card-piv.c tries to read the first 8 bytes of an object to get object size
so it can allocate a buffer. It then reads the whole object. apdu.c has changed
over the years, and apdu.c will keep reading as long as the card returns
status of 61 XX thus apdu.c will read the whole object while discarding
the extra data and returning to the caller only the first part of the data.
This in effect causes a double read of objects.
This patch sets SC_APDU_FLAGS_NO_GET_RESP to tell apdu to stop doing the
extra get-response commands thus avoiding most of the extra overhead.
This in not an optimal patch as it only works with T=1 cards/readers
but the patch is confined to just card-piv.c.
A better patch is in the works.
Fixes#462
* factorize the code from CardAuthenticatePIN into CardAuthenticateEx
* allows authentication with the PINPAD without a UI
minidriver: fix some code analysis warnings
Improve the error code when the user cancel the operation ("The operation was canceled by the user" instead of "invalid parameter")
Signed-off-by: vletoux <vincent.letoux@gmail.com>
Prior to 066132327c71300188aa66180fde2fb3d90c5140, CKM_ECDH1_DERIVE and
CKM_ECDH1_COFACTOR_DERIVE were always registered for cards that support
SC_ALGORITHM_ECDSA_RAW.
The mentioned commit changed this behavior, so that the ECDH mechanisms
are only registered for cards that set the SC_ALGORITHM_ECDH_CDH_RAW
capability flag.
To keep the existing behavior for the cards, they need to set this flag
in the card driver.
Prior to this commit, all hashes registered for RSA or other key types were
registered for ECDSA as well.
register ECDH mechanism only when supported by card
ECDH should only be registered if the card driver sets the
SC_ALGORITHM_ECDH_CDH_RAW flag.
register software PKCS#1 (1.5) padding only when RAW RSA is supported by card
If OpenSC supports PSS/OAEP padding or other padding mechanisms in
future, and there would be a card that enforces hardware PSS/OAEP
padding, the PKCS#1 v1.5 padding mechanism should not be registered.
This patch fixes 3 issues which consecutively have shown up when debugging the original problem:
1 - Newer DNIe report a byte count for public certificates which is the compressed size,
while older DNIe report the uncompressed size. This resulted in short-reading the x509 certificates,
and in an error parsing. Therefore, during initialization we proceed to set path->count for
public certificates to -1. This ensures that the lenght of the certificates for reading
will be set to file-> length, which has the correct size.
2 - pkcs11-tool -t was broken for DNIe (old and new)as it tried to strip pcks11 padding
from the data to sign and OpenSC tried signatures with non-padded data
(as the card had SC_ALGORITHM_RSA_RAW).
The new algoflags (SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_PAD_PKCS1) and the
removal of the strip-padding call fix the issue.
3 - The new cards won't allow setting the LE bytes when calculating the TLV, when LE equals
256. This caused an wrong SM object error response (0x69 0x88). Therefore,
we don't send the LE bytes anymore in this case.
The patch has been tested to work on the new problematic card and on another old one.
close#451
We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad
card-masktech.c: fix building issues on the integration platform
card-masktech.c: fix linux compilation errors
honour HAVE_CONFIG_H
card-masktech.c: take in account Frank's remark about extended APDU in masktech_decipher
remove trailing spaces
* Command-line parameters were introduced to specify key usage
(--usage-{sign,decrypt,derive}). However, those are not used when importing
external objects using C_CreateObject function.
fix#445
In OpenSC the EC field_length is the number of bits in the field.
Most curves have a field_length which is a multiple of 8 bits
but there are many that are not.
The X and Y points and privateD are stored in octetstrings
so there may need to be an extra byte in the octetstring.
An OpenSSL BIGNUM will drop leading zero bytes, so its size can not be used
to determine the field_length.
fix#440fix#433
Compilation without OpenSSL - guid computation issue
This case is triggered when:
- built without OpenSSL
- called from a minidriver where id.len = 1
- card number is less than 15 bytes
(VTA: codding style slightly touched)
Basically checks that the memory allocation succeed.
The ctbcs.c change improve the readability
because count = 0 and len > 254 does not add any value.
VTA: added few coding style changes
Instead of hard-coding the format depending on whether OpenSC was compiled with
OpenSSL or not, the user should be able to choose the format himself.
The default format now is the normal concatenation of R,S both for CKM_ECDSA
and CKM_ECDSA_SHA1.
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.
VTA: use short form of log call in iso7816
* iasecc_read_public_key function uses SC_SUCCESS instead of log level
value, hence the log output is always displayed. This uses
SC_LOG_DEBUG_NORMAL instead.
VTA: updated to use short form of LOG macro
Fix the WCHAR / CHAR conversion problem in CardAuthenticateEx in case of PinPAD (vs->wzPinContext is UNICODE)
Fix UNICODE compilation problem( MessageBoxA instead of MessageBox)
There are few Java Cards that do not support ECDSA at all.
Starting with IsoApplet version 00.06, the applet returns whether the card
supports ECDSA or not. This commit uses this information to decider whether to
register ECDSA mechanisms or not.
Recent BELPIC cards (issued since March 2014) have a validity of 10
years (rather than 5 as before), and therefore also increased the key
size from 1024 bits to 2048 bits.
Key size can be detected by checking the applet version, for which we
have to issue a "GetCardData" command. If the applet is version 0x17 or
higher, keys are 2048 bits.
Use #defines rather than magic numbers
Keeps the code slightly more readable.
While we're at it, refactor slightly so that the code which issues the
GET CARD DATA command doesn't just keep the applet version, but also
makes other things available.
This latter in preparation of setting the serial number.
* This commit adds initial support for Morpho French Agent card which is an
IAS card. Signature operations are working. Since my test card was
read-only, I was unable to test object management functions.
* Add missing copy of AID in structure
For internal use allocate and copy the EC params data from the caller's template,
rather then use them directly as a pointer in internal public key data.
The raw format of EC signature was invalid when 'r' and 's' had different length.
https://github.com/OpenSC/OpenSC/pull/381#issuecomment-77016382
According to PKCS#11 v2.20:
"If r and s have different octet length, the shorter of both must
be padded with leading zero octets such that both have the same octet length."
Use the new features of sc_asn1_put_tag introduced in OpenSC/OpenSC#314.
Additionally, a RSA private key is sent from one large buffer using either extended APDUs or chaining (in compliance to IsoApplet API version 00.05).
It is required to strip excessive zeroes returned by some Java Cards when removeing the ASN1 structural information for PKCS#11 so that the x/y can be calculated by dividing the signature length by 2. However, the leading zero may only be stripped if it is excessive (outside the field length). Otherwise generated signatures are wrong in rare cases (1 out of 256).
See: 189e998486
The IsoApplet requires the host to do the hashes with RSA. OpenSC will
add all hashes that are available in software and will not expect the
card to do the hashing.
Rework the EC key generation mechanism to send the curve parameters to
the card. In earlier versions, the applet had a copy of the curve
parameters and there was a different algorithm reference for every
curve. This is unfeasible when trying to support a larger number of
curves because of size limitations of the applet.
This commit additionally includes some refactorings that should not
change the functionality.
when deleting a private key object, overwrite its contents so the key can no longer be used.
(VTA: original commit touched to use LOG macros and add debug logs)
needed to store information about EC curve supported by card.
Primary usage is when importing/generating key to get know if particular curve is supported by card.
* Key usage required when calling C_CreateObject for public key are not used.
This adds the logic to convert from PKCS#11 attributes to PKCS#15 in the
structure that is sent to underlying _store_pubkey functions.
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
sc_pkcs15_get_object_guid() should prefer the serial number from
EF(TokenInfo) over card->serialnr because the user may override the
card's serial number with "pkcs15-init -C --serial". The card->serialnr
should be used before calling card CTL with SC_CARDCTL_GET_SERIALNR
because it might contain a cached value.
This change *should* allow cards to be used with the minidriver even if
SC_CARDCTL_GET_SERIALNR is not implemented. For example, a driver might
set card->serialnr at initialization or the user might initialize a
PKCS#15 card with its own "--serial".
See also the discussion at the mailing list:
[Opensc-devel] AT_SIGNATURE and AT_EXCHANGE Problem
b94c163 - invalid, non-tested
11881a6 -- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7 -- src/pkcs11/slot.c -- SEGFAULT issue #3733a92bf7 -- src/tools/piv-tool.c -- confirmed by author
6759c04 -- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
* With commit facaf59, access_flags were set for most cards. A closer look
revealed that this is already done in `sc_pkcs15emu_add_rsa_prkey`.
Therefore, this removes the duplicated code for cards calling this function.
* Ensure CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are only set when
generating the key on board, not reason to set them when importing a private
key.
Enhance sc_asn1_put_tag to support larger tag names and larger tags.
Prior to this, sc_asn1_put_tag did only support tags with a length of at most 127 bytes and tag names of one byte.
* Add default behavior for cards using the PKCS#15 emulation layer.
Hence, this patch provide a default value for access_flags compatible with
current OpenSC's behavior while allowing compatible cards to fetch the real
value from the card (IAS-ECC and AuthentIC).
Previously, partial DF name selection was used, which is not mandatory
to implement for a JCRE. We now use the full DF name which must always
be implemented.
Note that the MUSCLE applet is deprecated and should not be used.
fixes#135
C_Digest will now query for the buffer size using sc_pkcs15_md_final
before calling sc_pkcs15_md_update. This avoids doing a double update
when the user passes in a buffer to small, then gets the buffer and calls
C_Digest again.
Code to test for an auth_id for certs and pubkeys was removed.
See: PKCS#15 section 4.1.3 Access methods
This is conseritive change and all objects could be treaded the same.
The framework-pkcs15.c did not add hashes correctly if the card did not support RSA RAW.
This change fixes that and only adds hashes if the card did not specify a list of hashes.
It also will not add hashes done in software if ENABLE_OPENSSL is not specified.
Some error conditions are also tested for EC mechanisms.
See bug report #241 for more information.
If OpenSSL is not used then the functions from card-dnie.c are not
defined and in particular dnie_match_card() is not defined.
In that case we use a fake dnie_match_card() that just returns false.
add the possibility to store public ECC keys encoded according to SPKI
EC pubkey storing: Check if params are available before copying.
pkcs15-lib.c / sc_pkcs15init_store_public_key may be called with keyargs->key.u.ec.params.value == NULL. In this case, allocating and copying the parameters will fail. Add a check to prevent this.
Add a --no-prompt flag to pkcs15-tool (i.e. the equivalent of the --no-prompt flag of pkcs15-init). As to aid readers with keypads (as commonly used in the medical space).
The same function iasecc_sm_external_authentication() was declared in
two different .h files.
In file included from ../../src/libopensc/iasecc.h:27:0,
from sm-card-iasecc.c:44:
../../src/libopensc/iasecc-sdo.h:324:5: warning: redundant redeclaration of `iasecc_sm_external_authentication' [-Wredundant-decls]
In file included from ../../src/libopensc/opensc.h:44:0,
from sm-card-iasecc.c:40:
../../src/libopensc/sm.h:352:5: note: previous declaration of `iasecc_sm_external_authentication' was here
framework-pkcs15: Duplicate public key related to private key rather than referencing the framework object
Referencing the related public key is required to return PKCS#11 attributes for a private key only available
in the public key object (i.e. CKA_MODULUS). This patch adds a copy of the public key to the private key object rather than
referencing the public key object in the framework. This prevents SEGV when the public key framework object
is deleted with C_DestroyObject, but the reference from the public key remains intact.
The bug leads to all kind of stability problems when keys are created and deleted in the same session.
The patch is in particular important if OpenSC is used with EJBCA or any other application using the
SUN PKCS#11 provider: When generating key pairs, then the public key object is eventually garbage collected
which removes the related object in the PKCS#11 module. Because there is no fixed time for this operation,
corruption occurs at random.
In a next step, the remaining related_xxx fields in sc_pkcs11_object should be revised and possibly removed.
framework: Added more error checking
If a certificate is deleted after the related private key, then the driver
picks the wrong certificate EF, leading to an CKR_GENERAL_ERROR or the wrong
certificate being deleted.
Private key import is not supported by the SmartCard-HSM. However there is no error code
if it is still tried using pkcs15-init or from within Firefox.
openpgp-tool: Added PRIVATE-DO-3 dump option
The bytes of private-do-3 will be written to stdout raw.
Requires pin and verify to work.
openpgp-tool: Fix private-do-3 dump for Windows
fwrite will convert line endings on Windows if the destination
is not openend in binary mode. As this actually dumps binary data,
it makes sense to reopen stdout in binary mode for the dump.
openpgp-tool: Enable dumping of all DOs
PRIVATE-DO-<X> can now be dumped via the -d/--do switches and
the DO number as a parameter.
PRIVATE-DO-[12] can be dumped without verification.
PRIVATE-DO-3 requires CHV2, PRIVATE-DO-4 CHV3.
openpgp-tool: Dump DOs as hex into a tty, binary otherwise
This prevents messing up a terminal if there really _is_
binary data in a private DO. To force the binary data to a terminal,
pipe through cat.
openpgp-tool: Hint at the pin and verify options on error
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED is the error code
here when dumping a private DO without the appropriate verification.
openpgp-tool: Explictly use --raw for binary ouput
The --raw switch already exists. If present, raw binary will be written,
a pretty-printed hex/ascii representation otherwise.
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
Support nonces that are not only 8 bytes in
Mutual Authenticate. Use the witness length
to determine the nonce size, thus existing
systems using 8 bytes will continue to use 8
bytes. However, with AES 256, the nonces could
be a single block size of 16 bytes or greater.
RSA and EC keys have different usage attributes. Appropriate attributes are set
When using --keypairgen the user can use the --usage-sign, --usage-decrypt,
and --usage-derive. to get finer control.
Changes to be committed:
modified: tools/pkcs11-tool.c
This adds algorithm IDs 0xA, 0xA, 0xC which as documented
by the NIST PIV specification is algorithms AES-128, AES-192
and AES-256 respectively.
This patch also addresses some of the hardcodes that prevented
nonces greater than the single byte TLV length tags would allow.
It was explicitly tested with AES-256 and 256 byte nonces.
Signed-off-by: William Roberts <w2.roberts@samsung.com>
exit_status is either set directly or a function return is ORed with it,
in which case EXIT_SUCCESS can never be returned if the initial value is !=
0;
In old implementation, the DOs which their access is restricted by
PIN (like DOs 0101 -> 0104) were excluded from the fake filesystem,
leading to that we cannot read their data later, even if we verified PIN.