- eac: allow CA without EF.CardSecurity
- sc-hsm: implemented CA based on document PKI
- sc-hsm: adds receive limit for SoC card
- introduces dedicated card type for SoC card
- md: integrate card's PIN pad capabilities
- installer: added SC-HSM SoC card to registry
- pkcs15-tool: Added support for PIN entry on card
- change/unblock PIN: add support for PIN entry on card
- added OpenPACE to macOS build
- travis-ci: install gengetopt/help2man via brew
- sc-hsm: Cache EF.C_DevAut
- sc-hsm: Prevent unnecessary applet selection and state resets
- sc-hsm: added support for session pin
- sc-hsm: avoid multiple AID selection
- sc-hsm: Use the information from match_card for all subsequent selections of the applet
- sc-hsm: cache optional files as empty files (Decoding the files will reveal that they were not existing prior caching. This avoids selecting the file though we have already tried to cache the file before.)
- use dedicated directory for CVC trust anchors
- appveyor: added OpenPACE to windows build
regression of 45a7ea9737075b5901fe7a5d65ed898733140315:
due to the change in the linkage, the symbols should be found in
opensc.dll instead of the static support libraries.
Add code to support OpenSSL initialization correctly when using OpenSSL-1.1
Tested with OpenSSL-1.1.0c and OpenSSL-1.1.0e.
Changes to be committed:
modified: src/tools/piv-tool.c
Communication defined by ISO/IEC 14443 is identical to T=1, so make
sure we connect in the right mode to the card so that the constructed
APDUs can be handled by the card.
CKA_SPKI is a vendor defined attribute to be used internally
as input to to OpenSSL d2i_PUBKEY
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: framework-pkcs15.c
modified: mechanism.c
modified: openssl.c
modified: pkcs11-opensc.h
OpenSC opennssl.c in sc_pkcs11_verify_data assumes that it can
retieve the CKA_VALUE for a public key object, and expect it to
be usable as RSA.
But internally sc_pkcs15_pubkey can have a "raw" or "spki"
version of the public key as defined by PKCS#15. Card drivers
or pkcs15-<card> routines may store either the "raw" or "spki"
versions. A get attribute request for CKA_VALUE for a public key
will return either the raw, spki or will derived rsa verison of the
pubkey.
This commit will test if the CKA_VALUE is a spki and use d2i_PUBKEY
which takes a spki version and returns an EVP_KEY. If it not an spki
the current method, d21_PublicKey(EVP_PKEY_RSA,...) is used which
only works for RSA.
The problem was found while testing pkcs11-tool -t -l where
the verify tests would fail with a CKR_GENERAL_ERROR because
the card driver stored the public key as a spki.
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: src/pkcs11/openssl.c
Date: Fri Apr 07 07:50:00 2017 -0600
- pcsc driver takes over all the functionality
- no dedicated reader driver config values for cardmod, use application
specific blocks to define a different behavior for the pcsc reader if
needed
- removes legacy code; requiring at least libpcsclite 1.6.5
Fixes https://github.com/OpenSC/OpenSC/issues/892
Keygen should write public keys with explicit CKA_PRIVATE=false by default (possibility to modify by --private switch)
Related to 4df35b92 discussing writing separate objects years ago.
* Set security context for CardOS 5.3 with p1=0x41 (as Coolkey does)
* Do not emulate signatures in CardOS 5.3
Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the
actual implementation in cardos_compute_signature().
It might be bogus also in previous version, but I don't have a way
to verify against these cards.
* Do not advertise RSA-X-509 mechanism for CardOS 5.3 (card strips padding)
For testing RSA-X-509, we are generating random bytes for signing. It
may happen that the modulus is smaller than the random number
generated, which triggers an error in the card. With this change, we
are setting the most significant byte to 0x00 to assure the random
number is smaller than the modulus.
card-cac.c
* CLANG_WARNING: The left operand of '<' is a garbage value
card-coolkey.c
* CLANG_WARNING: overwriting variable
* CPPCHECK_WARNING: memory leak / overwrite variable
* CLANG_WARNING: null pointer dereference
* UNUSED_VALUE: unused return value
card-gids.c
* CLANG_WARNING: Branch condition evaluates to a garbage value
* SIZEOF_MISMATCH: suspicious_sizeof
card-myeid.c
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
* CLANG_WARNING: overwriting variable
* (rewrite not to confuse coverity)
pkcs15-cac.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-coolkey.c
* UNUSED_VALUE: unused return value
pkcs15-piv.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-sc-hsm.c
* DEADCODE
pkcs11/framework-pkcs15.c
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
pkcs15init/pkcs15-lib.c
* CLANG_WARNING: Assigned value is garbage or undefined
pkcs15init/pkcs15-myeid.c
* UNREACHABLE: Probably wrong placement of code block
tests/p15dump.c
* IDENTICAL_BRANCHES
pkcs15-init.c
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
pkcs15-tool.c
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
* MISSING_BREAK: The above case falls through to this one.
sc-hsm-tool.c
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
westcos-tool.c
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
* (rewrite not to confuse coverity)
card-cac.c
* Avoid malloc with 0 argument
gids-tool.c
* FORWARD_NULL -- copy&paste error
scconf.c
* CLANG_WARNING: Call to 'malloc' has an allocation size of 0 bytes
closes#982
According to minidriver specs CardReadFile() method output parameters are
optional so don't return SCARD_E_INVALID_PARAMETER when they are NULL.
Also, use this opportunity to walk through this function helpers to make
sure they correctly return error status.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
According to minidriver specs CardGetChallenge() method parameters
are purely for output and do not have a meaning of requested challenge
length, so remove a misleading log line.
There is also no need to have a special case for pcbChallengeData being
NULL since in this case the function would have exited early anyway with
SCARD_E_INVALID_PARAMETER (also, it was just dereferenced in the previous
code line).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since last commit GCC warns us about problems with format strings and their
arguments in minidriver, so let's fix these warnings just as we did in rest
of the OpenSC code.
Most of these warnings were about DWORDs being printed as ints, there were
also some format directives and size_t size specifiers missing and various
misc format / parameter disagreements.
Attempt was made to keep log strings as-is, only the most obvious typos
were fixed.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Commit "Add GCC format checking attributes to log functions" added format
and parameter checking to OpenSC log functions.
Minidriver, however, logs most of its output via a dedicated log function,
so this function needs such attributes, too.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Mingw currently links to msvcrt.dll as C runtime.
This library is documented by Microsoft as off-limits to applications and
its feature set vary between Windows versions.
Due to this, presence of particular printf() format string directives
depends on which Windows version the code is run.
This is, naturally, bad, so mingw developers introduced ability to replace
formatted output functions with built-in equivalents with defined feature
set by setting "__USE_MINGW_ANSI_STDIO" macro to 1.
There are, however, no built-in equivalents for "_s" suffixed functions.
Fortunately, they are used only a few times in minidriver so let's simply
replace them with equivalent code using standard functions.
This also allows skipping "MINGW_HAS_SECURE_API" macro definition so any
future uses will be caught by compiler.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Looks like Travis CI build server found a few cases of log function format
string not being a string literal (now that log functions have necessary
attributes to check for such things).
Some instances clearly aren't a real problem, but to be future-proof and to
avoid compiler warnings let's fix all of them (that I was able to find in
code).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since "Add GCC format checking attributes to log functions" commit GCC
warns us about problems with format strings and their arguments provided
to OpenSC message logging functions.
This commit fixes all cases where GCC warned about incorrect format on
64-bit Linux, 32-bit and 64-bit mingw builds (with SM and OpenSSL enabled).
Well, almost all since on mingw GCC does not recognize "ll" size specifier
(present at least since Visual Studio 2005, also in mingw own CRT) so these
(few) warnings about it remain.
In most cases format size specifier for size_t type was missing (usually
size was left at default int level, with is different on 64-bit x86).
Some formats had too few / too many arguments.
In some cases pointers were printed as integers.
Some long variables were missing "l" prefix (especially with regard to %x
format).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
GCC can check format and parameter correctness in printf()-like functions
for us so let's add necessary attributes to our log functions to emit a
warning where their way of being called is likely in need to be inspected
for correctness.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver currently has basic support for unblocking card PIN by providing
PUK as an administrator password to CardUnblockPin() function.
However, this doesn't work for example when trying to unblock PIN via
system smartcard PIN unblock screen accessible after pressing Ctrl+Alt+Del
as it wants to use challenge / response authentication.
MS Smart Card Minidriver specification (version 7.07) explicitly says that
challenge / response is the only authentication mode that Windows uses to
authenticate an administrator.
Unfortunately, this way of unblocking PIN seems to not be widely supported
by cards.
However, we can simply treat the provided response to challenge as PUK.
Because (at least) Ctrl+Alt+Del PIN unblock screen accepts only hex string,
every PUK digit X has to be input as '3X' (without quotes) there.
Also the response string is not hidden behind asterisks on this screen as
it should been.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver contained a hack since commit 7ef766b785 in 2010 to print to
debug file directly under mingw (instead of using normal OpenSC logging
system), as there was problem with "%S" format specifier then.
However, on recent mingw versions "%S" format works fine so let's remove
this hack.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Frank Morgner
Doug Engert
rickyepoderi
Jakub Jelen
Timo Teräs
Mouse
Mouse
Hannu Honkanen
Jakuje
Maciej S. Szmigiero