add the possibility to store public ECC keys encoded according to SPKI
EC pubkey storing: Check if params are available before copying.
pkcs15-lib.c / sc_pkcs15init_store_public_key may be called with keyargs->key.u.ec.params.value == NULL. In this case, allocating and copying the parameters will fail. Add a check to prevent this.
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
pkcs15: in pubkey-info data
* introduced new 'direct' 'raw' and 'spki' members
* removed 'encoded der data' member
* in 'read-public-key' try firstly SPKI direct value
pkcs11:
'direct' data used when getting CKA_VALUE attribute of public key
pkcs15init:
* initialize 'raw' and 'spki' direct public key value
existing 'guid' obejct's data replaced by the one in private-key info
New CMAP record data used by pkcs15init emulator for the cards that have
the MD specific on-card data
The name implies what the format of the returned value, a SPKI.
The support for spki as a pkcs15 format of a pubkey, is extended to
work for any algorithm not just EC pubkeys. PKCS#15 appears to allow this.
sc_pkcs15_decode_pubkey_with_param will look for a SPKI
and attempt to use it for any algorithm, including RSA.
(RSA is the null case, as there are no algorithm parameters.)
sc_pkcs15_encode_pubkey_as_spki is exported from libopensc.
pkcs15-piv.c will use sc_pkcs15_encode_pubkey_as_spki to load public keys
as SPKI for RSA and EC.
The pubkey->data is never a SPKI, it is the DER encoding of the
pubkey without the parameters. If an spki is needed, use the
sc_pkcs15_encode_pubkey_as_spki to get the DER encoding of the spki.
As in the previous set of patches, pkcs15-tool.c will output both
sc_pkcs15_decode_pubkey_with_param and its internal.
This was left for testing, and the pubkey_pem_encode should be deleted
Cards formatted with one-pin profile can not be used (for modification
of the data on the card with pkcs15-init -X for example) after this
commit, which prevent the reading of 5015/4946 (containing the
profile).
The part of the code was simply commented out without comment.
Maybe it was used for testing purposes, and not removed for
the commit ?
When creating new DATA object, keep it's value in 'data' member of
'sc-pkcs15-data-info' data.
Used by pkcs15init emulation layer to store DATA value into a proprietary placement.
select_object_path: Fixed misplaced return and wrong return code. This bug is the cause why a profile
must include a template even for fully emulated cards.
sc_pkcs15init_store_certificate: Added a call to the emulation layer when the private key
description requires an update after storing a certificate. Should not break existing code.
sc_pkcs15init_delete_object: Now calling the emulation layer before the frameworks tries to delete
files itself. An emulation that deletes object explicitly and leaves the deletion of some objects
to the framework will now need to completely handle deleting objects (by calling the methods of the
framework).
sc_pkcs15init_update_certificate: Missing call to the emulation layer added.
Application path can contain non-zero length path value and AID.
In this case select AID as DF_NAME only if length of path value is zero.
Segfault: dereferencing NULL pointer, thanks to Magosányi Árpád
- Create/delete the PKCS#15 'DATA' objects destinated to supply support of minidriver. For a while only 'Gemalto' style of such support is implemented.
- Declare epass2003 pkcs15init operations.
- include into OpenSC configuration the SM related sections
call sc_profile_finish() with application info data as an argument;
in delete-by-path procedure, when getting authorization to delete file, make distinction between 'DELETE' and 'DELETE-SELF';
call card specific 'store' handler updating PrKDF and PubKDF files;
deduce the private key pkcs#15 attributes (like subject) from the friend certificate;
ignore SM authentication type when getting authorisation for operation;
copy GUID from the object create data to the pkcs#15 object attributes.
Add new argument 'application-info',
that will allow to select the on-card application to by binded with.
pkcs11: use sc_pkcs15init_bind with 'AID' argument
Prototype of sc_pkcs15init_bind() has been changed to add argument with
AID of the on-card application to be binded with.
pkcs15-wrap.c can be removed. Clarified/changed the meaning of "insecure" flag to pkcs15-init tool,
which will be needed to explicitly enforce the creation of a key which does not require a PIN.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5510 c6295689-39f2-0310-b995-f0e70906c6a9
Frank Morgner
Philip Wendland
Viktor Tarasov
Andreas Schwier
Jean-Pierre Szikora
sjoblomt
Nguyễn Hồng Quân
Robbert Müller
Ludovic Rousseau
vtarasov
martin