giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8,622 Commits 1 Branch 30 Tags 20 MiB
Commit Graph

1588 Commits

Author SHA1 Message Date
giomba 606edadb13 gcns.c: read Italian healthcare smart card 2022-01-06 17:29:06 +01:00
Jakub Jelen bc9b9df869 Do not use EVP_PKEY_get0() for EC_KEY handling 
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).

Discussed in openssl upstream issue:

https://github.com/openssl/openssl/issues/16081
 2021-08-02 10:05:59 +02:00
Jakub Jelen 9a5a008093 pkcs15-tool: Update the logic to make it more clear for some dumb static analyzers 2021-07-15 09:51:59 +02:00
Jakub Jelen d34e84c78d eidenv: Avoid memory leak 2021-07-15 09:51:59 +02:00
Alessio Di Mauro 2f94a6b155
pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation 
Section 4.9 of the PKCS#11 v2.40 specification [1], mentions
CKA_EXTRACTABLE as a valid attribute for Private Key objects. However,
when calling "pkcs11-tool" with the "--exportable" option, the
attribute is not set as part of the private key template.

[1]: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
 2021-06-23 15:29:29 +02:00
Jaime Hablutzel 465375bda2 Fixing command-line option names in error messages 2021-05-26 10:41:30 +02:00
Doug Engert f1bc07dec1 Fix piv-tool on wondows 
fopen needs "rb" for fopen in two places

fixes #2338

 On branch piv-tool-windows
 Changes to be committed:
	modified:   piv-tool.c
 2021-05-20 10:37:31 +02:00
Jakub Jelen d0b847c6cf tests: Remove files after disclean 2021-05-05 14:22:58 +02:00
divinehawk 98663528cf pkcs15-tool: Write data objects in binary mode 2021-05-03 11:48:28 +02:00
ihsinme 50eaa6bf57 fix possible access outside the array. 
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
 2021-05-03 11:47:51 +02:00
Frank Morgner 75f24d2af7 regenerated egk-tool cmdline 2021-04-26 18:13:43 +02:00
Frank Morgner 2063a1d334 silince generation of files 2021-04-26 18:13:43 +02:00
Carsten Blüggel edb7ed25e4 pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is resolved 2021-04-07 10:25:54 +02:00
Frank Morgner ce0d409205 Avoid accessing Uninitialized scalar variable 
regression of c581d1b26

coverity scan CID 367545
 2021-03-24 23:27:01 +01:00
Frank Morgner 5f9085fedb
Merge pull request #1960 from Jakuje/eddsa 
Add support for (X)EdDSA keys in OpenPGP driver
 2021-03-22 15:36:59 +01:00
Jakub Jelen 16b7c60fd3 Fix more issues with strict aliasing reported by gcc v8 
Thanks popoves for reporting this issue
 2021-03-18 09:58:21 +01:00
Vincent JARDIN b508349010 IASECC/CPX: opensc-explorer asn1 EF.ATR parsing 
Let's the advance users be able to parse the ASN1 contant
for any offset.

OpenSC [3F00]> asn1 2F01 0
Error in decoding.
OpenSC [3F00]> asn1 2F01 1
43 Application 3  (1 byte): decode error, : B8 .
46 Application 6  (4 bytes): decode error: 04 B0 EC C1 ....
47 Application 7  (3 bytes): 94 01 80 ...
4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%......
E0 Private 0  (16 bytes)
   02 INTEGER (2 bytes): 260
   02 INTEGER (2 bytes): 260
   02 INTEGER (2 bytes): 256
   02 INTEGER (2 bytes): 256
78 Application 24 (8 bytes)
   06 OBJECT IDENTIFIER (6 bytes):  1.3.162.15480.2
82 Context 2  (2 bytes): 36864: 90 00 ..

Fix: issue #2220
 2021-03-17 10:58:20 +01:00
Vincent JARDIN c581d1b26f IASECC/CPX: opensc-explorer asn1 of EF.ATR objects 
Workaround the parsing of EF.ATR objects, for instance:

./opensc-explorer -r 0

OpenSC [3F00]> cat 2F01
00000000: 80 43 01 B8 46 04 04 B0 EC C1 47 03 94 01 80 4F .C..F.....G....O
00000010: 08 80 25 00 00 01 FF 01 00 E0 10 02 02 01 04 02 ..%.............
00000020: 02 01 04 02 02 01 00 02 02 01 00 78 08 06 06 2B ...........x...+
00000030: 81 22 F8 78 02 82 02 90 00                      .".x.....

OpenSC [3F00]> info 2F01
Working Elementary File  ID 2F01, SFI E8

File path:               3F00/2F01
File size:               57 bytes
EF structure:            Transparent
ACL for READ:            NONE
ACL for UPDATE:          SecOx45
ACL for DELETE:          SecOx45
ACL for WRITE:           N/A
ACL for REHABILITATE:    N/A
ACL for INVALIDATE:      N/A
ACL for LIST FILES:      N/A
ACL for CRYPTO:          N/A
Type attributes:         01
Life cycle:              Operational, activated

In order to avoid adding an offset of 1 for such objects on some
  OpenSC [3F00]> asn1 2F01 1
specific cards, then, we get:

OpenSC [3F00]> asn1 2F01
80 Context 0  (0 bytes)
43 Application 3  (1 byte): decode error: B8 .
46 Application 6  (4 bytes): decode error: 04 B0 EC C1 ....
47 Application 7  (3 bytes): 94 01 80 ...
4F Application 15 (8 bytes): 80 25 00 00 01 FF 01 00 .%......
E0 Private 0  (16 bytes)
   02 INTEGER (2 bytes): 260
   02 INTEGER (2 bytes): 260
   02 INTEGER (2 bytes): 256
   02 INTEGER (2 bytes): 256
78 Application 24 (8 bytes)
   06 OBJECT IDENTIFIER (6 bytes):  1.3.162.15480.2
82 Context 2  (2 bytes): 36864: 90 00 ..
OpenSC [3F00]>

which means:
 ef-atr.c:49:sc_parse_ef_atr_content: EF.ATR: card service 0xB8
 ef-atr.c:59:sc_parse_ef_atr_content: EF.ATR: Pre-Issuing data '04B0ECC1'
 ef-atr.c:67:sc_parse_ef_atr_content: EF.ATR: DF selection 94, unit_size 1, card caps 80
 ef-atr.c:95:sc_parse_ef_atr_content: EF.ATR: AID '8025000001FF0100'
 ef-atr.c:106:sc_parse_ef_atr_content: EF.ATR: Issuer data '02020104020201040202010002020100'
 ef-atr.c:111:sc_parse_ef_atr_content: EF.ATR: DER encoded OID 06062B8122F87802
 ef-atr.c:114:sc_parse_ef_atr_content: EF.ATR: OID 2B8122F87802
 ef-atr.c:123:sc_parse_ef_atr_content: EF.ATR: status word 0x9000

Fix: issue #2220
 2021-03-17 10:58:20 +01:00
Jakub Jelen 63031b2193 pkcs11-tool: Avoid strict-aliasing issues on 32b architectures 2021-03-09 23:59:58 +01:00
Jakub Jelen 2fa6700599 Remove more issues with strict aliasing 
These would demonstrate with gcc11 and can be detected with gcc
flag -Wstrict-aliasing=2 (also with older gcc)
 2021-03-09 23:59:58 +01:00
Jakub Jelen 56af7de137 Change (X)EDDSA EC_PARAMS encoding to OID 
This is the current interpretation of the specs after talking with
several members of PKCS #11 TC.
 2021-03-01 15:43:28 +01:00
Jakub Jelen 35cfc291ce pkcs11-tool: Add support for (X)EDDSA key generation 2021-03-01 15:43:24 +01:00
Jakub Jelen 5d5c391793 opensc-tool: Support for new (X)EdDSA keys 2021-03-01 15:42:29 +01:00
Jakub Jelen 5178e74e1b pkcs11-tool: Support for new (X)EdDSA keys 2021-03-01 15:42:29 +01:00
Jakub Jelen 2fb688683e pkcs15-tool: Support for new (X)EdDSA keys 2021-03-01 15:42:29 +01:00
Jakub Jelen c78fa164c9 openpgp-tool: Fix typos OpenGPG -> OpenPGP 2021-03-01 14:35:51 +01:00
Jakub Jelen a5a6757d10 pkcs11-tool: Add CKA_KEY_TYPE attribute for keygen as recommeneded in specification 2021-03-01 14:35:50 +01:00
Frank Morgner fe6864c5f3 fixed 354852 Invalid type in argument to printf format specifier 2021-02-25 23:34:57 +01:00
Jakub Jelen 2f232f217b pkcs11-tool: Avoid double free and check allocation 
366349 Double free

Thanks coverity
 2021-02-25 09:08:52 +01:00
Jakub Jelen 176b20f339 pkcs11-tool: Display additional EC mechanism flags 2021-02-05 00:22:43 +01:00
Doug Engert f704e4f23e Pkcs11-tool changes to test a modules ability to use threads 
Option --use-locking has C_Initialize pass in parameters with the
CKF_OS_LOCKING_OK to tell module to use threads. The default is it passes NULL
which says threads are not needed.

The following is not designed to be used by the general user. There are for debugging
and test scripts and only compiled if the system has threads.

    Option --test-threads <arg> can be passed multiple times. Each one starts a thread.
    <arg> is a list of 2 byte commands seperated by ":". The thread will execute these.
    Current commands are:
       IN - C_Initialize(NULL)
       IL - C_Initialize with CKF_OS_LOCKING_OK
       Pn - Pause for n seconds
       GI - C_GetInfo
       SL - C_GetSlotList
       Tn - C_GetTokenInfo  from slot_index n

These are just enough calls to see if threads are working in the module.
Output is written to stderr.

 Changes to be committed:
	modified:   doc/tools/pkcs11-tool.1.xml
	modified:   src/tools/Makefile.am
	modified:   src/tools/pkcs11-tool.c
 2021-01-26 12:50:39 +01:00
Doug Engert d369965a7f pkcs11-tool support key-gen for GENERIC secret key 
Fixes #2139

Added code to support  mechanism GENERIC-SECRET-KEY-GEN.

Improved --help  and doc/tools/pkcs11-tool.1.xml because key gen
of symmetric keys pass CKA_VALUE_LEN which is length of key in bytes.

Tested with:

./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \
 --login --label generic-64 --keygen --key-type GENERIC:64 \
 --mechanism GENERIC-SECRET-KEY-GEN

./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --login -O
 2021-01-26 12:34:15 +01:00
Peter Popovec ba85ae75e3 opensc-explorer, command "info" - added information about LCS 
Information about "Life cycle status byte" is now available in listing.
Also src/libopensc/types.h update - added more LCSB definitions.
iso7816_process_fci () update: improved tag 0x8A parsing.

Fixes in card-flex.c and card-miocos.c - SC_FILE_STATUS_xxx is not
bitfield.
 2021-01-22 19:04:22 +01:00
Jakub Jelen db18a72c64 pkcs11: Implement PKCS #11 3.0 Profile object and its handling in tools 2021-01-11 14:49:22 +01:00
Jakub Jelen 7f9e8ba85c pkcs11-tool: Add option to list PKCS #11 3.0 interfaces 2021-01-11 14:49:22 +01:00
Jakub Jelen 6e25924eb0 common, pkcs11-tool: Use new PKCS #11 API with fallback to old one 2021-01-11 14:49:22 +01:00
Jakub Jelen 85e08ae675 pkcs11-tool: Avoid calloc with 0 argument 2020-11-25 14:38:23 +01:00
Frank Morgner e05574d942 use correct naming scheme for launch agents 2020-11-10 23:23:11 +01:00
Zhang Xiaohui c5508c5eae Add sc_disconnect_card() before exit() and initialize two variables 2020-11-09 10:21:14 +01:00
Zhang Xiaohui e8f27abd02 Add sc_release_context() before exit() 2020-11-09 10:21:14 +01:00
Carsten Blüggel 8098b7de61 pkcs11-tool: disable wrap/unwrap test until #1796 is resolved 2020-10-27 11:28:40 +01:00
Frank Morgner c621f39034 pkcs11-register: free up memory before exiting 2020-10-27 09:48:02 +01:00
Zhang Xiaohui 0dc3dcbc00 There may be a memory leak in main in /src/tools/sceac-example.c 
When failed to access reader, cxt needs to be released before
exiting the program. Like in the patch of CVE-2019-6502, a
sc_release_context(ctx) is needed before line 71, or a
memory leak may occur.
 2020-10-16 14:00:23 +02:00
w00475903 7551e14c58 westcos-tool.c:fix memory leaks in dst->modulus.data and dst->exponent.data 
Signed-off-by: whzhe <wanghongzhe@huawei.com>
 2020-10-14 23:09:36 +02:00
Conrado P. L. Gouvea 40da5cace2 pkcs11-tool: add --allow-sw flag that removes CKF_HW and allows using software tokens 2020-09-28 12:59:58 +02:00
Peter Marschall 16c889cf7d spelling fixes 
Fix various spelling errors, mostly in comments but also in texts displayed.

Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
 2020-08-30 10:35:14 +02:00
Ludovic Rousseau 3168f48503 Fix spelling error in comments 2020-08-29 23:22:34 +02:00
Ludovic Rousseau 7fc00a1178 Fix spelling error 
Thanks to Debian lintian:
I: opensc: spelling-error-in-binary usr/bin/netkey-tool conatin contain
I: opensc: spelling-error-in-binary usr/bin/piv-tool conatin contain
 2020-08-29 23:17:02 +02:00
Peter Marschall 4dbfc77eba opensc-explorer: extend do_asn1() to accept offsets 
Have do_asn1() accept an optional parameter indicating an offset.
If this is given then start ASN.1-decoding the file/record at this offset.
 2020-08-23 22:46:26 +02:00
Peter Marschall 45e7039940 opensc-explorer: extend do_asn1() to decode records 
Have do_asn1() accept an optional parameter indicating a record number.
If this is given and the file is a record-oriented file, then ASN.1-decode
the record requested.
 2020-08-23 22:46:26 +02:00