Apple shipping PCSC-Lite headers without PCSC-Lite. Let's
say they do it for "backward compatibility"...
2015-10-08 08:24:40 +02:00
Frank Morgner
a6b36507a3
removed unused parent in md directory/file
2015-10-06 22:49:32 +02:00
Frank Morgner
d18ddcb446
fixed accessing fixed size md file/directory name
2015-10-06 22:49:16 +02:00
Frank Morgner
6c61bf6815
fixed accessing fixed size guid
2015-10-06 22:49:16 +02:00
Olaf Kirch
f42a1c2563
Replace outdated address okir@lst.de -> okir@suse.de
...
Signed-off-by: Olaf Kirch <okir@suse.de>
2015-10-05 14:07:28 +02:00
Frank Morgner
137afb10b7
Check for NUL in label to test its presence
2015-10-05 08:30:47 +02:00
Frank Morgner
5b0332528f
fixed accessing app_label in sc_pkcs15_data_info_t
2015-10-05 08:23:02 +02:00
vletoux
811a86e72a
fix: set the container name as the id if md_guid_as_label is set
2015-10-04 19:49:31 +02:00
Frank Morgner
f9cd1fc476
fixed accessing fixed size cvc members
2015-10-04 17:53:51 +02:00
Frank Morgner
161e84f066
pkcs15-tool.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
35f028a57c
pkcs15-init.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
d709347c2b
pkcs15-crypt.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
191af692c8
print.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
e171789dad
pintest.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
7c1feb1b8a
pkcs15-oberthur.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
fa3f4d632c
pkcs15-lib.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
1046d951ba
framework-pkcs15.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
c56fe19b31
minidriver.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
Frank Morgner
64417c271e
fixed out of bounds access
2015-10-04 13:19:29 +02:00
Frank Morgner
78018a2b49
fixed string operation on fixed size array
2015-10-04 13:07:39 +02:00
Frank Morgner
d33517a58b
fixed missing comma
2015-10-04 12:55:25 +02:00
Frank Morgner
9e500e0b9a
fixed bad typecast
2015-10-04 12:52:49 +02:00
Frank Morgner
50e81d1de0
added missing break
2015-10-04 12:45:25 +02:00
vletoux
3edf32ca9c
fix: when exporting immediatly an ECC key when the ECC key just has been created
...
This test case is triggered when requesting a ECC certificate from ADCS:
NCryptCreatePersistedKey followed by NCryptExportKey
2015-10-03 19:41:34 +02:00
vletoux
c3f2cb142f
fix "use guid as label"
...
Allow to use as pkcs15 label the windows container name (max: 39 characters)
2015-10-03 18:59:52 +02:00
vletoux
b667645797
fix compilation warning
2015-10-03 18:56:19 +02:00
Frank Morgner
ac65af0669
Fixes unreleased locks with pcsc-lite
...
This is a bug in PCSC-Lite propably won't be fixed, see
https://alioth.debian.org/tracker/index.php?func=detail&aid=315083&group_id=30105&atid=410088
Fixes https://github.com/OpenSC/OpenSC/issues/480
Closes https://github.com/OpenSC/OpenSC/pull/487
2015-10-03 12:55:15 +02:00
Frank Morgner
5e242c5fb2
Merge pull request #560 from CardContact/fix_sc_pkcs15init_finalize_profile
...
Removed error check to support card with PKCS#15 emulation but no mat…
2015-10-02 15:18:14 +02:00
Frank Morgner
a15363198c
Merge pull request #569 from mdealencar/patch-2
...
fix: change SC_TERMINATE (undefined) to SC_CTX_FLAG_TERMINATE
2015-10-02 15:16:42 +02:00
Frank Morgner
4f4643ee3e
Merge pull request #452 from frankmorgner/memory-leaks
...
Fix some memory leaks
2015-10-02 15:13:34 +02:00
Frank Morgner
e0a4e0bfec
Merge pull request #532 from frankmorgner/sloppy
...
implemented sloppy initialization for C_GetSlotInfo
2015-10-02 15:13:07 +02:00
Frank Morgner
f851197129
Merge pull request #565 from frankmorgner/sm-openssl
...
Build a lightweight version of OpenSC
2015-10-02 15:12:41 +02:00
mdealencar
34d6c10fa0
fix: change SC_TERMINATE (undefined) to SC_CTX_FLAG_TERMINATE
...
This file was not compiling because SC_TERMINATE is not defined anywhere. It seems like the intended expression is what I propose.
2015-10-01 08:38:23 -03:00
Frank Morgner
f252277fab
Add configuration for sloppy PKCS#11 initialization
2015-10-01 12:44:41 +02:00
Frank Morgner
3307dd6f45
implemented sloppy initialization for C_GetSlotInfo
...
Makes things work for Java and closes #523
2015-10-01 12:44:41 +02:00
vletoux
a9897f9956
First implementation of CardDeleteContainer
...
Container now can be created, deleted, in short, a read write card
2015-09-30 22:52:37 +02:00
vletoux
67740fb955
quality improvement of CardDeriveKey
2015-09-30 22:49:41 +02:00
vletoux
9a590d64e4
do not reset the authentication state before each operation
2015-09-30 22:47:16 +02:00
Frank Morgner
c5cf4f69a2
Merge pull request #559 from philipWendland/ecc-sig-format
...
ECDSA helper functions: strip zeroes when converting from R,S to sequence
2015-09-30 08:14:25 +02:00
Frank Morgner
fb705b6a2d
Merge pull request #563 from CardContact/fix_reselect_applet_for_pin_verification
...
Fix reselect applet for pin verification
2015-09-29 20:09:00 +02:00
vletoux
c00f9830ba
force recompilation on integration plateforms
2015-09-25 22:56:26 +02:00
vletoux
701d45e89d
fix delay load library import
2015-09-25 22:30:11 +02:00
vletoux
6cbeea3942
First ECC support for the minidriver
2015-09-25 22:22:29 +02:00
Andreas Schwier
83a28a1bc3
pkcs15: Observe path.aid for PIN operation
2015-09-25 11:56:32 +02:00
Andreas Schwier
7fd4edf7b6
Allow cards without EF.DIR using default application
...
Removed error check to support card with PKCS#15 emulation but no matching card app
2015-09-25 11:43:01 +02:00
Frank Morgner
7120a9b549
Merge pull request #554 from frankmorgner/fixes
...
Some more fixes for problems reported by Coverity scan
2015-09-25 11:13:17 +02:00
Frank Morgner
30c90448fb
Adds missing Advapi32.lib to opensc_a.lib
2015-09-25 10:58:53 +02:00
Andreas Schwier
d8d47bb06f
sc-hsm: Bind PIN object to applet aid to ensure SELECT before PIN verification
2015-09-23 15:38:57 +02:00
Andreas Schwier
c41153aa13
pkcs15: Select application defined by path.aid for PIN verification
2015-09-23 15:36:56 +02:00
Frank Morgner
e14e028453
Properly describe OpenSSL dependencies in .mak files
2015-09-23 08:23:28 +02:00
Frank Morgner
ffd85adae7
Decouples SM from OpenSSL
2015-09-24 14:46:30 +02:00
Frank Morgner
4814863d18
Merge pull request #551 from frankmorgner/507
...
Fix OpenPGP driver to work correctly with YubiKey NEO
2015-09-21 13:23:18 +02:00
Philip Wendland
328176d28b
ECDSA helper functions: strip zeroes when converting from R,S to sequence
...
For ECDSA signatures, there are multiple ways to format the signature:
- R|S (R and S filled with zeroes at the most significant bytes)
- ASN1 sequence of R,S integers (e.g. used by OpenSSL).
It is rare that the filling with zeroes is needed.
But if it is, in the second case, the filling zeroes should not be there
or the verification of the signature by OpenSSL will fail.
2015-09-20 22:34:39 +02:00
Philip Wendland
09fb1e71a9
IsoApplet: add PIN to pincache upon creation
2015-09-18 17:02:45 +02:00
Philip Wendland
6bffeb7a36
IsoApplet: fix dead code
2015-09-18 17:02:45 +02:00
Doug Engert
24a3999386
Fix indentation for readability
2015-09-17 19:03:44 -05:00
Frank Morgner
c399bc94ec
piv-tool: fixed resource leak
2015-09-17 22:32:07 +02:00
Frank Morgner
2dca6ced06
pkcs15-oberthur: fixed resource leak
2015-09-17 22:32:07 +02:00
Frank Morgner
4e280b4741
pkcs15-lib: fixed resource leak
2015-09-17 22:32:07 +02:00
Frank Morgner
5854aff155
pkcs15-epass2003: fixed resource leak
2015-09-17 22:32:06 +02:00
Frank Morgner
4fd359406e
iasecc-sdo: fixed resource leak
2015-09-17 22:32:06 +02:00
Frank Morgner
1308fd0618
cwa14890: fixed resource leak
2015-09-17 22:32:06 +02:00
Frank Morgner
7fe4819a02
card-tcos: fixed resource leak
2015-09-17 22:32:06 +02:00
Frank Morgner
1e2a42dae5
Fixes warning about unused variables
2015-09-17 22:24:33 +02:00
Frank Morgner
fe31aceacb
Fixes signature of iasecc_read_public_key
2015-09-17 22:24:33 +02:00
Frank Morgner
be073396be
Fixes warnings about unused variables/functions
2015-09-17 22:24:33 +02:00
Frank Morgner
0fe282414f
Fixed warning about unused function
2015-09-17 22:24:33 +02:00
Frank Morgner
5902587889
Removed dead code
2015-09-17 22:24:33 +02:00
Frank Morgner
c22ffd95bf
Fixed warning about unused variable
2015-09-17 22:24:33 +02:00
Frank Morgner
6c01750ba8
Removes dead code
2015-09-17 22:24:33 +02:00
Frank Morgner
e4bce1ca61
Fixes dependency on uninitialized data
2015-09-17 22:24:33 +02:00
Frank Morgner
07038225a7
Fixes out of bounds read
2015-09-17 22:24:33 +02:00
Frank Morgner
69320f9d54
Checks for out of bounds write
2015-09-17 22:24:33 +02:00
Frank Morgner
f08985086a
Fixes potential buffer overrun
2015-09-17 22:24:33 +02:00
Frank Morgner
69de207c21
Fixes bad type cast
2015-09-17 22:24:33 +02:00
Frank Morgner
59254d9d88
Checks on errors for ftell and fseek
2015-09-17 22:24:33 +02:00
Frank Morgner
b5de72fe13
fix potention NULL deref
2015-09-17 22:24:33 +02:00
Frank Morgner
63a9ad79b6
Assumes that p15card->card are set
...
The check for NULL was bogus anyway
2015-09-17 22:24:33 +02:00
Frank Morgner
8a225eb42b
Avoids potential NULL pointer deref
2015-09-17 22:24:33 +02:00
Frank Morgner
30d4f52718
Checks untrusted input
2015-09-17 22:24:33 +02:00
Frank Morgner
ba3890f8e0
Checks result of calloc
2015-09-17 22:24:33 +02:00
Frank Morgner
de58f51012
msc: check the length of input
2015-09-17 22:24:33 +02:00
Frank Morgner
d20290d2b3
openpgp: match application, not ATR
...
fixes #391
closes #507
2015-09-16 09:48:23 +02:00
Robert Ou
b28c48afe0
Fix OpenPGP driver to work correctly with YubiKey NEO
2015-09-16 09:48:23 +02:00
Frank Morgner
8aba7b9598
added missing files to WiX installer
...
fixes https://github.com/OpenSC/OpenSC/issues/488
2015-09-16 04:18:12 +02:00
Frank Morgner
cc6d7677da
Merge pull request #550 from frankmorgner/appveyor
...
adjust Make.rules.mak to work with AppVeyor
2015-09-14 18:35:54 +02:00
Frank Morgner
bf654540c5
Merge pull request #545 from frankmorgner/duplicate
...
avoid registering pkcs11 mechanisms multiple times
2015-09-14 12:41:37 +02:00
Frank Morgner
fb9dfc5b71
fixed warnings about possible data loss
2015-09-14 10:52:31 +02:00
Nguyễn Hồng Quân
76b6b483c7
Merge branch 'master' into gnuk
2015-09-13 22:09:59 +08:00
Frank Morgner
a906c6d7b8
Merge pull request #530 from NWilson/yubikey-neo-pin
...
Yubikey NEO pin functions support
2015-09-12 18:51:10 +02:00
Frank Morgner
5944915e0e
Merge pull request #549 from frankmorgner/547
...
fixed bad string comparison
2015-09-11 12:47:04 +02:00
Frank Morgner
0f2b9a4a4e
Merge pull request #543 from frankmorgner/appveyor
...
Use AppVeyor as good as we can
2015-09-10 16:40:58 +02:00
Frank Morgner
819a6686c9
use _WIN32 instead of WIN32
2015-09-10 15:23:18 +02:00
Frank Morgner
17c0ffc17e
Merge pull request #520 from frankmorgner/vendor-product
...
added call back for getting vendor/product id
2015-09-10 09:41:07 +02:00
Frank Morgner
6e3f94b3c9
fixed bad string comparison
...
fixes #547
2015-09-10 08:31:30 +02:00
Frank Morgner
d551f9a8e0
avoid registering pkcs11 mechanisms multiple times
...
fixes #349
2015-09-07 09:53:02 +02:00
Frank Morgner
b0c1e1fc89
Merge pull request #540 from nioncode/readDataObjectRawOption
...
add '--raw' option to pkcs15-tools '--read-data-object'
2015-09-04 15:31:16 +02:00
Nicolas Schneider
f44e229865
update help message to clarify that --raw only affects stdout behavior
2015-09-04 13:04:24 +02:00
Andreas Schwier
72e25db360
sc-hsm: Add status info support for SmartCard-HSM V2.0
2015-09-03 21:49:24 +02:00
Nicolas Schneider
68796edf36
add '--raw' option to output 8 bit data instead of its hex representation
2015-09-03 15:09:23 +02:00
Frank Morgner
b2508b6c59
removed workaround for HP USB Smart Card Keyboard
...
Has been fixed by the CCID driver
https://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2011-March/005218.html
2015-09-02 10:49:12 +02:00
Frank Morgner
cf2a9cbbb0
added call back for getting vendor/product id
...
implementation taken from
83142d4cae
2015-09-02 10:47:29 +02:00
Frank Morgner
29b85b43c0
Merge pull request #483 from adminmt/master
...
Update ATR and ATR mask for MaskTech smartcards
2015-09-02 10:41:06 +02:00
Andreas Kemnade
9456db90fc
handle record-based files correctly when doing file caching
...
implementation copied from `sc_pkcs15_read_file`
closes #372
2015-09-02 10:35:18 +02:00
Andreas Kemnade
c9efb2f643
make file cache dir configurable
...
in cases where you use pam_pkcs11, HOME might not be set
so paths based on $HOME are not usable, so that the combination
of home and caching does not work. Having the paths configurable
(together with a good setting of access rights)
resolves that problem.
2015-09-02 10:34:35 +02:00
Nguyễn Hồng Quân
a64bbc55aa
[OpenPGP] Fix building without OpenSSL.
2015-08-31 22:24:16 +08:00
Nguyễn Hồng Quân
70890a8f61
Merge branch 'master' into gnuk
...
Conflicts:
src/libopensc/card-openpgp.c
src/tools/openpgp-tool.c
2015-08-31 21:55:14 +08:00
Frank Morgner
3f43bc46ef
Merge pull request #534 from frankmorgner/card-sizes
...
reactivate handling of `0` for max_recv/send_size
2015-08-31 13:31:19 +02:00
Martin Paljak
8da31d271e
Fix for #183 : export more symbols
...
- also export C_Initialize and C_Finalize to please vmware-view
- have a single pkcs11.exports file for both pkcs11-spy and opensc-pkcs11
2015-08-30 18:58:00 +03:00
Frank Morgner
fc02cb1093
added documentation for sc_get_max_recv/send_size
2015-08-26 22:02:35 +02:00
Frank Morgner
2d9802308f
reactivate handling of `0` for max_recv/send_size
...
The special value still needs to be handled for commands that are issued
during card initialization. This especially concerns T=0 cards that need
to use iso_get_response.
fixes #533
regression of 85b79a3332
2015-08-26 02:55:35 +02:00
Nicholas Wilson
2897e6fb5c
Leniently interpret the ISO7816 return codes in card-piv.c
...
This adds support for the Yubikey NEO. I'm not sure whether it breaks
the specification, or follows some other version of the spec, but in my
testing it returns SW1=0x63, SW2=0x0N for N PIN tries remaining.
Ignoring the top nibble seems a harmless change to the behaviour to
support this device.
2015-08-25 15:53:32 +01:00
Nicholas Wilson
5a11d0e2fd
Add support for C_GetTokenInfo pin status flags for ISO7816 cards
...
This is already supported for a couple of the card drivers, but
since it's a general feature of ISO7816 it should go in iso7816.c,
rather than the current situation where identical code for this is
copy and pasted in each driver.
However, some cards apparently don't support this feature and count
it as a failed PIN attempt, so I've added a flag for now to indicate
whether the card supports this feature. It future, it could be moved
to blacklist cards rather than whitelist them, subject to more testing.
2015-08-25 15:53:27 +01:00
adminmt
56c376489f
ATR update card-masktech.c, customactions.cpp
...
changed atqb + mask of MaskTech smart card (a) and (c)
removed MaskTech smart card (d)
added atr mask to MaskTech smart card (a) and (b)
2015-08-24 12:51:54 +02:00
Nicholas Wilson
4df35b922c
pkcs11: Fix to CKA_PRIVATE handling pcks11-tool
...
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
2015-08-23 12:41:38 +02:00
Viktor Tarasov
ff2d88a724
libopensc: uncomplete changes in c48afdbf
breaks windows builds
2015-08-16 20:18:29 +02:00
Martin Paljak
9cae888dd8
Merge pull request #522 from HenryJacques/login_pin_fix
...
really set the --login option when using --pin
2015-08-12 16:49:17 +03:00
Frank Morgner
2e21163273
cardos: probe for transceive length
2015-08-11 23:08:41 +02:00
Frank Morgner
85b79a3332
don't always overwrite max_send_size/max_recv_size
...
If the reader announces extended length support, but the card driver
leaves max_send_size/max_recv_size at `0`, max_send_size/max_recv_size
previously would have been overwritten with the reader's size though the
card might not have set SC_CARD_CAP_APDU_EXT. This commit fixes this
behavior.
Additionally card->max_send_size/max_recv_size is always initialized to
a value different from 0 after the card initialization. This removes the
need to check for this special value in all subsequent calls.
2015-08-11 23:08:41 +02:00
HenryJacques
c14be48ed9
really set the --login option when using --pin
...
Until now, if -p was used without -l, we didn't authenticate to the token (see man pkcs11-tool)
2015-08-11 18:03:31 +02:00
Nguyễn Hồng Quân
6409202c2f
[OpenPGP] Fix warnings about type conversion.
2015-08-08 14:17:12 +08:00
Andreas Schwier
d6774aae40
Fixed wrong APDU case declaration detected after PR #500
2015-08-04 17:51:46 +02:00
Frank Morgner
5e352ea477
Merge pull request #504 from frankmorgner/find_tags
...
Find tags with GET DATA
2015-08-04 10:32:23 +02:00
Frank Morgner
d7d64ee8d4
Merge pull request #494 from frankmorgner/fork
...
After a fork do not release resources shared with parent
2015-08-04 10:32:01 +02:00
Frank Morgner
e95707362f
Merge pull request #357 from fancycode/startcos34_dtrust
...
Added initial support for STARCOS 3.4 (German D-Trust cards).
2015-07-31 15:40:30 +02:00
Frank Morgner
c48afdbfcb
Merge pull request #500 from frankmorgner/reader_max_data_size
...
honour PC/SC pt 10 dwMaxAPDUDataSize
2015-07-31 15:35:32 +02:00
Frank Morgner
6bedd70ea3
Merge pull request #499 from frankmorgner/asn1
...
asn1: fixed parsing "end of content"
2015-07-31 15:35:19 +02:00
Frank Morgner
d7496cc3b4
Merge pull request #498 from frankmorgner/pkcs11
...
fixed segfault for uninitialized IsoApplet
2015-07-31 15:35:08 +02:00
Frank Morgner
24d91acf69
opensc-explorer: added command find_tags
2015-07-30 11:29:14 +02:00
Martin Paljak
c6c8c6cdb0
Fix dead code:
...
../../src/libopensc/errors.h:73:37: warning: statement with no effect [-Wunused-value]
#define SC_ERROR_INVALID_ARGUMENTS -1300
^
card-masktech.c:181:48: note: in expansion of macro 'SC_ERROR_INVALID_ARGUMENTS'
if (crgram_len > SC_MAX_EXT_APDU_BUFFER_SIZE) SC_ERROR_INVALID_ARGUMENTS;
2015-07-30 10:12:04 +03:00
Frank Morgner
f71ef838e9
implemented get_data for iso7816
...
mostly copied over from CardOS implementation
2015-07-30 08:18:07 +02:00
Frank Morgner
c92e3b4f98
honour PC/SC pt 10 dwMaxAPDUDataSize
...
closes #306
2015-07-28 09:49:44 +02:00
Frank Morgner
b44c98e4d8
asn1: fixed parsing "end of content"
...
fixes #190
2015-07-28 09:10:54 +02:00
Frank Morgner
b3dc5ea32a
fixed segfault for uninitialized IsoApplet
...
fixes #400
2015-07-27 18:43:51 +02:00
Frank Morgner
6cfd71c387
avoid double detecting card on uninitialized reader
...
initialize_reader already calls detect_card
2015-07-27 16:15:33 +02:00
Andreas Jellinghaus
9fed9591ca
Fix regression test crypt0007: it deals with 1024 bit keys (not 1048).
...
Signed-off-by: Andreas Jellinghaus <andreas@ionisiert.de>
2015-07-26 21:35:29 +02:00
Andreas Jellinghaus
4dfbf24a3e
Fix regression test suite: rename parameters to new names.
...
Signed-off-by: Andreas Jellinghaus <andreas@ionisiert.de>
2015-07-26 21:34:51 +02:00
Frank Morgner
28de49b34c
Merge pull request #448 from sschutte/patch-1
...
Create minidriver-italian-cns.reg
2015-07-23 13:11:39 +02:00
Frank Morgner
ee68165b1d
Merge pull request #474 from germanblanco/memory_allocation_5
...
Fixing part of the memory allocation problems in DNIe module. Issue #472
2015-07-23 13:10:14 +02:00
Frank Morgner
142323af10
Merge pull request #476 from germanblanco/dnie_ui_depends_on_ssl
...
Empty user-interface.c if there is no SSL support. Related with issue #362
2015-07-23 13:08:46 +02:00
Frank Morgner
7cec500e54
added flags to sc_context_t
...
- is initialized in sc_context_create with parm->flags
- removes members paranoid_memory and enable_default_driver
2015-07-22 17:30:21 +02:00
Frank Morgner
edc839e072
restrict access to card handles after fork
...
fixes #333
closes #493
2015-07-22 16:46:04 +02:00
German Blanco
317cc302db
making the size of e_tx in cwa-dnie.c dynamic
2015-07-10 12:38:22 +02:00
Nguyễn Hồng Quân
d0e3d1be3d
Fix tab & spaces
2015-07-04 00:21:38 +08:00
Hubitronic
5898eab373
Update card-muscle.c
...
re-enable opensc.conf flexibility again
2015-06-18 16:28:11 +02:00
German Blanco
030f4d1559
Empty user-interface.c if there is no SSL support.
2015-06-01 08:21:25 +02:00
German Blanco
0d14f3ffee
Correct initializing of a variable in card-dnie and revert buffer size change in cwa-dnie.
2015-06-01 07:46:59 +02:00
German Blanco
76517b7d43
Fixing part of the memory allocation problems in DNIe module.
2015-05-26 21:44:13 +02:00
Doug Engert
b48fa70308
sc_pkcs11_card improvements
...
This is name change only fix.
The variable name "card" was being used to refer to a struct sc_card or a struct sc_pkcs11_card
in some files including sc_pkcs11.h. In other files the variable name "p11card" is used for struct sc_pkcs11_card.
This creates hard to read code, such as: slot->card->card.
All definitations of sc_pkcs11_card *card now use p11card as the variable name.
Fix #471
2015-05-24 11:41:29 +02:00
David Woodhouse
8c94662e96
Add --test-fork option to pkcs11-tool
...
The PKCS#11 Usage Guide, at least up to v2.40, says that calling
C_Initialize() in the child after fork is "considered to be good
Cryptoki programming practice, since it can prevent the existence of
dangling duplicate resources that were created at the time of the fork()
call."
(It neglects to mention that doing so in the child of a multi-threaded
process is a clear violation of POSIX, mind you. Not to mention being
utterly pointless if all you're going to do in the child is exec something
else anyway.)
Regardless of the sagacity of this recommendation, we need to cope when
it happens. Historically, we've been quite bad at that. Let's add a test
to pkcs11-tool in the hope it'll help...
Fixes #464
2015-05-16 12:18:54 +02:00
vletoux
01b395e636
card-masktech.c: add 2 more ATR
...
Fixes #465
2015-05-16 12:09:08 +02:00
drew thomas
5be35fb3f4
muscle: change TyfoneAT historical bytes to 'Tyfone 242R2'
...
Fixes #467
2015-05-16 11:59:58 +02:00
Andreas Kemnade
a09ca246a7
libopensc: initialize value returned by sc_select_file
...
several places in the code expect sc_select_file to set *file_out to NULL
in case of failure. Adjust the function to behave like this.
Fixes #460
2015-05-13 10:19:38 +02:00
Andreas Kemnade
6a6ef61d1a
some more error checks in minidriver in regards to card ejects
2015-05-13 10:11:05 +02:00
vletoux
492ffe0fd7
iso7816.c: allow file length stored in more than 2 bytes
...
as indicated in iso7816-4 chapter 7.4.3 table 10
Fixes #459
2015-05-13 10:01:29 +02:00
drew thomas
8b62221abc
muscle: add ATR of Tyfone mSD card
...
Add Tyfone Connected Smart Card ATR to list for MUSCLE support.
SC_CARD_TYPE_MUSCLE_JCOP242_NO_APDU_EXT
Fixes #463
2015-05-13 09:50:21 +02:00
Doug Engert
c7af08c68a
PIV - read just length of object to get size
...
card-piv.c tries to read the first 8 bytes of an object to get object size
so it can allocate a buffer. It then reads the whole object. apdu.c has changed
over the years, and apdu.c will keep reading as long as the card returns
status of 61 XX thus apdu.c will read the whole object while discarding
the extra data and returning to the caller only the first part of the data.
This in effect causes a double read of objects.
This patch sets SC_APDU_FLAGS_NO_GET_RESP to tell apdu to stop doing the
extra get-response commands thus avoiding most of the extra overhead.
This in not an optimal patch as it only works with T=1 cards/readers
but the patch is confined to just card-piv.c.
A better patch is in the works.
Fixes #462
2015-05-13 09:24:46 +02:00
Viktor Tarasov
72b5d8fe9a
md: use 'store-or-update' store certificate mode
2015-05-10 15:04:44 +02:00
vletoux
8ec000e80d
minidriver: change the icon of the pinpad dialog
2015-05-10 15:04:44 +02:00
vletoux
ac82a96ccc
minidriver: add my name in the author list
...
setup: change the url to match the new one
2015-05-10 15:04:44 +02:00
vletoux
aede9b164b
minidriver: fix compilation warnings on x64 (size_t <> DWORD)
2015-05-10 15:04:44 +02:00
vletoux
33cf161941
minidriver: pinpad authentication is now working for smart card logon !!! (still needs 5 pinpad entries)
...
minidriver: minor fixes
2015-05-10 15:04:41 +02:00
vletoux
6127fe6b77
minidriver: change the UI (remplace a messagebox by a nice dialog) ; add a translation function for errors
2015-05-10 15:04:41 +02:00
vletoux
7d225e28f7
minidriver: add support for the special msroot file which contains the root certificates stored on the card.
2015-05-10 15:04:41 +02:00
vletoux
6b58b1db01
minidriver: merge CardUnblockPin and CardChangeAuthenticator into CardChangeAuthenticatorEx
2015-05-10 15:04:41 +02:00
vletoux
a671cf8fe2
CardAuthenticateEx: test for remaining attempts before ...
2015-05-10 15:04:41 +02:00
vletoux
659da4f538
minidriver: CardSignData - better parameter checking
2015-05-10 15:04:41 +02:00
vletoux
f3c9525137
fix attempt remaining regression if the card is blocked
2015-05-10 15:04:40 +02:00
vletoux
d96e53b102
minidriver: better error code if CARD_PIN_SILENT_CONTEXT is set
2015-05-10 15:04:40 +02:00
vletoux
ad47d4d043
minidriver:
...
* factorize the code from CardAuthenticatePIN into CardAuthenticateEx
* allows authentication with the PINPAD without a UI
minidriver: fix some code analysis warnings
2015-05-10 15:04:36 +02:00
vletoux
8062eac145
minidriver: fix CardQueryCapabilities and CardGetProperty fKeyGen flag. A read only card cannot generate keys
2015-05-10 15:04:36 +02:00
vletoux
f331b35c4e
minidriver: make the parameter check be aware of pinpad capabilities
2015-05-10 15:04:36 +02:00
vletoux
a5593afc78
minidriver: better parameter checking with CardQueryKeySizes and CardGetContainerProperty
2015-05-10 15:04:36 +02:00
vletoux
1e78e16e65
fix memory leak in minidriver: the virtual filesystem is never freed and in some case when an error occurs
2015-05-10 15:04:35 +02:00
vletoux
8036388f29
minidriver PINPAD: fix a regression issue (the parameter - message - can be set to null)
...
Improve the error code when the user cancel the operation ("The operation was canceled by the user" instead of "invalid parameter")
Signed-off-by: vletoux <vincent.letoux@gmail.com>
2015-05-10 15:04:35 +02:00
vletoux
cb38657d47
CardSignData: add support for missing hash algorithm
2015-05-10 15:04:35 +02:00
vletoux
c5efcae029
CardRSADecrypt: better parameter checking
...
CardRSADecrypt & CardSignData: better OpenSC -> minidriver error code translation
2015-05-10 15:04:28 +02:00
vletoux
9544844d83
CardSignData: better error message if the card do not support the signing operation with the algorithm
...
(replace the return code from internal error to unsupported)
2015-05-10 14:35:42 +02:00
vletoux
54f462368b
Fix CardSignData "invalid signature" bug when called from CryptSignHash(CRYPT_NOHASHOID)
2015-05-10 14:35:42 +02:00
vletoux
6aaf9d462c
fix a problem: CardDeauthenticate(ex) do nothing, but the base CSP think that the user is deauthenticate from the card.
...
The user is still authenticated !
2015-05-10 14:35:41 +02:00
vletoux
b7f000d6b8
add parameter checking for CardSignData
2015-05-10 14:35:41 +02:00
vletoux
2667394f22
better parameter checks for CardGetProperty and CardSetProperty
...
Added value for secure key injection (to reject it properly because it is not implemented)
2015-05-10 14:35:41 +02:00
vletoux
6a2e9aa3b6
Merge branch 'upstream/master'
...
Conflicts:
src/libopensc/card-openpgp.c
src/libopensc/pkcs15-gemsafeV1.c
src/pkcs11/mechanism.c
2015-05-10 14:35:41 +02:00
Viktor Tarasov
e0aec3764a
pkcs15init: 'store-or-update' certificate option
2015-05-10 14:35:41 +02:00
Viktor Tarasov
3cf56d8fb7
pkcs15init: fix non-unique-ID control
2015-05-10 14:35:41 +02:00
vletoux
f154cdcaa4
pkcs15-pin: sc_pkcs15_unblock_pin: avoid to ask the PUK twice
2015-05-08 22:37:04 +02:00
Viktor Tarasov
3e0356b170
register CKM_ECDSA and CKM_ECDSA_SHA1 depending on card capabilities
...
fix #429
2015-05-08 20:45:56 +02:00
Philip Wendland
254320e34c
myeid: seperate ECC from RSA flags
...
Should keep the existing behavior, but improve readability.
2015-05-08 20:45:37 +02:00
Philip Wendland
4142456c74
PIV, sc-hsm, myeid: register ECDH card capabilites
...
Prior to 066132327c71300188aa66180fde2fb3d90c5140, CKM_ECDH1_DERIVE and
CKM_ECDH1_COFACTOR_DERIVE were always registered for cards that support
SC_ALGORITHM_ECDSA_RAW.
The mentioned commit changed this behavior, so that the ECDH mechanisms
are only registered for cards that set the SC_ALGORITHM_ECDH_CDH_RAW
capability flag.
To keep the existing behavior for the cards, they need to set this flag
in the card driver.
2015-05-08 20:45:37 +02:00
Philip Wendland
78e434da93
register EC mechanisms with flags independent of RSA flags
...
Prior to this commit, all hashes registered for RSA or other key types were
registered for ECDSA as well.
register ECDH mechanism only when supported by card
ECDH should only be registered if the card driver sets the
SC_ALGORITHM_ECDH_CDH_RAW flag.
register software PKCS#1 (1.5) padding only when RAW RSA is supported by card
If OpenSC supports PSS/OAEP padding or other padding mechanisms in
future, and there would be a card that enforces hardware PSS/OAEP
padding, the PKCS#1 v1.5 padding mechanism should not be registered.
2015-05-08 20:45:27 +02:00
Philip Wendland
37b6f0bbdf
IsoApplet: fix EC mechanism ext_flag
2015-05-08 20:19:36 +02:00
Hector Sanjuan
fd3d07a884
Issue #451 : Newer DNIe not working with OpenSC.
...
This patch fixes 3 issues which consecutively have shown up when debugging the original problem:
1 - Newer DNIe report a byte count for public certificates which is the compressed size,
while older DNIe report the uncompressed size. This resulted in short-reading the x509 certificates,
and in an error parsing. Therefore, during initialization we proceed to set path->count for
public certificates to -1. This ensures that the lenght of the certificates for reading
will be set to file-> length, which has the correct size.
2 - pkcs11-tool -t was broken for DNIe (old and new)as it tried to strip pcks11 padding
from the data to sign and OpenSC tried signatures with non-padded data
(as the card had SC_ALGORITHM_RSA_RAW).
The new algoflags (SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_PAD_PKCS1) and the
removal of the strip-padding call fix the issue.
3 - The new cards won't allow setting the LE bytes when calculating the TLV, when LE equals
256. This caused an wrong SM object error response (0x69 0x88). Therefore,
we don't send the LE bytes anymore in this case.
The patch has been tested to work on the new problematic card and on another old one.
close #451
2015-05-08 09:17:01 +02:00
Frank Morgner
ef4edb74ba
fixed invalid free
...
We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad
2015-05-08 09:11:55 +02:00
Frank Morgner
e338b7c1ab
framework-pkcs15: fixed memory leak when encoding pubkey
2015-05-08 09:11:55 +02:00
Frank Morgner
e84951a5bf
fix resource leaks in while registering PKCS#11 mechanisms
...
introduces a free_mech_data for sc_pkcs11_mechanism_type_t to clear the
mechanisms private memory
2015-05-08 09:11:55 +02:00
Frank Morgner
2c32575e89
pkcs11-tool: fixed resource leak
2015-05-08 09:11:55 +02:00
Frank Morgner
ecc9b9dac9
openssl: fixed resource leak
2015-05-08 09:11:55 +02:00
Frank Morgner
8838388ceb
pkcs15-infocamere: fixed resource leak
2015-05-08 09:11:55 +02:00
Frank Morgner
bbb803ff2e
sc-hsm-tool: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
d96f25c147
pkcs15-tool: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
1f16f24052
pkcs15-init: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
a83da8a947
pkcs15-crypt: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
c65caed7f4
openpgp-tool: fixed resource leak
...
VTA: slightly touched, original commit f0ddbf4
2015-05-08 09:11:54 +02:00
Frank Morgner
b0a708b0bb
pintest: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
efbd4068af
sm-cwa14890: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
01e573b987
profile: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
6cb99be821
pkcs15-setcos: fixed resource leak
2015-05-08 09:11:54 +02:00
Frank Morgner
44253c63d0
pkcs15-rtecp: fixed resource leak
2015-05-08 09:11:54 +02:00
Viktor Tarasov
d636338eaf
pkcs15-oberthur: fix memory leakage
2015-05-08 09:11:54 +02:00
Viktor Tarasov
ac84d282b1
myeid: fixed resource leak
...
pkcs15-myeid: fix memory leakage
myeid: fix memory leakage
2015-05-08 09:11:40 +02:00
Viktor Tarasov
475ce71453
iasecc: fixed resource leak
...
pkcs15-iasecc: fix memory leakage
iasecc: fix memory leakage
2015-05-08 09:11:20 +02:00
Frank Morgner
68becc8fc4
pkcs15-gpk: fixed resource leak
2015-05-08 09:11:19 +02:00
Frank Morgner
d4fd135e20
pkcs15-cflex: fixed resource leak
2015-05-08 09:11:19 +02:00
Frank Morgner
4af4308d19
authentic: fixed resource leak
...
pkcs15-authentic: fixed resource leak
card-authentic: fixed resource leak
2015-05-08 09:10:48 +02:00
Frank Morgner
e215b7b4fb
sm-common: fixed resource leak
2015-05-08 09:10:48 +02:00
Frank Morgner
3cfb44d704
pkcs15-syn: fixed resource leak
2015-05-08 09:10:48 +02:00
Frank Morgner
841d89dda6
pkcs15-pubkey: fixed resource leak
2015-05-08 09:10:47 +02:00
Viktor Tarasov
18e962942b
pkcs15-data: fix memory leakage
2015-05-08 09:10:47 +02:00
Frank Morgner
3a6c4a0e1d
pkcs15-cache: fixed resource leak
2015-05-08 09:10:47 +02:00
Frank Morgner
9263da49aa
pkcs15: fixed resource leak
2015-05-08 09:10:47 +02:00
Frank Morgner
c7afbb4ca2
pkcs15-algo: fixed resource leak
2015-05-08 09:10:47 +02:00
Frank Morgner
1f69a0d687
fixed indenting
2015-05-08 09:08:24 +02:00
Frank Morgner
6523f3fcb9
added LOG_TEST_GOTO_ERR and SC_TEST_GOTO_ERR
...
Don't forget to set the error label!
2015-05-08 09:08:24 +02:00
vletoux
689ece205a
card-masktech.c: code improvements
...
fixes #457
2015-05-08 09:07:40 +02:00
vletoux
976db5cb04
card-masktech: initial commit
...
card-masktech.c: fix building issues on the integration platform
card-masktech.c: fix linux compilation errors
honour HAVE_CONFIG_H
card-masktech.c: take in account Frank's remark about extended APDU in masktech_decipher
remove trailing spaces
2015-05-05 10:13:26 +02:00
vletoux
1586f240f4
iso7816.c: fix SC_PIN_CMD_IMPLICIT_CHANGE with pinpad
...
When a pinpad is used, the old pin is asked whatever, even if a previous authentication happenened or if the card doesn't support it.
2015-05-05 09:56:39 +02:00
Andreas Schwier
ed588d2443
pkcs11: fixed broken C_Decrypt
...
Fixed broken C_Decrypt from 643080baf9
fix #449
2015-04-30 15:57:44 +02:00
Viktor Tarasov
f0189e8378
pkcs11-tool: option to 'decrypt some data'
2015-04-30 15:57:44 +02:00
Andreas Schwier
0dba2d453f
sc-hsm: fix signed char for ARM platforms
...
char is unsigned by default on ARM
fix #450
2015-04-30 12:03:01 +02:00
viktorTarasov
c754e3f197
Merge pull request #444 from frankmorgner/pkcs11-error-handling
...
Improved error handling for PKCS#11 module
2015-04-25 13:04:07 +02:00
Thomas Calderon
0a754b694e
pkcs11-tool: pass key usage flags to created objs
...
* Command-line parameters were introduced to specify key usage
(--usage-{sign,decrypt,derive}). However, those are not used when importing
external objects using C_CreateObject function.
fix #445
2015-04-25 12:28:48 +02:00
Doug Engert
ee23d28654
EC field_length changes for non-multiple of 8 bits curves
...
In OpenSC the EC field_length is the number of bits in the field.
Most curves have a field_length which is a multiple of 8 bits
but there are many that are not.
The X and Y points and privateD are stored in octetstrings
so there may need to be an extra byte in the octetstring.
An OpenSSL BIGNUM will drop leading zero bytes, so its size can not be used
to determine the field_length.
fix #440
fix #433
2015-04-25 12:21:39 +02:00
Shaun Schutte
665807d6de
Rename minidriver-italian-cns to minidriver-italian-cns.reg
2015-04-24 09:45:20 +02:00
Shaun Schutte
e456074fd9
Create minidriver-italian-cns
...
These are the required registry values to get the Italian CNS card working under Windows 7 32 bit and 64 bit.
2015-04-23 16:54:11 +02:00
Frank Morgner
bcb5fc15e5
honour HAVE_CONFIG_H
2015-04-22 23:55:33 +02:00
Frank Morgner
9f318b829f
remove slots of removed readers
2015-04-21 02:00:06 +02:00
Frank Morgner
02f3997632
added error handling to print_ssh_key
2015-04-21 01:32:37 +02:00
Frank Morgner
e359b2a310
handle unexpected meltdown of PC/SC service
2015-04-21 01:09:21 +02:00
Frank Morgner
cbc43eeb88
fixed compiler warning
2015-04-21 01:04:18 +02:00
Frank Morgner
c8a7c8bc7a
fixed typo
2015-04-21 01:04:18 +02:00
Frank Morgner
54f285d57a
correctly handle readers that have been removed
2015-04-21 01:04:18 +02:00
Frank Morgner
c45c90a337
sc_pkcs11_close_all_sessions: close all sessions even if closing one fails
2015-04-20 16:18:11 +02:00
Thomas Calderon
23ca1f101d
pkcs11-tool: Add support for creating EC privkey
...
* This patch allows to create EC private keys. The feature re-use the GOST
parsing function as instanciating an ECDSA key is the same as a GOST key.
2015-04-15 08:58:05 +02:00
Frank Morgner
a7a903fd81
check ATRs even for forced card driver
...
some card drivers depend on a card type which is initialized by matching the card's ATR
2015-04-15 08:56:22 +02:00
Viktor Tarasov
96556dea7b
fix #433 : EC privateD octetstring may need leading zeros
2015-04-12 13:35:27 +02:00
German Blanco
6caa85f238
Issue 395. Avoiding a couple of memory leaks.
2015-04-12 11:35:09 +02:00
Frank Morgner
6e84ee0ba7
pkcs11-tool: honour unsupported signature mechs
2015-04-12 11:28:25 +02:00
Frank Morgner
643080baf9
honour key capabilities for decryption/verification
...
fixes #419
2015-04-12 11:28:25 +02:00
Frank Morgner
d7ab0df51d
export sc_pkcs15_bind_internal
...
allows bootstrapping an external pkcs15 driver
2015-04-12 11:28:25 +02:00
Viktor Tarasov
3e2d51e0ba
iasecc: use PIN PAD with variable PIN length
2015-04-11 16:47:13 +02:00
Viktor Tarasov
5757d82cc9
libopensc: stored-length member in PIN CMD data
2015-04-11 16:45:17 +02:00
Viktor Tarasov
49598b6016
libopensc: invalid OID comparison for EC keys
...
Thanks to Peter Popovec <popovec.peter@gmail.com>
2015-04-09 11:49:05 +02:00
vletoux
ce962c14f4
fix #425 : guid computation issue
...
Compilation without OpenSSL - guid computation issue
This case is triggered when:
- built without OpenSSL
- called from a minidriver where id.len = 1
- card number is less than 15 bytes
(VTA: codding style slightly touched)
2015-04-08 18:41:51 +02:00
Dirk-Willem van Gulik
4000e6d5b0
Add missed option debug info
...
Fix misspelled key in --help output (thanks Philip Wendland).
2015-04-08 18:03:46 +02:00
vletoux
8ea328ff7f
Minor code quality improvements.
...
Basically checks that the memory allocation succeed.
The ctbcs.c change improve the readability
because count = 0 and len > 254 does not add any value.
VTA: added few coding style changes
2015-04-05 13:15:57 +02:00
Frank Morgner
db860c0d2a
export sc_sm_stop
2015-04-04 22:09:22 +02:00
Philip Wendland
fa045d44ec
pkcs11-tool: Let the user choose the ECDSA signature format
...
Instead of hard-coding the format depending on whether OpenSC was compiled with
OpenSSL or not, the user should be able to choose the format himself.
The default format now is the normal concatenation of R,S both for CKM_ECDSA
and CKM_ECDSA_SHA1.
2015-04-04 22:01:22 +02:00
Philip Wendland
f93835add9
Allow log functions to be called with ctx==NULL
...
This change allows functions to be used from places where there is no
sc_context (ctx) available.
2015-04-04 22:01:22 +02:00
Viktor Tarasov
95ad11a253
iasecc: special case for 'Gemalto GemPC Pinpad'
...
issue 424
VTA: this pinpad, the only available, do not accept different values
for min and max PIN lengths in P10 block.
2015-04-04 21:41:28 +02:00
Frank Morgner
c0fac2a4f6
stop SM in case of SM errors
2015-04-02 09:54:41 +02:00
Frank Morgner
e07c4bcfbb
added sc_sm_stop
...
implementation taken from the ISO SM driver of
https://github.com/frankmorgner/vsmartcard/tree/master/npa
2015-04-02 09:54:41 +02:00
Frank Morgner
30b24e79c0
fixed memory corruption in encode_file_structure
...
as suggested by Peter Popovec
2015-04-01 09:42:21 +02:00
Dirk-Willem van Gulik
88ec461bc5
tool: RFC4716 compliant key output
...
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.
VTA: use short form of log call in iso7816
2015-03-31 19:09:25 +02:00
Frank Morgner
0790969b97
recognize short EF identifier
2015-03-31 18:48:57 +02:00
Thomas Calderon
4a4d750e73
iasecc: Fix log output is always displayed
...
* iasecc_read_public_key function uses SC_SUCCESS instead of log level
value, hence the log output is always displayed. This uses
SC_LOG_DEBUG_NORMAL instead.
VTA: updated to use short form of LOG macro
2015-03-31 18:47:11 +02:00
Thomas Calderon
117f3a74be
iasecc: Fix key usage when provisioning card
...
* Avoids overriding key_usage when creating objects on the card.
2015-03-31 18:25:54 +02:00
Robert Quattlebaum
548c2780d3
Add support for ACOS5-64 cards.
...
The ACOS5-64 cards have a different ATR than the original
ACOS5-32 cards. This change simply adds this ATR so that it
will be recognized properly.
2015-03-29 14:09:35 +02:00
vletoux
5007e9fc9f
md: fix build without OPENSSL_VERSION_NUMBER
...
Fix the WCHAR / CHAR conversion problem in CardAuthenticateEx in case of PinPAD (vs->wzPinContext is UNICODE)
Fix UNICODE compilation problem( MessageBoxA instead of MessageBox)
2015-03-29 13:59:21 +02:00
vletoux
3b873adad2
win32: allows UNICODE built.
...
UNICODE is set by default by Visual Studio (but can be deactived)
The trick is to force ANSI version by appending a A to the function calls.
2015-03-29 13:54:51 +02:00
Philip Wendland
c8d206ece1
IsoApplet: Increase indicated version to 00.06
...
Backward compatiblity with 00.05 is kept.
2015-03-29 13:34:58 +02:00
Philip Wendland
9078856675
IsoApplet: register ECC mechanisms only when ECC is supported by card
...
There are few Java Cards that do not support ECDSA at all.
Starting with IsoApplet version 00.06, the applet returns whether the card
supports ECDSA or not. This commit uses this information to decider whether to
register ECDSA mechanisms or not.
2015-03-29 13:34:58 +02:00
Philip Wendland
76facf0d73
IsoApplet: add support for GET CHALLENGE
2015-03-29 13:34:58 +02:00
Philip Wendland
e258cec13e
IsoApplet: Add nistp224, secp192k1 and secp256k1 curves
...
secp*k1 curves are only supported applet version >= 0.6.0 because of an issue
with encoding ECC public keys with small parameters.
2015-03-29 13:34:58 +02:00
Philip Wendland
ab5ca331b2
IsoApplet: Obtain applet version and card capabilities *after* match_card()
2015-03-29 13:34:58 +02:00
Philip Wendland
bba6e17aa9
isoApplet: Fix indentation of isoApplet.profile
2015-03-29 13:34:58 +02:00
Viktor Tarasov
090aed2fc2
ec: fix length of allocated mem for EC signature
...
discussion in PR #398
2015-03-29 13:08:01 +02:00
Philip Wendland
4b51b99748
pkcs11-tool: harmonize supported ECC curves
...
pkcs15-pubkey.c holds a struct containing supported ECC curves. The contents of
this struct are being harmonized with pkcs11-tool supported curves.
2015-03-29 12:55:54 +02:00
Frank Morgner
f3573ede0d
fixed requesting PACE features
2015-03-29 12:42:13 +02:00
Andreas Schwier
b1bdfae200
sc-hsm: revert broken a4c8d671
...
sc-hsm: Fixed minimum value for number of password shares
2015-03-29 12:40:44 +02:00
Wouter Verhelst
5149dd3e62
belpic: Support 2K cards
...
Recent BELPIC cards (issued since March 2014) have a validity of 10
years (rather than 5 as before), and therefore also increased the key
size from 1024 bits to 2048 bits.
Key size can be detected by checking the applet version, for which we
have to issue a "GetCardData" command. If the applet is version 0x17 or
higher, keys are 2048 bits.
Use #defines rather than magic numbers
Keeps the code slightly more readable.
While we're at it, refactor slightly so that the code which issues the
GET CARD DATA command doesn't just keep the applet version, but also
makes other things available.
This latter in preparation of setting the serial number.
2015-03-29 12:11:44 +02:00
Frank Morgner
c019a62309
pkcs11: parameter checking for 'get_mechanism_list'
...
fixes #409
2015-03-29 12:11:08 +02:00
Thomas Calderon
435291f216
iasecc: initial support for Morpho IAS Agent Card
...
* This commit adds initial support for Morpho French Agent card which is an
IAS card. Signature operations are working. Since my test card was
read-only, I was unable to test object management functions.
* Add missing copy of AID in structure
2015-03-29 12:10:55 +02:00
Viktor Tarasov
c0c8a89126
mcrd: move driver to the end of detection list
...
the drivers that need to probe the AIDs to recognize its supported card
have to be placed at the end of the list of internal drivers
2015-03-20 18:08:18 +01:00
Hannu Honkanen
2fffbce65c
myeid: update EC support for MyEID-v4 card
2015-03-14 17:47:44 +01:00
Viktor Tarasov
877fa862d9
isoApplet: prototype of asn1_sig_value_sequence_to_rs() has changed
2015-03-10 09:09:14 +01:00
viktorTarasov
595be37fee
Merge pull request #305 from philipWendland/master
...
Add support for the IsoApplet Java Card applet
2015-03-07 23:36:25 +01:00
Viktor Tarasov
2abe135f97
asn1: re-fix error in EC signature encode helper
...
see comment for 8cf99a9372
2015-03-07 22:40:43 +01:00
Viktor Tarasov
1739300657
pkcs15: fix name of EC curve, add new ones
2015-03-05 10:32:54 +01:00
Viktor Tarasov
6f6286de99
pkcs11: generate EC key: use allocated EC params
...
For internal use allocate and copy the EC params data from the caller's template,
rather then use them directly as a pointer in internal public key data.
2015-03-04 19:47:13 +01:00
Viktor Tarasov
31124ac4f9
pkcs15init: allocate EC parameters
2015-03-04 19:46:21 +01:00
Viktor Tarasov
1123768ac3
libopensc: invalid 'free' and 'assign NULL' order
2015-03-04 19:45:23 +01:00
Viktor Tarasov
8cf99a9372
asn1: fix error in EC signature encode helper
...
The raw format of EC signature was invalid when 'r' and 's' had different length.
https://github.com/OpenSC/OpenSC/pull/381#issuecomment-77016382
According to PKCS#11 v2.20:
"If r and s have different octet length, the shorter of both must
be padded with leading zero octets such that both have the same octet length."
2015-03-04 19:43:15 +01:00
Philip Wendland
74aeb8c923
IsoApplet: register supported EC curve *per curve*
2015-02-22 23:08:18 +01:00
Doug Engert
58d1f1db3f
Merge pull request #385 from darconeous/patch-2
...
Allow PKCS15 cache to work with PIV cards (if enabled)
2015-02-21 21:51:50 -06:00
Philip Wendland
85d16fbc57
IsoApplet: use helper function sc_asn1_sig_value_sequence_to_rs() introduced in #381
2015-02-20 23:02:04 +01:00
Philip Wendland
1aeebdaf1c
IsoApplet: react to changes of _sc_card_add_ec_alg() in fa923831f8
2015-02-20 22:56:23 +01:00
Philip Wendland
59eeacb74b
IsoApplet: react to removal of sc_pkcs15_ec_parameters in fa923831f8
2015-02-20 22:07:49 +01:00
Philip Wendland
a9d43af4bf
IsoApplet: use a buffer large enough when generating EC keys larger than 320 bit
2015-02-20 21:55:35 +01:00
Philip Wendland
da05fa2a47
IsoApplet: try to fix EC parameters when importing private keys from file
2015-02-20 21:55:35 +01:00
Philip Wendland
44d724b012
IsoApplet: fix more (comment) alignment issues with tabstop=8
2015-02-20 21:55:35 +01:00
Philip Wendland
5628a06353
IsoApplet: Align comments with spaces instead of tabs
...
Better view with tabstop=8.
2015-02-20 21:55:35 +01:00
Philip Wendland
43fa99c0f2
IsoApplet: Move the key gen debug info to the right places
2015-02-20 21:55:35 +01:00
Philip Wendland
0473decae4
IsoApplet: clear memory after prkey import.
...
Private key import via plain APDUs is dangerous and not recommended anyway, but clearing the apdu buffer does not hurt anyone.
2015-02-20 21:55:34 +01:00
Philip Wendland
73b391731b
IsoApplet: Don't set ECC field length of 512
...
512 is wrong for EC FP (correct would be 521 bit), and neither of those
two are currently supported by OpenSC.
2015-02-20 21:55:34 +01:00
Philip Wendland
e791948e42
IsoApplet: Simplify the private key import
...
Use the new features of sc_asn1_put_tag introduced in OpenSC/OpenSC#314 .
Additionally, a RSA private key is sent from one large buffer using either extended APDUs or chaining (in compliance to IsoApplet API version 00.05).
2015-02-20 21:55:34 +01:00
Philip Wendland
6cdf6c08a5
IsoApplet: use AID directly when selecting applet
...
Now that apdu.data is const (see ef94c6b875
), this can be done without discarding the const qualifier of the aid parameter.
2015-02-20 21:55:34 +01:00
Philip Wendland
09acfd7ec0
IsoApplet: ECDSA signatures - only strip excess zeroes
...
It is required to strip excessive zeroes returned by some Java Cards when removeing the ASN1 structural information for PKCS#11 so that the x/y can be calculated by dividing the signature length by 2. However, the leading zero may only be stripped if it is excessive (outside the field length). Otherwise generated signatures are wrong in rare cases (1 out of 256).
2015-02-20 21:55:33 +01:00
Philip Wendland
c463f1a7a1
IsoApplet: Do not set RSA hashes
...
See: 189e998486
The IsoApplet requires the host to do the hashes with RSA. OpenSC will
add all hashes that are available in software and will not expect the
card to do the hashing.
2015-02-20 21:55:33 +01:00
Philip Wendland
e3cc851b72
IsoApplet: EC key-gen rework and refactorings
...
Rework the EC key generation mechanism to send the curve parameters to
the card. In earlier versions, the applet had a copy of the curve
parameters and there was a different algorithm reference for every
curve. This is unfeasible when trying to support a larger number of
curves because of size limitations of the applet.
This commit additionally includes some refactorings that should not
change the functionality.
2015-02-20 21:55:33 +01:00
Philip Wendland
6f9e894ebe
IsoApplet: set lock when doing command chaining
2015-02-20 21:55:33 +01:00
Philip Wendland
48bd6b0964
Add support for the IsoApplet (Java Card applet)
...
The IsoApplet can be found here:
https://github.com/philipWendland/IsoApplet
Add read/write support for this applet, including RSA and
ECC support.
2015-02-20 21:55:26 +01:00
Frank Morgner
bff0ea4837
fixed compiler warning
2015-02-20 19:54:40 +01:00
Frank Morgner
16ea926d29
fixed indentation
2015-02-20 19:54:40 +01:00
Frank Morgner
236e68b17c
fixed NULL dereference
2015-02-20 19:54:40 +01:00
Frank Morgner
da07e22c97
use memmove for overlapping memory
2015-02-20 19:54:40 +01:00
Pedro Martelletto
ced77ae6c7
cardos: overwrite content of deleted private key
...
when deleting a private key object, overwrite its contents so the key can no longer be used.
(VTA: original commit touched to use LOG macros and add debug logs)
2015-02-20 18:03:37 +01:00
Viktor Tarasov
b08671fab5
pkcs15-crypt: option for output format of ECDSA signature
2015-02-20 14:20:28 +01:00
Viktor Tarasov
80c496671f
helper functions to change format of ECDSA signature
2015-02-20 14:20:19 +01:00
Viktor Tarasov
fa923831f8
introduce EC curve OID into algorithm info data
...
needed to store information about EC curve supported by card.
Primary usage is when importing/generating key to get know if particular curve is supported by card.
2015-02-20 13:49:18 +01:00
Doug Engert
d7475c8180
Add brackets in card-piv.c
2015-02-16 10:43:19 -06:00
Doug Engert
572218c59c
Fall through comment before break
2015-02-16 10:11:24 -06:00
Robert Quattlebaum
0ffad3f3bb
Fix for bad caching behavior of PIV PKCS15 emulator.
2015-02-12 16:42:17 -08:00
Doug Engert
981a0fbbaf
Fix-up changes caused by Coverity scan
...
piv-tool.c add /* fall through */ to avoif false warning
card-piv.c - clean up if sc_lock fails.
2015-02-11 13:39:59 -06:00
Viktor Tarasov
3c1d8ad695
accept no output for 'SELECT' MF and 'SELECT' DF_NAME
...
PR #342
2015-02-07 21:46:44 +01:00
Martin Campbell
d162143964
Updating to fix failure of ePass2003 USB smart card due to failure to re-authenticate secure messaging when card is reset due to multiple applications using PKCS11 sessions
2015-02-07 21:46:44 +01:00
Thomas Calderon
22fb49b554
PKCS#11: Improve compliance for public keys.
...
* Key usage required when calling C_CreateObject for public key are not used.
This adds the logic to convert from PKCS#11 attributes to PKCS#15 in the
structure that is sent to underlying _store_pubkey functions.
2015-02-07 20:17:12 +01:00
Viktor Tarasov
96265e6d08
pkcs15init: superpluous 'ec-params' in init data
...
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
2015-02-07 20:00:41 +01:00
Viktor Tarasov
e374f88b82
pkcs15-pubkey: add EC params in SPKI encoding
2015-02-07 19:55:08 +01:00
Viktor Tarasov
9148f21cd1
pkcs15-pubkey: possible NULL dereference, logs
...
... remove obsolete comments, minor coding style corrections
2015-02-07 19:55:08 +01:00
Philip Wendland
faaa11e091
Prefer serial number from EF(TokenInfo) and cached serials over CARDCTL
...
sc_pkcs15_get_object_guid() should prefer the serial number from
EF(TokenInfo) over card->serialnr because the user may override the
card's serial number with "pkcs15-init -C --serial". The card->serialnr
should be used before calling card CTL with SC_CARDCTL_GET_SERIALNR
because it might contain a cached value.
This change *should* allow cards to be used with the minidriver even if
SC_CARDCTL_GET_SERIALNR is not implemented. For example, a driver might
set card->serialnr at initialization or the user might initialize a
PKCS#15 card with its own "--serial".
See also the discussion at the mailing list:
[Opensc-devel] AT_SIGNATURE and AT_EXCHANGE Problem
2015-02-07 19:48:10 +01:00
Viktor Tarasov
08eb700b97
revert or partially revert some of recent commits
...
b94c163
- invalid, non-tested
11881a6
-- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7
-- src/pkcs11/slot.c -- SEGFAULT issue #373
3a92bf7
-- src/tools/piv-tool.c -- confirmed by author
6759c04
-- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
2015-02-07 19:31:17 +01:00
Frank Morgner
3a92bf7af5
fixed resource leaks
2015-02-05 01:38:41 +01:00
Frank Morgner
11881a61b8
removed/fixed dead code
2015-02-05 01:38:41 +01:00
Frank Morgner
a3fc62f79f
fixed NULL dereference (or warning thereof)
2015-02-05 01:38:40 +01:00
Frank Morgner
8d902d1ed3
fixed out of bounds read/write/access
2015-02-04 09:24:50 +01:00
Frank Morgner
a4c8d67110
fixed improper use of negative value
2015-02-04 09:03:27 +01:00
Frank Morgner
761e175212
fixed sc_driver_version check
2015-02-04 08:52:30 +01:00
Frank Morgner
5cafbe0f4b
fixed undefined shift behaviour
2015-02-04 08:50:19 +01:00
Frank Morgner
ed9572422f
check return values
2015-02-05 01:37:53 +01:00
Frank Morgner
47df45f5f2
set le instead of p2 twice
2015-02-05 01:37:53 +01:00
Frank Morgner
5e3d54186a
removed useless check for non-null array
2015-02-05 01:37:53 +01:00
Frank Morgner
ac4da89d0d
use memmove for overlapping memory
2015-02-05 01:37:53 +01:00
Frank Morgner
53e1992cc2
use strerror for failure of gettimeofday
2015-02-05 01:37:53 +01:00
Frank Morgner
db0cb7557c
Merge pull request #363 from frankmorgner/travis-ci
...
added travis-ci configuration
2015-02-02 23:51:54 +01:00
Frank Morgner
2f3eaa1dbe
Merge pull request #366 from frankmorgner/coverity
...
Fixes for Problems reported by Coverity Scan
2015-02-02 23:51:10 +01:00
Viktor Tarasov
3047fe2c3b
log: implement 'dump OID'
2015-02-02 17:03:33 +01:00
Viktor Tarasov
8e9a2361c6
pkcs15-tool: print length of EC public key
...
when this key is read from dedicated EF
2015-02-02 16:55:07 +01:00
Frank Morgner
6759c04b26
don't ignore errors
2015-01-28 04:45:08 +01:00
Frank Morgner
2e04fa99c1
fixed pointless array comparisons
2015-01-28 07:39:35 +01:00
Frank Morgner
bd3cfcf5ef
fixed copy/paste error
2015-01-28 07:26:34 +01:00
Frank Morgner
b94c16394f
card-asepcos: fixed puk handling
2015-01-28 07:25:46 +01:00
Frank Morgner
734cb67924
fixed algo ref
2015-01-28 07:23:34 +01:00
Frank Morgner
3a557ad0dd
fixed parsing pace output data
2015-01-28 07:22:03 +01:00
Frank Morgner
92ad6eb63c
fixed determining ef type
2015-01-28 07:21:55 +01:00
Frank Morgner
7fb495ac31
fixed self assignment
2015-01-28 07:10:57 +01:00
Frank Morgner
ac0424e947
fixed pkcs11spy's version number
2015-01-28 07:09:02 +01:00
Frank Morgner
b9f1fb333c
fixed bad output data length
2015-01-28 07:07:33 +01:00
Frank Morgner
08fcfcc8f0
fixed wrong sizeof argument
2015-01-28 07:04:02 +01:00
Frank Morgner
87b2403673
fixed out of bounds access/write
2015-01-28 07:00:02 +01:00
Frank Morgner
68d86644fd
fixed use after free
2015-01-28 06:10:16 +01:00
Frank Morgner
b1b99ce7e5
fixed integer underflow
2015-01-28 06:03:52 +01:00
Frank Morgner
027e4a0867
fixed out of bounds read
2015-01-28 05:59:41 +01:00
Frank Morgner
7c497b324f
fixed not null terminated buffer
2015-01-28 05:51:00 +01:00
Frank Morgner
77752f442d
fixed unused value
2015-01-28 05:47:20 +01:00
Frank Morgner
fdd38f6e04
fixed copy into fixed size buffer
2015-01-28 04:30:40 +01:00
Frank Morgner
ea40322a30
added travis-ci configuration
2015-01-27 22:56:11 +01:00
Frank Morgner
b6a935a261
fixed memory leak
2015-01-24 23:12:47 +01:00
Frank Morgner
00330b2c79
fixed resource leak
2015-01-24 22:16:22 +01:00
Frank Morgner
6641cbf455
fixed potential string overflow
2015-01-24 20:17:26 +01:00
Frank Morgner
3f64d3a805
fixed bad memory allocation
2015-01-24 20:11:16 +01:00
Frank Morgner
9a4b58800b
fixed Printf arg type mismatch
2015-01-24 20:00:03 +01:00
Frank Morgner
fca3a37097
fixed truncated stdio return value
2015-01-24 19:47:01 +01:00
Frank Morgner
8df9896204
pass big parameter by reference
...
reported by coverity scan
2015-01-24 19:25:11 +01:00
Frank Morgner
1b53b59ed3
fixed potential use after free
...
reported by coverity scan
2015-01-24 19:22:39 +01:00
Frank Morgner
7a34c204c1
fixed dereference before null check
...
silence warnings reported by coverity-scan
2015-01-22 20:29:33 +01:00
Mathias Brossard
762d466b23
Add display of Elliptic Curve flags
2015-01-20 23:15:41 -08:00
Mathias Brossard
7a455f64c7
Support of additional type, mechanisms and attributes
2015-01-20 23:15:31 -08:00
Mathias Brossard
3dadd3fba1
Add some missing PKCS#11 values
2015-01-20 23:15:22 -08:00
Mathias Brossard
17c1cffb3d
Fix typo on CKF_EC_UNCOMPRESS
2015-01-20 23:14:50 -08:00
Mathias Brossard
c3a0bbc715
Update email and year
2015-01-20 23:14:36 -08:00
Frank Morgner
f143d7b73e
Merge pull request #346 from frankmorgner/pkcs11provider
...
use OpenSC as default PKCS#11 provider
2015-01-20 23:43:48 +01:00
Joachim Bauch
9543cdb121
Handle case where input data is already padded.
2015-01-20 16:52:30 +01:00
Joachim Bauch
87cc05c03f
Receive signature to temporary buffer, will be copied to output buffer later.
2015-01-20 16:49:11 +01:00
Joachim Bauch
19bbfc76f5
Added initial support for STARCOS 3.4 (German D-Trust cards).
...
Code inspired by experimental STARCOS 3 driver by Martin Vogt:
http://article.gmane.org/gmane.comp.encryption.opensc.devel/9846
Supports `opensc-explorer`, `pkcs15-tool` and `pkcs15-crypt` (signing with PKCS#1 padding).
Cards available from `https://www.bundesdruckerei.de/en/768-d-trust-signature-cards `.
2015-01-19 18:04:12 +01:00
Thomas Calderon
91ddcfb514
PKCS15: remove redundant code for access_flags.
...
* With commit facaf59
, access_flags were set for most cards. A closer look
revealed that this is already done in `sc_pkcs15emu_add_rsa_prkey`.
Therefore, this removes the duplicated code for cards calling this function.
2015-01-16 10:03:13 +01:00
Thomas Calderon
ed87ea38b9
PKCS#11: Fetch real value of CKA_LOCAL for pubkey
...
* Fetch value from pub_info structure for CKA_LOCAL attribute.
2015-01-14 17:38:08 +01:00
Thomas Calderon
d727acb47a
PKCS#11: Remove inconsistent attributes
...
* Improve compliance related to PKCS#11 attribute fetching.
2015-01-14 17:22:43 +01:00
Thomas Calderon
4915eaa56b
Improve PKCS#11 compliance. Issue #335
...
* This simple patch allows for values of PKCS#11 attributes to be fetched
from the underlying card.
2015-01-05 14:00:22 +01:00
Thomas Calderon
bbedd4ef00
IAS-ECC: improve PKCS#11 compliance Issue #336
...
* Ensure CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are only set when
generating the key on board, not reason to set them when importing a private
key.
2015-01-05 13:59:37 +01:00
Thomas Calderon
32d8173b4c
IAS-ECC: Improve detection Gemalto cards(Issue #343 )
...
* Improve IAS-ECC card detection using the ATRMask.
Previous commit was revert since work was not done in topic branch.
2014-12-29 16:09:06 +01:00
Philip Wendland
7e7a44acff
sc_asn1_put_tag - support larger tags
...
Enhance sc_asn1_put_tag to support larger tag names and larger tags.
Prior to this, sc_asn1_put_tag did only support tags with a length of at most 127 bytes and tag names of one byte.
2014-12-29 15:37:45 +01:00
Andreas Schwier
3961275d8c
Allow user to overwrite SO-PIN when using PIN-PAD reader
2014-12-29 13:39:37 +01:00
Thomas Calderon
facaf5969b
Improve PKCS#11 compliance. Issue #335
...
* Add default behavior for cards using the PKCS#15 emulation layer.
Hence, this patch provide a default value for access_flags compatible with
current OpenSC's behavior while allowing compatible cards to fetch the real
value from the card (IAS-ECC and AuthentIC).
2014-12-29 13:11:23 +01:00
Frank Morgner
291e9dab9e
use OpenSC as default PKCS#11 provider
...
closes #229
2014-12-19 22:27:34 +01:00
Philip Wendland
aa7886f36d
pkcs15-init: fix memory corruption
2014-12-19 16:52:14 +01:00
Frank Morgner
4167455362
Merge pull request #321 from resoli/master
...
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
2014-12-19 11:47:26 +01:00
Frank Morgner
a7bf05ecc4
Merge pull request #337 from frankmorgner/7816
...
7816
2014-12-19 11:37:48 +01:00
Frank Morgner
4d5997dfba
fixed selection of muscle applet for some JCREs
...
Previously, partial DF name selection was used, which is not mandatory
to implement for a JCRE. We now use the full DF name which must always
be implemented.
Note that the MUSCLE applet is deprecated and should not be used.
fixes #135
2014-12-12 22:40:20 +01:00
Frank Morgner
45fe96579f
added support for sc_path_t with only aid set
2014-12-12 21:45:53 +01:00
Frank Morgner
73715e37d9
fixed compiler warnings
...
fixed warnings introduced with b18c86e646
fixes memory leaks in pkcs15-init and pkcs15-tool
2014-12-12 21:45:53 +01:00
Frank Morgner
e137396d56
workaround for compiler warnings
2014-12-12 21:45:53 +01:00
Frank Morgner
e1fbdc030b
iso7816: make select agnosting to sc_path_t's aid
2014-12-12 21:45:52 +01:00
Frank Morgner
69b27179eb
use path only if it is actually present
2014-12-12 21:45:52 +01:00
Nguyễn Hồng Quân
c71a453ff1
openpgp-tool: Fix wrong operator
...
Used "!=" instead of "|="
2014-12-11 12:51:15 +08:00
Frank Morgner
238b9e344a
Revert "Added ATR for ItalianCNS - Prov. BZ"
2014-12-10 11:07:56 +01:00
Nguyễn Hồng Quân
99b5cb53e1
OpenPGP: Remove unused variables and fix type cast.
2014-12-10 04:01:06 +08:00
Nguyễn Hồng Quân
7f08983240
Merge branch 'master' into gnuk
...
Conflicts:
src/tools/openpgp-tool.c
2014-12-09 02:40:33 +08:00
Frank Morgner
ec2eb86bec
don't reimplement output of status words
...
Closes #326
2014-12-07 23:54:32 +01:00
Etienne Cordonnier
9cbec38cfa
Fix bug in verbose flag handling.
...
Using the verbose flag was causing cardos-tool to return as if an error
had occured.
2014-12-07 23:54:09 +01:00
germanblanco
1408e25e4b
Removal of cache, fixing a compiler warning and removing recursive functions.
2014-12-07 23:34:15 +01:00
Frank Morgner
fce847bf25
Merge pull request #318 from sschutte/master
...
Added ATR for ItalianCNS - Prov. BZ
2014-12-06 23:32:31 +01:00
Frank Morgner
a2ba4d3bae
Merge pull request #319 from CardContact/add-sec-k-curves
...
sc-hsm: Add support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
2014-12-06 23:22:43 +01:00
Frank Morgner
b18c86e646
Merge pull request #320 from frankmorgner/tools-pin
...
Optimize util_get_pin from #289
2014-12-06 23:21:39 +01:00
Frank Morgner
8188b8acac
Merge pull request #322 from frankmorgner/iso-ext
...
adjust send/receive size accoriding to card capabilities
2014-12-06 23:16:21 +01:00
Doug Engert
cd01a73caf
C_Digest does not check if buffer too small before update. Issue #327
...
C_Digest will now query for the buffer size using sc_pkcs15_md_final
before calling sc_pkcs15_md_update. This avoids doing a double update
when the user passes in a buffer to small, then gets the buffer and calls
C_Digest again.
2014-12-02 11:15:24 +01:00
Etienne Cordonnier
0c0b2145ac
Translate French to English.
2014-11-26 19:00:38 +01:00
Frank Morgner
3f442c5608
adjust send/receive size accoriding to card capabilities
2014-11-17 21:16:13 +01:00
george
8d21cea7fc
hardcode->defines for DO's
2014-11-11 16:16:15 +01:00
Nguyễn Hồng Quân
901c7952c1
Replace hardcode.
2014-11-09 15:58:40 +07:00
Doug Engert
4dbfba3102
Use correct bit when writing PIV certificate object with gzipped certificate
...
NIST 800-73 clarified the CertInfo flag for gzipped certificate is 0x01
piv-tool was writting 0x80.
OpenSC card-piv.c continues to accept both.
2014-11-07 19:49:36 -06:00
resoli
867176b0f7
itacns_get_serialnr(): check sc_read_binary() returned data length (only).
2014-11-07 12:49:44 +01:00
resoli
7fea6eb8ba
itacns_get_serialnr(): check sc_read_binary() returned data length.
2014-11-07 12:48:43 +01:00
resoli
56684d857c
itacns_get_serialnr(): check sc_read_binary() returned data length.
2014-11-07 12:35:21 +01:00
resoli
f83f8d28df
itacns_get_serialnr(): relaxed checking on sc_select_file returned length, added debug log.
2014-11-07 11:42:16 +01:00
emRoberto Resoli/em
255c0335a1
Indenting fix and stronger limit on serial number length.
2014-11-06 16:17:51 +01:00
resoli
0e06427754
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
...
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
2014-11-05 22:57:25 +01:00
Frank Morgner
d00d7b3498
Merge pull request #276 from asmw/fix_return
...
openpgp-tool: Return EXIT_SUCCESS if no error occurs
2014-11-05 10:57:26 +01:00
Frank Morgner
ea55c19439
Merge pull request #195 from rainermetsvahi/master
...
Add AzeDIT 3.5 card support
2014-11-05 10:56:01 +01:00
Frank Morgner
cb7f40a40d
Merge pull request #260 from frankmorgner/iso-ext
...
iso7816: allow extended length APDUs
2014-11-05 10:40:11 +01:00
Frank Morgner
ef94c6b875
Merge pull request #311 from frankmorgner/const-data
...
changed sc_apdu_t.data back to const unsigned char *
2014-11-05 10:39:05 +01:00
Frank Morgner
8672291a73
Merge pull request #312 from frankmorgner/fix-p15
...
fixed type of pkcs15init_initialize
2014-11-05 10:38:42 +01:00
Frank Morgner
aa45685e0b
fixed documentation of dnie-tool
2014-11-04 22:23:01 +01:00
Frank Morgner
4459e146c4
use util_get_pin in tools
2014-11-04 22:07:07 +01:00
Sumedha Widyadharma
e63f40c2d3
tools: Add util_get_pin helper function
...
Using this helper PINs can be passed via the command line, stdin and an
environment variable.
For now only used in the openpgp tool.
closes #289
2014-11-04 21:54:41 +01:00
Andreas Schwier
d014056f1d
sc-hsm: Add support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
2014-11-04 17:11:34 +01:00
Doug Engert
7a5f9b2a16
Merge pull request #315 from dengert/privateObjects
...
Public certs and pubkeys with an auth_id are treated as private (See #291 )
2014-11-04 07:28:37 -06:00
Shaun Schutte
ccd87e7c0c
Added ATR for ItalianCNS - Prov. BZ
2014-11-04 09:01:36 +01:00
Andreas Schwier
b2dcae34ca
Fix Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
2014-11-03 16:11:29 +01:00
Doug Engert
fd22098e19
Public certs and pubkeys with an auth_id are treated as private (See #291 )
...
Code to test for an auth_id for certs and pubkeys was removed.
See: PKCS#15 section 4.1.3 Access methods
This is conseritive change and all objects could be treaded the same.
2014-11-01 14:02:39 -05:00
Frank Morgner
d3c8fbcf1d
fixed type of pkcs15init_initialize
...
regression from 95b6b4cc
2014-10-27 23:22:40 +01:00
Frank Morgner
3d9118a870
changed sc_apdu_t.data back to const unsigned char *
2014-10-27 22:48:34 +01:00
Doug Engert
189e998486
PKCS#11 hashes for cards without RAW (see #241 )
...
The framework-pkcs15.c did not add hashes correctly if the card did not support RSA RAW.
This change fixes that and only adds hashes if the card did not specify a list of hashes.
It also will not add hashes done in software if ENABLE_OPENSSL is not specified.
Some error conditions are also tested for EC mechanisms.
See bug report #241 for more information.
2014-10-13 10:29:27 -05:00
Doug Engert
9a82a95132
Merge branch 'master' of github.com:OpenSC/OpenSC
2014-10-03 06:50:04 -05:00
Ludovic Rousseau
34587eac9c
Fix compiler warning
...
p15card-helper.c:23:5: warning: 'ENABLE_OPENSSL' is not defined, evaluates to 0
[-Wundef]
^
2014-10-01 22:11:38 +02:00
Ludovic Rousseau
09c2847b7e
Fix compiler warning
...
pkcs15-dnie.c:242:13: warning: function declaration isn't a prototype [-Wstrict-prototypes]
const char *sc_driver_version()
^
2014-10-01 22:11:38 +02:00
Ludovic Rousseau
c8545baf90
pkcs15-dnie: fix compilation when OpenSSL is not used
...
If OpenSSL is not used then the functions from card-dnie.c are not
defined and in particular dnie_match_card() is not defined.
In that case we use a fake dnie_match_card() that just returns false.
2014-10-01 22:11:38 +02:00
Philip Wendland
955a339148
Merge PR#288 from philipWendland:upstream-ecc-fix
...
add the possibility to store public ECC keys encoded according to SPKI
EC pubkey storing: Check if params are available before copying.
pkcs15-lib.c / sc_pkcs15init_store_public_key may be called with keyargs->key.u.ec.params.value == NULL. In this case, allocating and copying the parameters will fail. Add a check to prevent this.
2014-10-01 15:27:26 +02:00
Dirk-Willem van Gulik
4e73d0e36f
Merge PR#280 from dirkx/master: --no-prompt flag
...
Add a --no-prompt flag to pkcs15-tool (i.e. the equivalent of the --no-prompt flag of pkcs15-init). As to aid readers with keypads (as commonly used in the medical space).
2014-10-01 14:36:52 +02:00
Ludovic Rousseau
ea712bfd56
Fix compiler warning
...
The same function iasecc_sm_external_authentication() was declared in
two different .h files.
In file included from ../../src/libopensc/iasecc.h:27:0,
from sm-card-iasecc.c:44:
../../src/libopensc/iasecc-sdo.h:324:5: warning: redundant redeclaration of `iasecc_sm_external_authentication' [-Wredundant-decls]
In file included from ../../src/libopensc/opensc.h:44:0,
from sm-card-iasecc.c:40:
../../src/libopensc/sm.h:352:5: note: previous declaration of `iasecc_sm_external_authentication' was here
2014-09-29 16:08:33 +02:00
Doug Engert
cb89a870ae
Merge pull request #280 from shootingatshadow/aes-support
...
Remove hardcodes from Mutual Authenticate
2014-09-18 16:32:21 -05:00
Andreas Schwier
be200ab3c8
Merge pull request #282 from CardContact/fix-deleted-related-public-key
...
framework-pkcs15: Duplicate public key related to private key rather than referencing the framework object
Referencing the related public key is required to return PKCS#11 attributes for a private key only available
in the public key object (i.e. CKA_MODULUS). This patch adds a copy of the public key to the private key object rather than
referencing the public key object in the framework. This prevents SEGV when the public key framework object
is deleted with C_DestroyObject, but the reference from the public key remains intact.
The bug leads to all kind of stability problems when keys are created and deleted in the same session.
The patch is in particular important if OpenSC is used with EJBCA or any other application using the
SUN PKCS#11 provider: When generating key pairs, then the public key object is eventually garbage collected
which removes the related object in the PKCS#11 module. Because there is no fixed time for this operation,
corruption occurs at random.
In a next step, the remaining related_xxx fields in sc_pkcs11_object should be revised and possibly removed.
framework: Added more error checking
2014-09-07 23:47:24 +02:00
Andreas Schwier
7db99500a0
sc-hsm: Fix certificate delete bug
...
If a certificate is deleted after the related private key, then the driver
picks the wrong certificate EF, leading to an CKR_GENERAL_ERROR or the wrong
certificate being deleted.
2014-09-07 23:10:48 +02:00
Andreas Schwier
f9b8b2c220
sc-hsm: Added error if private key import tried
...
Private key import is not supported by the SmartCard-HSM. However there is no error code
if it is still tried using pkcs15-init or from within Firefox.
2014-09-07 23:10:48 +02:00
Andreas Schwier
08f07adf59
sc-hsm: Improve error detection and reporting in sc-hsm-tool
2014-09-07 23:02:08 +02:00
Sumedha Widyadharma
1fc0a7e7d6
Merge pull request #274 from github-asmw/private-do-3
...
openpgp-tool: Added PRIVATE-DO-3 dump option
The bytes of private-do-3 will be written to stdout raw.
Requires pin and verify to work.
openpgp-tool: Fix private-do-3 dump for Windows
fwrite will convert line endings on Windows if the destination
is not openend in binary mode. As this actually dumps binary data,
it makes sense to reopen stdout in binary mode for the dump.
openpgp-tool: Enable dumping of all DOs
PRIVATE-DO-<X> can now be dumped via the -d/--do switches and
the DO number as a parameter.
PRIVATE-DO-[12] can be dumped without verification.
PRIVATE-DO-3 requires CHV2, PRIVATE-DO-4 CHV3.
openpgp-tool: Dump DOs as hex into a tty, binary otherwise
This prevents messing up a terminal if there really _is_
binary data in a private DO. To force the binary data to a terminal,
pipe through cat.
openpgp-tool: Hint at the pin and verify options on error
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED is the error code
here when dumping a private DO without the appropriate verification.
openpgp-tool: Explictly use --raw for binary ouput
The --raw switch already exists. If present, raw binary will be written,
a pretty-printed hex/ascii representation otherwise.
2014-09-07 22:32:13 +02:00
andbil
139333f85a
Fix error when signing with Swedish BankID card
...
Added card type check in addition to check for SC_SEC_ENV_KEY_REF_PRESENT
Added card type check in addition to check for SC_SEC_ENV_KEY_REF_PRESENT
2014-09-07 22:19:00 +02:00
Frank Morgner
bb160bfd99
pkcs15-tool: fixed file reading
2014-09-07 22:13:04 +02:00
Andreas Schwier
e6505b3d9c
pkcs11: Fixed wrong reference to PIN object in C_SetPIN() for SO-PIN
2014-09-07 22:11:39 +02:00
Frank Morgner
ed73851c41
fixed pkcs15 version check
2014-09-07 22:06:11 +02:00
Frank Morgner
5d6c4b391d
Merge pull request #253 from github-frankmorgner/remove-deadcode
...
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
2014-09-07 21:22:43 +02:00
William Roberts
3a0ca5aa7d
Remove hardcodes from Mutual Authenticate
...
Support nonces that are not only 8 bytes in
Mutual Authenticate. Use the witness length
to determine the nonce size, thus existing
systems using 8 bytes will continue to use 8
bytes. However, with AES 256, the nonces could
be a single block size of 16 bytes or greater.
2014-09-03 10:53:30 -07:00
Doug Engert
b84a1c9a90
Merge branch 'master' of github.com:OpenSC/OpenSC
2014-09-02 16:37:45 -05:00
Frank Morgner
87d430f300
iso7816: propagate the length of the computed signature
2014-08-26 21:21:26 +02:00
Doug Engert
2de38a1230
pkcs11-tool sets CKA_DECRYPT=true rather then CKA_DERIVE=true when generating EC keys ( #277 )
...
RSA and EC keys have different usage attributes. Appropriate attributes are set
When using --keypairgen the user can use the --usage-sign, --usage-decrypt,
and --usage-derive. to get finer control.
Changes to be committed:
modified: tools/pkcs11-tool.c
2014-08-26 09:59:40 -05:00
William Roberts
295c523e4e
Add AES support for PIV General Authenticate
...
This adds algorithm IDs 0xA, 0xA, 0xC which as documented
by the NIST PIV specification is algorithms AES-128, AES-192
and AES-256 respectively.
This patch also addresses some of the hardcodes that prevented
nonces greater than the single byte TLV length tags would allow.
It was explicitly tested with AES-256 and 256 byte nonces.
Signed-off-by: William Roberts <w2.roberts@samsung.com>
2014-08-25 18:27:13 -07:00
Sumedha Widyadharma
d13549600d
openpgp-tool: Return EXIT_SUCCESS if no error occurs
...
exit_status is either set directly or a function return is ORed with it,
in which case EXIT_SUCCESS can never be returned if the initial value is !=
0;
2014-08-20 21:53:25 +02:00
Nguyễn Hồng Quân
7c9bc4d283
OpenPGP: Fix crash after accessing inexistent file.
2014-07-14 23:58:28 +08:00
Nguyễn Hồng Quân
c71934af67
OpenPGP: Rename private "blob" type to avoid confusing with variable name.
...
This name has been used for both data type and variable name of that
type.
2014-07-14 23:58:28 +08:00
Nguyễn Hồng Quân
aded490b64
OpenPGP: Use directly binary array of APDUs for ERASE command.
...
I used a string presentation before and it needed an extra conversion step.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
968c9bb061
OpenPGP: Don't reimplement gnuk_delete_key in openpgp-tool.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
ba4fe34700
OpenPGP: Don't use sc_log in openpgp-tool.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
7c27cea61f
OpenPGP: Make indentation consistent (space -> tab).
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
6aa4896b35
Move declaration to top of block.
2014-07-14 02:02:08 +08:00
Nguyễn Hồng Quân
7ba89893da
OpenPGP: Make code neater
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
a42eb5e585
OpenPGP: Correct parameter checking.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
a1c8c99858
OpenPGP: Delete key as file, for Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
e71906ed23
OpenPGP: Overcome the restriction of even data length of Gnuk.
...
When write certificate with odd length to Gnuk, we add zero padding to make it even.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
bbca9c4827
pkcs15-openpgp: Change to sc_put_data instead of sc_update_binary when writing certificate.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
cbc53b9a97
OpenPGP: Support write certificate for Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
ebbebb4fa6
OpenPGP: Provide enough buffer to read pubkey from Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
9a2a6e6dc0
PKCS15-OpenPGP: Allow to store data to pkcs15 data object.
...
Only one DO is supported now.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
6a55c09793
PKCS15-OpenPGP: Do not show empty DO in pkcs15 emu_init.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
1df3daeb62
OpenPGP: Read some empty DOs from Gnuk.
...
In Gnuk, some empty DOs are returned as not exist, instead of existing with empty value.
So, we will consider them exist in driver.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
db39041cc1
OpenPGP: Correct building Extended Header List when importing keys.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
c4bbfa6759
openpgp-tool: Support deleting key in Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
3b8f77882b
OpenPGP: Support erasing (reset) card.
...
Command: openpgp-tool --erase
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
24e3bdb872
PKCS15-OpenPGP: Declare DATA objects.
...
Begin to support read/write DATA object for PKCS-OpenPGP binding.
This object is used by TrueCrypt.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
c81eab5a70
OpenPGP: Include private DO to filesystem at driver initialization.
...
In old implementation, the DOs which their access is restricted by
PIN (like DOs 0101 -> 0104) were excluded from the fake filesystem,
leading to that we cannot read their data later, even if we verified PIN.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
a4d9261087
OpenPGP: Add Gnuk in pkcs15 emulation layer.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
1789cf0345
OpenPGP: Detect and support Gnuk Token.
...
http://www.fsij.org/gnuk/
2014-07-14 02:02:06 +08:00
Andreas Schwier
5279bfa2d1
sc-hsm: Prevent double-free crash if key generation fails
...
Fixes #262 (SEGV when reader does not support extended length ADPU)
2014-07-09 14:27:08 +02:00
Frank Morgner
bb92019e53
iso7816: allow extended length APDUs
2014-06-27 08:26:35 +02:00
Andreas Schwier
440289a091
sc-hsm: reduce indicated maximum PIN length to 15
...
Fix bogus minimum PIN length to support more PIN pad readers
2014-06-26 17:57:26 +02:00
Frank Morgner
35b74f3923
fixed warning unused variable
2014-06-09 16:03:14 +02:00
Frank Morgner
359660c454
dnie: removed dead and untested SM wrapping code
2014-06-09 15:48:20 +02:00
Andreas Schwier
072dfeb71c
sc-hsm-tool: Fixed SEGV if no or invalid card in reader
2014-06-09 15:05:42 +02:00
Henryk Plötz
b1b5a39ffa
Use sc_pkcs15_find_pin_by_auth_id() in asepcos_create_key() to correctly set the newly created key up for use with the configured PIN.
2014-06-06 18:46:48 +02:00
Nikos Mavrogiannopoulos
77d8fa390d
base64 decoding: Do not assume that char is signed.
...
In the systems where char is unsigned by default the base64 decoding
would crash.
2014-06-06 11:06:09 +02:00
Joachim Bauch
2f6b5174a8
Support "D-TRUST card 2.4 2ce".
2014-06-06 10:25:24 +02:00
Viktor Tarasov
3f13f571c0
openpgp-tool: issue-220: read and display OpenPGP data
2014-06-01 19:42:01 +02:00
Emanuele Pucciarelli
ee0566af09
pkcs11: pr-239: PKCS15 pubkey release fix
2014-06-01 18:55:56 +02:00
Raul Metsma
77c71be833
Don't depend configuration default value
2014-05-31 21:15:19 +02:00
Raul Metsma
ccf6da2dbe
Add windows onepin makefile
2014-05-31 21:15:19 +02:00
Raul Metsma
8e13acf51e
Restore pkcs11 onepin module for Firefox usage
2014-05-31 21:15:19 +02:00
Henrik Andersson
de6d61405b
Dont use sha256 if openssl is older than 0.9.8.
2014-05-14 22:11:31 +02:00
Henrik Andersson
1df8570a66
Add fence against using EVP_sha256 mech.
...
Which is only available in >=0.9.8
2014-05-14 22:11:25 +02:00
Viktor Tarasov
e41d94ca1a
md: fix return code in 'CardGetContainerInfo'
2014-05-13 18:34:18 +02:00
Viktor Tarasov
808fff2246
pkcs11: take pubkey CKA_VALUE from pub_data
2014-05-13 18:34:09 +02:00
Viktor Tarasov
b6ad7a92f5
pkcs11: more of debug messages
2014-05-13 18:33:58 +02:00
Frank Morgner
5f45739ecb
fixed one more warning
2014-05-03 22:24:06 +02:00
Frank Morgner
e1fd9d2a4c
cardos,incrypto34: restored semantics of select_pin_reference
2014-05-03 22:24:06 +02:00
Frank Morgner
511c8e6382
dnie: dont ignore error on sm free operation
...
Signed-off-by: Frank Morgner <morgner@informatik.hu-berlin.de>
2014-05-03 22:24:06 +02:00
Frank Morgner
b483d1d27d
westcos: fixed initialization of driver data
...
Signed-off-by: Frank Morgner <morgner@informatik.hu-berlin.de>
Updated by Viktor Tarasov
2014-05-03 22:23:40 +02:00
Frank Morgner
3b50ccc0ea
fixed incompatible function usage
...
Signed-off-by: Frank Morgner <morgner@informatik.hu-berlin.de>
2014-05-03 21:54:40 +02:00
Frank Morgner
a64326e768
fixed compiler warnings (partially submitted)
...
Signed-off-by: Frank Morgner <morgner@informatik.hu-berlin.de>
PR-222: commit 0b567dbaa8
partially submitted by Viktor Tarasov
2014-05-03 21:47:15 +02:00
Viktor Tarasov
883d42b1f8
libopensc: export 'iasecc_sdo_encode_update_field'
...
used by 'local SMM' module
2014-05-02 13:43:10 +02:00
Martin Paljak
8d000774df
EstEID: match card only based on presence of application.
...
Contact cards have ATR-s, contactless not. Only contact
cards should be broken so that they answer 0x9000 to application
selection, so this should be failsafe.
2014-04-21 21:05:11 +02:00
Nikos Mavrogiannopoulos
ba66459f33
When setting pointers to a template, ensure they do not get out of scope prior of being used.
...
This was causing issues when using pkcs11-tool with opencryptoki:
https://bugzilla.redhat.com/show_bug.cgi?id=1062307
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-04-21 20:47:39 +02:00
Frank Morgner
46b0bed93f
fixed PUK handling
...
Note that
`SC_PKCS15_PIN_AUTH_TYPE_PIN` is used for `sc_pkcs15_auth_info_t.auth_type`
`SC_PKCS15_TYPE_AUTH_PIN` is used for `sc_pkcs15_object_t.type`
2014-04-21 20:43:41 +02:00
Nikos Mavrogiannopoulos
218d198bdc
Call dlclose() only when having a valid handle.
...
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2014-04-21 20:23:11 +02:00
Henrik Andersson
fc5714a4c9
Set missing default create_slots_flags.
...
Without this pkcs11 cant be used without a configuration file
or a configfile without pkcs11 block due to the missing initialization
of default flag.
2014-04-21 13:53:57 +02:00
Martin Paljak
332ced5be7
Remove the bogus javacard "driver".
...
I had some ideas on how to improve the experience for JavaCards
but that path did not get implemented further and my approach now
is very different.
While it would be nice if OpenSC (command line) detected
somehow blank JavaCard-s and informed the user that steps a-b-c
should be taken to make use of it, it doesn't really fit in.
2014-04-21 13:44:27 +02:00
Raul Metsma
e7cda857f0
Fix memory leak, sc_pkcs15_cert_t *cert is never freed
2014-04-21 13:31:06 +02:00
Ludovic Rousseau
cdc379fa25
pkcs11-tool: check for buffer overflows
...
Check the subject, issuer and serialNumber will encode in the allocated
space before copying the data.
Thanks to Umberto Rustichelli for the bug report
https://sourceforge.net/p/opensc/mailman/message/32210626/
2014-04-10 16:40:12 +02:00
Martin Paljak
8b4125e79d
Merge pull request #213 from martinpaljak/default-driver
...
Default driver: do not send possibly arbitrary APDU-s to an unknown card...
2014-03-16 16:35:38 +00:00
Viktor Tarasov
8871e61596
pkcs15: change names of internal SPKI procedures
...
sc_pkcs15_pubkey_from_spki_sequence() takes the ASN1 'subjectPublicKeyInfo' data
sc_pkcs15_pubkey_from_spki_fields() takes the ASN1 'subjectPublicKeyInfo' data without outter SEQUENCE tag
2014-02-16 22:35:52 +01:00
Viktor Tarasov
53eae613d4
pkcs15: remove not used internal procedures
...
sc_pkcs15_copy_pubkey_from_spki_object() not used
2014-02-16 22:11:39 +01:00
Martin Paljak
3acb3d8e60
Default driver: do not send possibly arbitrary APDU-s to an unknown card.
2014-02-14 11:53:10 +00:00
Viktor Tarasov
345d4b905c
PIV: encode SPKI public key data
2014-02-09 18:49:58 +01:00
Viktor Tarasov
72bf7a8593
pkcs15init: NULL 'store-key' hahdle
...
Card driver can not define 'store-key' init handle
2014-02-09 18:49:58 +01:00
Viktor Tarasov
12d362fc73
PIV: fix segfault and valgrind issue
...
prototype of 'get-guid' has been changed;
valgrind issue:
Conditional jump or move depends on uninitialised value(s)
at 0x5A0159B: vfprintf (vfprintf.c:1629)
by 0x5AC04BF: __vsnprintf_chk (vsnprintf_chk.c:65)
by 0x522A665: sc_do_log_va.part.0 (stdio2.h:78)
by 0x522A819: sc_do_log (log.c:52)
by 0x529462F: piv_card_ctl (card-piv.c:1794)
by 0x5232E2F: sc_card_ctl (card.c:772)
by 0x52E561D: sc_pkcs15emu_piv_init (pkcs15-piv.c:626)
2014-02-09 18:49:58 +01:00
Viktor Tarasov
8000564239
pkcs15: fix encoding of 'SubjectPublicKeyInfo'
2014-02-09 18:49:58 +01:00
Viktor Tarasov
dd5115bc02
pkcs15: use 'direct' public key value
...
pkcs15: in pubkey-info data
* introduced new 'direct' 'raw' and 'spki' members
* removed 'encoded der data' member
* in 'read-public-key' try firstly SPKI direct value
pkcs11:
'direct' data used when getting CKA_VALUE attribute of public key
pkcs15init:
* initialize 'raw' and 'spki' direct public key value
2014-02-09 18:49:58 +01:00
Viktor Tarasov
343a627c78
pkcs15init: set EC pubkey key params using init arguments
2014-02-09 18:49:58 +01:00
Viktor Tarasov
122c58de85
pkcs15init: do not use 'der-data' of pubkey data
2014-02-09 18:49:58 +01:00
Viktor Tarasov
efa6e852c2
myeid: support of EC key is broken,
...
waiting for specification and card from Aventra (VTA)
2014-02-09 18:49:58 +01:00