Vincent JARDIN
7cd713d15d
IASECC/CPX: enable RSA algorithms
...
Without this fix, we get:
./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
SHA-1, digest
SHA224, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
GOSTR3411, digest
Once we include it, we get:
./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
SHA-1, digest
SHA224, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
GOSTR3411, digest
RSA-9796, keySize={1024,2048}, hw, decrypt, sign, verify
RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify
SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, generate_key_pair
2021-03-17 10:58:20 +01:00
Vincent JARDIN
fd97f49a84
IASECC: CPX have 2 applications
...
There are 2 applications: default one (contact mode) and the contactless
mode.
2021-03-17 10:58:20 +01:00
Vincent JARDIN
560692221b
IASECC/CPX: file selection and app enumeration
...
Thanks to this commit, we get the full support of:
- ./opensc-explore
cd 0001
asn1 2F00
- ./pkcs11-tool -O
- etc.
2021-03-17 10:58:20 +01:00
Vincent JARDIN
acb8822444
IASECC: Add support for CPx cards
...
The French CPx Healthcare cards are designed to support the IASECC
standard.
2021-03-17 10:58:20 +01:00
Jakub Jelen
40c50a3a42
oberthur: Handle more memory issues during initialization
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448
2021-03-16 12:02:05 +01:00
Frank Morgner
4512676795
Nightly: in case of conflicts, add "our" changes on top
2021-03-16 11:49:02 +01:00
Frank Morgner
26fac9592d
macos: add a tokend postfix for dmg
2021-03-16 11:49:02 +01:00
Raul Metsma
b9080c16d6
Make sure that we build always x86_64 openssl on macOS
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2021-03-16 11:49:02 +01:00
Frank Morgner
aae9254018
Fixed syntax error
2021-03-16 11:49:02 +01:00
Raul Metsma
578128e464
Fix build on travis and with CryptoTokenKit enabled
2021-03-16 11:49:02 +01:00
Frank Morgner
1325d5c333
travis: use newer version of xcode for pushed binaries
2021-03-16 11:49:02 +01:00
Raul Metsma
85c5610d39
Build arm64 on macOS with Xcode 12.2
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2021-03-16 11:49:02 +01:00
Frank Morgner
63e6683384
mac: use dedicated entitlements for binaries and scripts
...
fixes the codesigning issue with the unknown blobs in the entitlements
(missing "/" to complete blob)
2021-03-16 11:49:02 +01:00
Peter Popovec
f46b617397
Skip authentication if card access control mechanism is not active.
...
Depending on the "lifecycle" of the file, we may omit the authentication
operation. Typically if the card is in initialization or creation state,
the access control mechanism is inactive. If authentification can be
skiped, the card driver is responsible for setting the "acl_inactive"
variable in sc_file structure.
2021-03-16 10:57:05 +01:00
Frank Morgner
8e614bfe6e
Nightly: unencrypt only if encrypted key is in available
2021-03-15 14:16:12 +01:00
Jakub Jelen
8d61d0d20d
Use more portable switch for uniq to unbreak osx build
2021-03-15 09:33:55 +01:00
Jakub Jelen
1ef79e99f7
reader-pcsc: Avoid strict aliasing issues
2021-03-09 23:59:58 +01:00
Jakub Jelen
60632100a0
pkcs11: Avoid redefinition of ck_interface ( #2243 )
2021-03-09 23:59:58 +01:00
Jakub Jelen
63031b2193
pkcs11-tool: Avoid strict-aliasing issues on 32b architectures
2021-03-09 23:59:58 +01:00
Jakub Jelen
544dcc6827
configure: Warn about strict alliasing issues in strict builds
2021-03-09 23:59:58 +01:00
Jakub Jelen
2fa6700599
Remove more issues with strict aliasing
...
These would demonstrate with gcc11 and can be detected with gcc
flag -Wstrict-aliasing=2 (also with older gcc)
2021-03-09 23:59:58 +01:00
Jakub Jelen
45e262f537
westcos: Avoid strict aliasing violations
2021-03-09 23:59:58 +01:00
Jakub Jelen
b5f26051bb
Fix build on gcc11
...
This made most of the applications crashing in Fedora 34 when
smart card was plugged in.
The suggested patch makes the code path more obvious for gcc to
handle.
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
2021-03-09 23:59:58 +01:00
Jakub Jelen
b8266a4c86
Revert "fixed atrmask for gnuk"
...
This reverts commit 98beb86a38
.
2021-03-01 15:43:28 +01:00
Jakub Jelen
0ce245a411
p11test: Fix one-off comparison
2021-03-01 15:43:28 +01:00
Jakub Jelen
56af7de137
Change (X)EDDSA EC_PARAMS encoding to OID
...
This is the current interpretation of the specs after talking with
several members of PKCS #11 TC.
2021-03-01 15:43:28 +01:00
Jakub Jelen
c39e31b274
pkcs11: Rewrite ec params to use sc_asn1_put_tag()
2021-03-01 15:43:28 +01:00
Jakub Jelen
ae771a135f
openpgp: Rewrite decipher/derive to use asn1 functions
2021-03-01 15:43:28 +01:00
Jakub Jelen
cb8c7647ca
asn1: Do not crash on invalid arguments
2021-03-01 15:43:28 +01:00
Jakub Jelen
a020b85d94
unittests: Briefly test asn1_encode
2021-03-01 15:43:28 +01:00
Jakub Jelen
73e283b4b1
openpgp: Correctly handle curve25519 keys
2021-03-01 15:43:28 +01:00
Jakub Jelen
64b61a7556
openpgp: Do not fail hard if unknown algorithm is encountered and fix typo
2021-03-01 15:43:28 +01:00
Jakub Jelen
9bd139d1e4
openpgp: Check return code of OID decoding from ASN1
2021-03-01 15:43:28 +01:00
Jakub Jelen
8c4d325576
framework-pkcs15: Fix typo in comment
2021-03-01 15:43:28 +01:00
Doug Engert
0380142482
Fix obtaining key_length i.e. field_length pkcs15-openpgp
...
card-opennpgp.c and pkcs15-openpgp.c have a strang way of
using sc_object_id_t to store what they call a binary_oid
or oid_binary. It is used to convert the EC curve asn1
returned in the cxdata.
This code uses asn1_decode_object_id to use sc_object_id_t
as used in the rest of the code.
The code and ec_curve tabes in card-openpgp.c where not changed.
pkcs15-openpgp.c was channge si to can use:
algorithm_info = sc_card_find_ec_alg(card, 0, &oid);
to retried the key_length to add to the pubkey and prkey entries.
The EC and EDDSA needs (i.e. field_length) to run.
On branch eddsa
Your branch is up to date with 'Jakuje/eddsa'.
Changes to be committed:
modified: card.c
modified: pkcs15-openpgp.c
2021-03-01 15:43:28 +01:00
Jakub Jelen
091b7670eb
p11test: Reformat the script and allow running against softhsm ed25519 keys (with few tweaks)
...
The Ed25519 implementation in SoftHSM is now broken /non-interoperable. After fixing that,
the interoperability tests should work with this script:
* SoftHSMv2#528: Avoid creating duplicate mechanisms
* SoftHSMv2#522: Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification
* SoftHSMv2#526: Adjust EDDSA code to return valid EC_PARAMS according to the final PKCS #11 3.0 specification
2021-03-01 15:43:28 +01:00
Jakub Jelen
35cfc291ce
pkcs11-tool: Add support for (X)EDDSA key generation
2021-03-01 15:43:24 +01:00
Jakub Jelen
485b6cff44
p11test: Add support for EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
32ec1f92b9
openpgp: Set reasonable usage for (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
e7d390f9dd
openpgp: Unbreak EC algorithms for GNUK
...
Since 09a594d
bringing ECC support to openPGP card, it did not count
with GNUK. This adds exception for GNUK to unbreak ECC signatures
as GNUK presents BCD version < 3.
2021-03-01 15:42:29 +01:00
Jakub Jelen
a965829f52
openpgp: Use only Derive mechanism for curve25519 keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
5d5c391793
opensc-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
5178e74e1b
pkcs11-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
2fb688683e
pkcs15-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
b351bf5ea4
openpgp: Initial support for (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
caae75758c
Add internal support for (X)EdDSA keys
2021-03-01 15:42:26 +01:00
Jakub Jelen
80f80317d1
pkcs11: Add new SHA3 identifiers
2021-03-01 14:35:51 +01:00
Jakub Jelen
095c28e372
pkcs11: Add new (X)EDDSA identifiers
2021-03-01 14:35:51 +01:00
Jakub Jelen
0455a5665e
winscard: Add missing constant define
2021-03-01 14:35:51 +01:00
Jakub Jelen
c78fa164c9
openpgp-tool: Fix typos OpenGPG -> OpenPGP
2021-03-01 14:35:51 +01:00