Doug Engert
48a11c0634
Update piv-tool man pages for AES
...
commit 295c523e4
(William Roberts 2014-07-08 13:52:48)
added support for AES keys to card-piv.c but the man page
for piv-tool that uses the code was never updated.
On branch piv-tool-doc
Changes to be committed:
modified: ../../doc/tools/piv-tool.1.xml
2021-05-20 11:07:29 +02:00
Doug Engert
f1bc07dec1
Fix piv-tool on wondows
...
fopen needs "rb" for fopen in two places
fixes #2338
On branch piv-tool-windows
Changes to be committed:
modified: piv-tool.c
2021-05-20 10:37:31 +02:00
Doug Engert
8dfafe4fc2
Fix 2340 pkcs15-sec.c wrong test
...
if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA) { is the correct test.
2021-05-17 15:00:26 +02:00
Vincent JARDIN
5256bc3d3d
tests: minidriver using T0 or T1
...
Some cards should be used with T0 and some others with T1. Let's support
both.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
180737d1b6
tests: minidriver runtime PINCODE
...
Let's define an environment MINIDRIVER_PIN=1234 in order to be able
to reuse the tests with any cards.
usage:
(cmd) set MINIDRIVER_PIN=1234
When the PIN code is not defined, let's skip the tests since it may runs
the number of trials out of the max attempts.
Moreover, some cards may have many roles, but the tests are designed for
the ROLE_USER, so let's enforce only the ROLE_USER.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
f0c059ede8
ATRMask: better describe the rule to be applied
...
Include some notes in order to properly define the ATR values.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2321
2021-05-12 07:51:42 +02:00
Vincent JARDIN
46c50dc51d
CPx: add registration for Windows/minidrivers
...
Let's OpenSC be able to support the IAS/ECC CPx cards.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2321
2021-05-12 07:51:42 +02:00
Georgi Kirichkov
ca01d2c5e2
Code style changes
2021-05-11 11:44:39 +02:00
Georgi Kirichkov
5ae0ef4f41
Sets card->name for IDPrime v3 and v4 cards
2021-05-11 11:44:39 +02:00
Georgi Kirichkov
072c64aaed
Adds Gemalto IDPrime v4
2021-05-11 11:44:39 +02:00
Alon Bar-Lev
35a8a1d7e1
pkcs11.h: avoid C++ comments
2021-05-07 23:59:12 +02:00
Ludovic Rousseau
2ea5ed8ddd
Fix 'make check' when make --jobs= is used
...
The error was:
PASS: test-duplicate-symbols.sh
PASS: test-pkcs11-tool-allowed-mechanisms.sh
XFAIL: test-pkcs11-tool-test.sh
XFAIL: test-pkcs11-tool-test-threads.sh
PASS: test-manpage.sh
FAIL: test-pkcs11-tool-sign-verify.sh
============================================================================
Testsuite summary for OpenSC 0.22.0-rc1
============================================================================
============================================================================
See tests/test-suite.log
Please report to https://github.com/OpenSC/OpenSC/issues
============================================================================
This is because more than 1 test is executed at the same time. So
card_cleanup() is called at the end of one test while another test is
still running.
The problem is easy to replicate using "make --jobs=2".
2021-05-06 15:05:15 +02:00
Jakub Jelen
2f145f5804
Workaround for broken Ubuntu Focal images
...
https://travis-ci.community/t/clang-10-was-recently-broken-on-linux-unmet-dependencies-for-clang-10-clang-tidy-10-valgrind/11527
2021-05-06 15:02:45 +02:00
Jakub Jelen
613b56ee55
Add correct prefix on the clang-tidy commandline
2021-05-05 14:22:58 +02:00
Jakub Jelen
d0b847c6cf
tests: Remove files after disclean
2021-05-05 14:22:58 +02:00
Jakub Jelen
835cee2e5a
tests: Add correct path to enable out-of-source build
2021-05-05 14:22:58 +02:00
Jakub Jelen
06ac408bb4
travis: Invoke distcheck to make sure all needed files are packaged
2021-05-05 14:22:58 +02:00
divinehawk
98663528cf
pkcs15-tool: Write data objects in binary mode
2021-05-03 11:48:28 +02:00
ihsinme
50eaa6bf57
fix possible access outside the array.
...
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
2021-05-03 11:47:51 +02:00
Frank Morgner
32004e74ce
added missing files to distribution
2021-05-01 01:42:11 +02:00
Anton Logachev
570fc56c47
Remove the SC_SEC_ENV_FILE_REF_PRESENT flag for Rutoken ECP cards
...
Rutoken ECP cards have no default SE file. Previous cards ignored
MSE with restoring default SE, but new cards don't. This requires
SC_SEC_ENV_FILE_REF_PRESENT to be removed from env flags.
2021-04-29 23:03:32 +02:00
Doug Engert
19611682bd
Fix for #2283 C_Sign fails ECDSA when card can do HASH on card
...
Do not truncate ECDSA input to size of key if card or driver will do HASH.
On branch Fix_for_2283_ECDSA
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2021-04-27 10:50:00 +02:00
Vincent JARDIN
a21bcf4b41
IASECC/Gemalto: register application
...
Register application for Gemalto Dual ID ONE Cosmo.
2021-04-26 21:37:39 +02:00
Vincent JARDIN
e93bd3983c
IASECC/Gemalto: add support
...
Add support for Gemalto's IAS ECC Dual ID One Cosmo using samples from:
http://cartesapuce-discount.com/fr/cartes-a-puce-ias-ecc/146-cartes-a-puce-protiva-ias-ecc-tpc.html
Some suppots were already available (ATR, init, etc.), but the
select_file was missing the proper cases.
2021-04-26 21:37:39 +02:00
Frank Morgner
3f19991556
updated NEWS
2021-04-26 18:13:43 +02:00
Frank Morgner
4ecb4b39ac
updated documentation
2021-04-26 18:13:43 +02:00
Frank Morgner
75f24d2af7
regenerated egk-tool cmdline
2021-04-26 18:13:43 +02:00
Frank Morgner
2063a1d334
silince generation of files
2021-04-26 18:13:43 +02:00
Vincent JARDIN
e3a3722ad1
IASECC/CPX: Fix SDO path
...
Some objects need to be read from a specific path.
IASECC_SDO_PRVKEY_TAG: from 3F00:0001
IASECC_SDO_CHV_TAG: from 3F00
2021-04-26 15:55:17 +02:00
Vincent JARDIN
fcd2e665fe
IASECC/CPX: fix APDU errors for SE get data
...
On a CPX, this object needs to be read from 3F00.
For instance:
$ opensc-explorer -r 2
OpenSC [3F00]> cd 0002
OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Received (SW1=0x6A, SW2=0x88)
Failure: Data object not found
OpenSC [3F00/0002]> apdu 00 A4 09 04 02 3F 00
Sending: 00 A4 09 04 02 3F 00
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Received (SW1=0x90, SW2=0x00)
Success!
Currently, this patch limits to the CPX cards since I cannot know
the behaviour for the other cards. I could not find any reference
from the standard.
Fix: issue #2275
2021-04-26 15:55:17 +02:00
Vincent JARDIN
405ecfc402
IASECC: proper pkcs15init of Algo_refs
...
For some Private RSA Keys, their Algo_refs remain empty:
$ pkcs15-tool -k --verify-pin --pin 1234
Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00
Private RSA Key [CPS_PRIV_SIG]
Object Flags : [0x01], private
Usage : [0x200], nonRepudiation
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_cds:01;
ModLength : 2048
Key ref : 129 (0x81)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001001
MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349
Private RSA Key [CPS_PRIV_AUT]
Object Flags : [0x07], private, modifiable
Usage : [0x06], decrypt, sign
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 6, 3, 4
Access Rules : pso_decrypt:01; int_auth:01;
ModLength : 2048
Key ref : 130 (0x82)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001002
MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543
Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION
may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested.
Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not
make any sense for any card.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Vincent JARDIN
544aa4cc6b
IASECC/CPX: Fix up prkeyinfo/algo_ref
...
Extend the current support from 9abf8ee04c
in order to add a fixup for the CPx cards.
Since the data is not properly encoded when the card is initialized
let's re-build it for each run time from the DF.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Vincent JARDIN
137286858f
IASECC/CPX: enable calls thru pkcs15-iasecc.c
...
Same than Gemalto's IASECC, the CPX cards need a workaround since
the PrKey does not have its Algo_regs.
We get:
pkcs15-tool -k --verify-pin --pin 1234
Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00
Private RSA Key [CPS_PRIV_SIG]
Object Flags : [0x01], private
Usage : [0x200], nonRepudiation
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_cds:01;
ModLength : 2048
Key ref : 129 (0x81)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001001
MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349
Private RSA Key [CPS_PRIV_AUT]
Object Flags : [0x07], private, modifiable
Usage : [0x06], decrypt, sign
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_decrypt:01; int_auth:01;
ModLength : 2048
Key ref : 130 (0x82)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001002
MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543
We need to get Algo_regs to be set to something that is not 0.
Fix: issue #2267
2021-04-26 15:52:09 +02:00
Vincent JARDIN
39b4472f38
IASECC/CPX: export pkcs15init for missing features
...
Some cards, such as the CPX are missing features that should
have been initialized using:
iasecc_pkcs15_encode_supported_algos()
Let's export this function in order to build a fixup when the DF
should be parsed.
When OPENSSL is missing, an error should be rised since this
workaround for the CPX cards cannot work. It means that
any environments that use the CPX cards must be compiled with
ENABLE_OPENSSL.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Vincent JARDIN
396cbc46cf
IASECC/CPX: set default flags
...
The CPX has the standard capabilities of the IASECC standard.
Let's be carefull with memory leakage, see the
previous commit 83162c5c8
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Frank Morgner
4912f05701
use OpenPACE 1.1.1
2021-04-25 12:03:52 +02:00
Peter Marschall
344ac0abe6
iasec: use proper printf format specifiers for size_t
...
Do not hard-code the printf format specifier for size_t: use the macro instead.
This fixes compliation on 32-bit architectures.
2021-04-20 14:26:37 +02:00
Jakub Jelen
d6ec00c870
cardos: Add ATR for CardOS 5.4
...
Hopefully fixes #2296
2021-04-15 17:59:31 +02:00
Peter Popovec
dd48facd38
travis CI: testsuite fix (tests/test-pkcs11-tool-allowed-mechanisms.sh)
...
Ubuntu (focal) softhsm2 workaround - mechanism listing incorrect
2021-04-14 11:02:58 +02:00
Peter Popovec
7d274a0d72
travis-ci: Try to run the tests on Ubuntu 20 (Focal Fossa)
2021-04-14 11:02:58 +02:00
Jakub Jelen
ef17b3fb89
tests: Fix comparison for osx
2021-04-13 21:58:47 +02:00
Jakub Jelen
cae5c71f90
oberthur: Handle 1B OIDs
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32807
2021-04-13 21:58:47 +02:00
Jakub Jelen
4b3c6dec07
.travis: Fail if tests fail
2021-04-13 21:58:47 +02:00
Frank Morgner
991bb8a141
add CPDK include flags
2021-04-08 15:15:46 +02:00
Frank Morgner
a83069b89f
updated to Microsoft Cryptographic Provider Development Kit (CPDK) Version 8.0
2021-04-08 11:25:08 +02:00
Carsten Blüggel
edb7ed25e4
pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is resolved
2021-04-07 10:25:54 +02:00
Frank Morgner
545e47b29e
preparation for 0.22.0
2021-04-06 13:42:50 +02:00
Vincent JARDIN
1a3666364d
IASECC/CPX: Avoid APDU Incorrect Parameters
...
Without this patch, we would get from the logs:
Outgoing APDU (18 bytes):
00 A4 04 00 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%....
00 10 ..
[opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called
[opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
[opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
[opensc-pkcs11] apdu.c:537:sc_transmit: returning with: 0 (Success)
[opensc-pkcs11] card.c:523:sc_unlock: called
[opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2
[opensc-pkcs11] card-iasecc.c:1064:iasecc_select_file: Warning: SC_ERROR_INCORRECT_PARAMETERS for SC_PATH_TYPE_DF_NAME, try again with P2=0x0C
[opensc-pkcs11] apdu.c:548:sc_transmit_apdu: called
[opensc-pkcs11] card.c:473:sc_lock: called
[opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
[opensc-pkcs11] apdu.c:515:sc_transmit: called
[opensc-pkcs11] apdu.c:363:sc_single_transmit: called
[opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:C, data(13) 0x7fff4b339b20
[opensc-pkcs11] reader-pcsc.c:323:pcsc_transmit: reader 'Ingenico TL TELIUM (25005334) 00 02'
[opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit:
Outgoing APDU (18 bytes):
00 A4 04 0C 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%....
00 10 ..
[opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called
[opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit:
Incoming APDU (2 bytes):
90 00 ..
Let's align it with the behaviour of the other IASECC cards.
2021-04-01 11:11:33 +02:00
Vincent JARDIN
0df0f80b55
IASECC: log any APDU Incorrect parameters
...
From the logs, we can detect many 6A 86 (Incorrect P1 or P2 paremeters).
A deeper analysis will be required, but the best option to check them
is to start emitting any Warning for such events.
2021-04-01 11:11:33 +02:00
Philip Prindeville
b9c0addf88
update configure.ac to be less noisy
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-04-01 11:09:22 +02:00