giomba
606edadb13
gcns.c: read Italian healthcare smart card
2022-01-06 17:29:06 +01:00
Jakub Jelen
bc9b9df869
Do not use EVP_PKEY_get0() for EC_KEY handling
...
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).
Discussed in openssl upstream issue:
https://github.com/openssl/openssl/issues/16081
2021-08-02 10:05:59 +02:00
Jakub Jelen
9a5a008093
pkcs15-tool: Update the logic to make it more clear for some dumb static analyzers
2021-07-15 09:51:59 +02:00
Jakub Jelen
d34e84c78d
eidenv: Avoid memory leak
2021-07-15 09:51:59 +02:00
Alessio Di Mauro
2f94a6b155
pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation
...
Section 4.9 of the PKCS#11 v2.40 specification [1], mentions
CKA_EXTRACTABLE as a valid attribute for Private Key objects. However,
when calling "pkcs11-tool" with the "--exportable" option, the
attribute is not set as part of the private key template.
[1]: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
2021-06-23 15:29:29 +02:00
Jaime Hablutzel
465375bda2
Fixing command-line option names in error messages
2021-05-26 10:41:30 +02:00
Doug Engert
f1bc07dec1
Fix piv-tool on wondows
...
fopen needs "rb" for fopen in two places
fixes #2338
On branch piv-tool-windows
Changes to be committed:
modified: piv-tool.c
2021-05-20 10:37:31 +02:00
Jakub Jelen
d0b847c6cf
tests: Remove files after disclean
2021-05-05 14:22:58 +02:00
divinehawk
98663528cf
pkcs15-tool: Write data objects in binary mode
2021-05-03 11:48:28 +02:00
ihsinme
50eaa6bf57
fix possible access outside the array.
...
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
2021-05-03 11:47:51 +02:00
Frank Morgner
75f24d2af7
regenerated egk-tool cmdline
2021-04-26 18:13:43 +02:00
Frank Morgner
2063a1d334
silince generation of files
2021-04-26 18:13:43 +02:00
Carsten Blüggel
edb7ed25e4
pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is resolved
2021-04-07 10:25:54 +02:00
Frank Morgner
ce0d409205
Avoid accessing Uninitialized scalar variable
...
regression of c581d1b26
coverity scan CID 367545
2021-03-24 23:27:01 +01:00
Frank Morgner
5f9085fedb
Merge pull request #1960 from Jakuje/eddsa
...
Add support for (X)EdDSA keys in OpenPGP driver
2021-03-22 15:36:59 +01:00
Jakub Jelen
16b7c60fd3
Fix more issues with strict aliasing reported by gcc v8
...
Thanks popoves for reporting this issue
2021-03-18 09:58:21 +01:00
Vincent JARDIN
b508349010
IASECC/CPX: opensc-explorer asn1 EF.ATR parsing
...
Let's the advance users be able to parse the ASN1 contant
for any offset.
OpenSC [3F00]> asn1 2F01 0
Error in decoding.
OpenSC [3F00]> asn1 2F01 1
43 Application 3 (1 byte): decode error, : B8 .
46 Application 6 (4 bytes): decode error: 04 B0 EC C1 ....
47 Application 7 (3 bytes): 94 01 80 ...
4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%......
E0 Private 0 (16 bytes)
02 INTEGER (2 bytes): 260
02 INTEGER (2 bytes): 260
02 INTEGER (2 bytes): 256
02 INTEGER (2 bytes): 256
78 Application 24 (8 bytes)
06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2
82 Context 2 (2 bytes): 36864: 90 00 ..
Fix: issue #2220
2021-03-17 10:58:20 +01:00
Vincent JARDIN
c581d1b26f
IASECC/CPX: opensc-explorer asn1 of EF.ATR objects
...
Workaround the parsing of EF.ATR objects, for instance:
./opensc-explorer -r 0
OpenSC [3F00]> cat 2F01
00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O
00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%.............
00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+
00000030: 81 22 F8 78 02 82 02 90 00 .".x.....
OpenSC [3F00]> info 2F01
Working Elementary File ID 2F01, SFI E8
File path: 3F00/2F01
File size: 57 bytes
EF structure: Transparent
ACL for READ: NONE
ACL for UPDATE: SecOx45
ACL for DELETE: SecOx45
ACL for WRITE: N/A
ACL for REHABILITATE: N/A
ACL for INVALIDATE: N/A
ACL for LIST FILES: N/A
ACL for CRYPTO: N/A
Type attributes: 01
Life cycle: Operational, activated
In order to avoid adding an offset of 1 for such objects on some
OpenSC [3F00]> asn1 2F01 1
specific cards, then, we get:
OpenSC [3F00]> asn1 2F01
80 Context 0 (0 bytes)
43 Application 3 (1 byte): decode error: B8 .
46 Application 6 (4 bytes): decode error: 04 B0 EC C1 ....
47 Application 7 (3 bytes): 94 01 80 ...
4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%......
E0 Private 0 (16 bytes)
02 INTEGER (2 bytes): 260
02 INTEGER (2 bytes): 260
02 INTEGER (2 bytes): 256
02 INTEGER (2 bytes): 256
78 Application 24 (8 bytes)
06 OBJECT IDENTIFIER (6 bytes): 1.3.162.15480.2
82 Context 2 (2 bytes): 36864: 90 00 ..
OpenSC [3F00]>
which means:
ef-atr.c:49:sc_parse_ef_atr_content: EF.ATR: card service 0xB8
ef-atr.c:59:sc_parse_ef_atr_content: EF.ATR: Pre-Issuing data '04B0ECC1'
ef-atr.c:67:sc_parse_ef_atr_content: EF.ATR: DF selection 94, unit_size 1, card caps 80
ef-atr.c:95:sc_parse_ef_atr_content: EF.ATR: AID '8025000001FF0100'
ef-atr.c:106:sc_parse_ef_atr_content: EF.ATR: Issuer data '02020104020201040202010002020100'
ef-atr.c:111:sc_parse_ef_atr_content: EF.ATR: DER encoded OID 06062B8122F87802
ef-atr.c:114:sc_parse_ef_atr_content: EF.ATR: OID 2B8122F87802
ef-atr.c:123:sc_parse_ef_atr_content: EF.ATR: status word 0x9000
Fix: issue #2220
2021-03-17 10:58:20 +01:00
Jakub Jelen
63031b2193
pkcs11-tool: Avoid strict-aliasing issues on 32b architectures
2021-03-09 23:59:58 +01:00
Jakub Jelen
2fa6700599
Remove more issues with strict aliasing
...
These would demonstrate with gcc11 and can be detected with gcc
flag -Wstrict-aliasing=2 (also with older gcc)
2021-03-09 23:59:58 +01:00
Jakub Jelen
56af7de137
Change (X)EDDSA EC_PARAMS encoding to OID
...
This is the current interpretation of the specs after talking with
several members of PKCS #11 TC.
2021-03-01 15:43:28 +01:00
Jakub Jelen
35cfc291ce
pkcs11-tool: Add support for (X)EDDSA key generation
2021-03-01 15:43:24 +01:00
Jakub Jelen
5d5c391793
opensc-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
5178e74e1b
pkcs11-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
2fb688683e
pkcs15-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
c78fa164c9
openpgp-tool: Fix typos OpenGPG -> OpenPGP
2021-03-01 14:35:51 +01:00
Jakub Jelen
a5a6757d10
pkcs11-tool: Add CKA_KEY_TYPE attribute for keygen as recommeneded in specification
2021-03-01 14:35:50 +01:00
Frank Morgner
fe6864c5f3
fixed 354852 Invalid type in argument to printf format specifier
2021-02-25 23:34:57 +01:00
Jakub Jelen
2f232f217b
pkcs11-tool: Avoid double free and check allocation
...
366349 Double free
Thanks coverity
2021-02-25 09:08:52 +01:00
Jakub Jelen
176b20f339
pkcs11-tool: Display additional EC mechanism flags
2021-02-05 00:22:43 +01:00
Doug Engert
f704e4f23e
Pkcs11-tool changes to test a modules ability to use threads
...
Option --use-locking has C_Initialize pass in parameters with the
CKF_OS_LOCKING_OK to tell module to use threads. The default is it passes NULL
which says threads are not needed.
The following is not designed to be used by the general user. There are for debugging
and test scripts and only compiled if the system has threads.
Option --test-threads <arg> can be passed multiple times. Each one starts a thread.
<arg> is a list of 2 byte commands seperated by ":". The thread will execute these.
Current commands are:
IN - C_Initialize(NULL)
IL - C_Initialize with CKF_OS_LOCKING_OK
Pn - Pause for n seconds
GI - C_GetInfo
SL - C_GetSlotList
Tn - C_GetTokenInfo from slot_index n
These are just enough calls to see if threads are working in the module.
Output is written to stderr.
Changes to be committed:
modified: doc/tools/pkcs11-tool.1.xml
modified: src/tools/Makefile.am
modified: src/tools/pkcs11-tool.c
2021-01-26 12:50:39 +01:00
Doug Engert
d369965a7f
pkcs11-tool support key-gen for GENERIC secret key
...
Fixes #2139
Added code to support mechanism GENERIC-SECRET-KEY-GEN.
Improved --help and doc/tools/pkcs11-tool.1.xml because key gen
of symmetric keys pass CKA_VALUE_LEN which is length of key in bytes.
Tested with:
./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \
--login --label generic-64 --keygen --key-type GENERIC:64 \
--mechanism GENERIC-SECRET-KEY-GEN
./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --login -O
2021-01-26 12:34:15 +01:00
Peter Popovec
ba85ae75e3
opensc-explorer, command "info" - added information about LCS
...
Information about "Life cycle status byte" is now available in listing.
Also src/libopensc/types.h update - added more LCSB definitions.
iso7816_process_fci () update: improved tag 0x8A parsing.
Fixes in card-flex.c and card-miocos.c - SC_FILE_STATUS_xxx is not
bitfield.
2021-01-22 19:04:22 +01:00
Jakub Jelen
db18a72c64
pkcs11: Implement PKCS #11 3.0 Profile object and its handling in tools
2021-01-11 14:49:22 +01:00
Jakub Jelen
7f9e8ba85c
pkcs11-tool: Add option to list PKCS #11 3.0 interfaces
2021-01-11 14:49:22 +01:00
Jakub Jelen
6e25924eb0
common, pkcs11-tool: Use new PKCS #11 API with fallback to old one
2021-01-11 14:49:22 +01:00
Jakub Jelen
85e08ae675
pkcs11-tool: Avoid calloc with 0 argument
2020-11-25 14:38:23 +01:00
Frank Morgner
e05574d942
use correct naming scheme for launch agents
2020-11-10 23:23:11 +01:00
Zhang Xiaohui
c5508c5eae
Add sc_disconnect_card() before exit() and initialize two variables
2020-11-09 10:21:14 +01:00
Zhang Xiaohui
e8f27abd02
Add sc_release_context() before exit()
2020-11-09 10:21:14 +01:00
Carsten Blüggel
8098b7de61
pkcs11-tool: disable wrap/unwrap test until #1796 is resolved
2020-10-27 11:28:40 +01:00
Frank Morgner
c621f39034
pkcs11-register: free up memory before exiting
2020-10-27 09:48:02 +01:00
Zhang Xiaohui
0dc3dcbc00
There may be a memory leak in main in /src/tools/sceac-example.c
...
When failed to access reader, cxt needs to be released before
exiting the program. Like in the patch of CVE-2019-6502, a
sc_release_context(ctx) is needed before line 71, or a
memory leak may occur.
2020-10-16 14:00:23 +02:00
w00475903
7551e14c58
westcos-tool.c:fix memory leaks in dst->modulus.data and dst->exponent.data
...
Signed-off-by: whzhe <wanghongzhe@huawei.com>
2020-10-14 23:09:36 +02:00
Conrado P. L. Gouvea
40da5cace2
pkcs11-tool: add --allow-sw flag that removes CKF_HW and allows using software tokens
2020-09-28 12:59:58 +02:00
Peter Marschall
16c889cf7d
spelling fixes
...
Fix various spelling errors, mostly in comments but also in texts displayed.
Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
2020-08-30 10:35:14 +02:00
Ludovic Rousseau
3168f48503
Fix spelling error in comments
2020-08-29 23:22:34 +02:00
Ludovic Rousseau
7fc00a1178
Fix spelling error
...
Thanks to Debian lintian:
I: opensc: spelling-error-in-binary usr/bin/netkey-tool conatin contain
I: opensc: spelling-error-in-binary usr/bin/piv-tool conatin contain
2020-08-29 23:17:02 +02:00
Peter Marschall
4dbfc77eba
opensc-explorer: extend do_asn1() to accept offsets
...
Have do_asn1() accept an optional parameter indicating an offset.
If this is given then start ASN.1-decoding the file/record at this offset.
2020-08-23 22:46:26 +02:00
Peter Marschall
45e7039940
opensc-explorer: extend do_asn1() to decode records
...
Have do_asn1() accept an optional parameter indicating a record number.
If this is given and the file is a record-oriented file, then ASN.1-decode
the record requested.
2020-08-23 22:46:26 +02:00