'PACE' is extremely card specific protocol and has not to be ostensibly
present in the common part of OpenSC:
* currently in OpenSC there is no card driver that supports or uses this protocol;
* amazing content of the common 'sc_perform_pace' -- beside the verbose logs
the only substantial action is to call the card/reader specific handler.
According to the current sources and the pull request 83
this 'common' procedure is called by the card driver or
card specific tool/operation.
* currently the 'PACE' can be thouroghly tested only by one person (Frank Morgner),
and only using the OpenSSL patched with the PACE specific patch.
So, at least a dedicated configuration option could be introduced when comiting PACE to the common part.
* common 'sc_perfom_pace' has the same role as the 'initialize-SM' handler of the existing SM framework
and can be implemented as card specific SM, as the others cards do.
This confirmed by Frank Morgner, the author of PACE commits and nPA card driver, himself.
(https://github.com/OpenSC/OpenSC/pull/83)
Implements PC/SC interface to PACE-enabled readers defined in PC/SC
pt. 10 AMD 1 and BSI TR-03119.
PACE can be started using `sc_perform_pace`. This function currently
calls the new `perform_pace` from `struct sc_reader_operations`, if the
reader has the needed capabilities. `sc_perform_pace` could also be
extended with a stand-alone implementation of PACE (code could be
imported from here http://vsmartcard.sourceforge.net/npa/README.html).
Note that the reader's PACE capabilities are correctly determined by
calling GetReaderPACECapabilities.
OpenSC's new PACE capabilities can be tested using the `npa-tool` from
the Virtual Smart Card Architecture (see link above).
The code that treated a timeout as success was never reached, because the
surrounding if eliminated the possibility of entering the block when the return code
from SCardGetStatusChange was SCARD_E_TIMEOUT.
Issue found by Coverity Scan.
Some pinpads do not support PIN size less than 4 or greater than 8.
PC/SC v2 part 10 allows to ask the driver/reader for the supported
values. This avoids to have the SECURE PIN CCID command rejected by the
reader.
This should fix OpenSC ticket #361 "card-entersafe should ask the pinpad
reader for the maximum pin size"
The timeout parameter of SCardGetStatusChange() is a DWORD (unsigned
int). An int timeout parameter was used instead.
The problem happens on 64-bits architectures where DWORD is 64-bits long
and int is only 32-bits long. The sign extension C mechanism transforms
the PC/SC value INFINITE into -1 instead of 4294967295.
See http://www.opensc-project.org/pipermail/opensc-devel/2011-June/016831.html
"Kobil KAAN Advanced Reader, "waiting for card" timeout"
On Mac OS X the HP smart card keyboard claims secure PIN entry support but the PIN is transmitted to host.
Disregard the pinpad flag for this reader. Other readers claiming pinpad support but having problems to follow in this list.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5273 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c: In function 'refresh_attributes':
reader-pcsc.c:339: warning: declaration of 'rv' shadows a previous local
reader-pcsc.c:273: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5258 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c: In function 'refresh_attributes':
reader-pcsc.c:337: warning: declaration of 'state' shadows a previous local
reader-pcsc.c:272: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5257 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
The registry in no longer used to pass the
handles provided by BaseCSP. sc_ctx_use_reader
is used instead. (uses r5190)
A decryption routine was added as it is needed by login.
Key container names are based on the card serial
number and cert ID. The must be unique as they
are searched for in the certificate store to
find the card to insert in some situations.
If the handles change, the association to the reader
and card is refreshed as it may be a different card
or reader. (uses r5127)
Extra low lowel debugging was added. To use
it the CARDMOD_LOW_LEVEL_DEBUG but be defined in
cardmod.c This can log entries before and sc_context
is established.
The use of "texte" was replaced, as it looked like there
could be buffer overflows. It was replaced with a
loghex routine.
SC_ALGORITHM_RSA_HASH_MD5_SHA1 can now be used
(IE uses this.)
Several other bugs were fixed.
The code can now bue used for AD login, and was tested
with swaping cards duirng login, and with several readers.
The code is still experimental, and for login to work,
the dlls were moved to system32.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5192 c6295689-39f2-0310-b995-f0e70906c6a9
It is used by cardmod to pass in pointers to the PC/SC handles
provided by the caller of cardmod. Other drivers will return
an error if this routine called.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5190 c6295689-39f2-0310-b995-f0e70906c6a9
One of the few cards that has two different ATR-s is the EstonianEid card. The changing ATR (especially if
it has different protocol information and historical bytes) can cause confusion in many places, like
Microsoft BaseCSP or certain versions of pcsc-lite.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4890 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
reader-pcsc.c: In function ‘pcsc_detect_readers’:
reader-pcsc.c:856: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:884: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:894: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4211 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
1. Add --enable-cardmod to autoconf to enable feature explicitly.
2. Modify opensc-cardmod.dll to always have bitness suffix eg opensc-cardmod32.dll
3. Remove complex cardmod.h detection, could not find any reason for this.
4. Make cardmod.inf a template and inject opensc version into its version string.
5. More minor autoconf/automake cleanups.
6. Remove internal-winscard.h usage in cardmod.c as cardmod.h already includes winscard.h
7. DllMain is not exportable.
Notes:
1. I may caused other build not to work, will happy to work it out.
2. Cannot find reason why cardmod.inf cardmod-westcos.reg should reside in bin directory.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4003 c6295689-39f2-0310-b995-f0e70906c6a9
On OS X, when you insert a card, securityd sequentially starts all found Tokend-s to see if a card can be handled with one.
If a non-tokend application waits for a card insertion with sc_wait_for_event and tries to connect to the card right after the system sees it, it will fail with "The reader is in use by another application" 95% of the time.
With this hack connecting to the card succeeds 95% of the time with the probable penalty of an extra second on initialization for non-tokend clients.
This should only affect applications that wait for card insertion events.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3991 c6295689-39f2-0310-b995-f0e70906c6a9
- Remove slot abstraction from internal API and all reader drivers. CT-API (from where it all comes from) readers with multiple slots (if still found) can be presented as separate readers, OpenCT should remove the slot abstraction, PC/SC never knew about it. None of the tools knew how to use slots.
- Add sc_cancel (translates to SCardCancel)
- Re-implement sc_wait_for_event; support a blocking call.
- Replace the "int reader" API with "* sc_reader_t" style; add "Get reader by name" functionality.
- Remove "action" parameter from sc_disconnect_card() (was not used)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3931 c6295689-39f2-0310-b995-f0e70906c6a9
* Make opensc-tool -l display pinpad capabilities, if available
* Detect reader capabilities when a reader is found, not when a connection to a card is opened
* Fix unpadded PIN block parameters to not be rejected by the latest free CCID driver
* When locking the card and it has been reset by some other application (or re-attached), clear cache and lock again
* Enable pinpad detection by default
git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3730 c6295689-39f2-0310-b995-f0e70906c6a9
* Only set messages if the reader has display capabilities.
* Detect rejected pinpad commands
* Whitespace fixes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3679 c6295689-39f2-0310-b995-f0e70906c6a9
* Update IOCTL definitions to PC/SC part 10 v2.02.05
* Return SC_SUCCESS instead of 0 if returning SC_ codes.
* Detect the presence of a display with FEATURE_IFD_PIN_PROPERTIES
Tested with patched CCID driver on OS X, with SPR532 (no display) and OK3821 (with display)
Known CCID reader with a display:
ATMEL_AT91SO.txt: wLcdLayout: 0x0210
CardMan3821.txt: wLcdLayout: 0x0210
Kobil_EMV_CAP.txt: wLcdLayout: 0x0210
Xiring_XI-SIGN.txt: wLcdLayout: 0x020C
Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3666 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c:396: warning: declaration of 'priv' shadows a previous local
reader-pcsc.c:367: warning: shadowed declaration is here
reader-pcsc.c:909: warning: declaration of 'reader' shadows a previous local
reader-pcsc.c:901: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3519 c6295689-39f2-0310-b995-f0e70906c6a9
This is not the best solution, but focus on smallest code change.
Changes:
1. Add detect_readers() to reader opts, this adds new readers to the end
of the readers list until list is full.
2. Add sc_ctx_detect_readers() that calls readers' detect_readers().
3. Fixup pcsc_lock() so that it reconnect to the card and report proper
error so caller may be notified if session was lost.
4. Allow context to be created without readers.
5. Call sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with NULL_PTR.
6. Allow no reader at detect_card, as reader my be removed.
7. Since I broke ABI, I updated the external module version requirement
to match OpenSC version. In the future a separate version should be
maintained for each interface, this should be unrelated to the package
version.
Alon
---
svn merge -r 3480:3505 https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp
M src/tools/opensc-tool.c
M src/pkcs11/pkcs11-global.c
M src/pkcs11/slot.c
M src/libopensc/reader-pcsc.c
M src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
M src/libopensc/reader-ctapi.c
M src/libopensc/libopensc.exports
M src/libopensc/reader-openct.c
M src/libopensc/opensc.h
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3506 c6295689-39f2-0310-b995-f0e70906c6a9
1. Build system now supports MinGW (Windows) compilation using msys and cross compilation.
2. Ability to explicitly disable and enable dependencies of the package.
3. openct, pcsc and nsplugins features are disabled by default.
4. Modified pcsc driver to use pcsc dynamically, no compile time dependency is required.
5. --enable-pcsc-lite configuration option renamed to --enable-pcsc.
6. Install opensc.conf file (as opensc.conf.new if opensc.conf exists).
7. Add--enable-doc configuration option, allow installing documentation into target.
8. Add --disable-man configuration option, allow msys mingw32 users to
build from svn without extra dependencies.
9. Add export files to each library in order to export only required symbols.
Windows native build may use these files instead of scanning objects' symbols.
10. Add opensc-tool --info to display some general information about the build.
11. Create compatibility library to be linked against library instread of recompiling the
same source files in different places.
12. Add different win32 version resource to each class of outputs.
13. Make xsl-stylesheets location selectable.
14. Some win32 fixups.
15. Some warning fixups.
16. Many other autoconf/automake cleanups.
Alon Bar-Lev
svn diff -r 3315:3399 https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw
_M .
D configure.in
_M src
_M src/openssh
M src/openssh/Makefile.am
_M src/tools
M src/tools/rutoken-tool.c
M src/tools/opensc-tool.c
M src/tools/cardos-info.c
M src/tools/pkcs15-crypt.c
M src/tools/pkcs15-init.c
M src/tools/piv-tool.c
M src/tools/netkey-tool.c
M src/tools/eidenv.c
M src/tools/cryptoflex-tool.c
M src/tools/util.c
M src/tools/pkcs11-tool.c
M src/tools/pkcs15-tool.c
M src/tools/util.h
M src/tools/opensc-explorer.c
M src/tools/Makefile.am
_M src/pkcs11
M src/pkcs11/pkcs11-global.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-display.c
M src/pkcs11/pkcs11-object.c
A src/pkcs11/opensc-pkcs11.exports
M src/pkcs11/sc-pkcs11.h
M src/pkcs11/pkcs11-spy.c
M src/pkcs11/openssl.c
M src/pkcs11/Makefile.am
A src/pkcs11/pkcs11-spy.exports
_M src/tests
_M src/tests/regression
M src/tests/regression/Makefile.am
M src/tests/sc-test.c
M src/tests/pintest.c
M src/tests/Makefile.am
_M src/include
_M src/include/opensc
M src/include/opensc/Makefile.am
A src/include/opensc/svnignore
M src/include/Makefile.am
_M src/signer
_M src/signer/npinclude
M src/signer/npinclude/Makefile.am
M src/signer/Makefile.am
A src/signer/signer.exports
_M src/common
A src/common/compat_dummy.c
D src/common/getopt.txt
D src/common/strlcpy.c
D src/common/LICENSE
A src/common/compat_getopt.txt
A src/common/compat_strlcpy.c
A src/common/LICENSE.compat_getopt
A src/common/compat_getopt.c
D src/common/strlcpy.h
D src/common/ChangeLog
D src/common/getpass.c
D src/common/my_getopt.c
A src/common/compat_strlcpy.h
A src/common/compat_getpass.c
A src/common/compat_getopt.h
A src/common/ChangeLog.compat_getopt
D src/common/README.strlcpy
D src/common/my_getopt.h
A src/common/compat_getpass.h
A src/common/README.compat_strlcpy
D src/common/strlcpy.3
A src/common/README.compat_getopt
D src/common/getopt.3
D src/common/README.my_getopt
A src/common/compat_strlcpy.3
A src/common/compat_getopt.3
M src/common/Makefile.am
M src/Makefile.am
_M src/pkcs15init
M src/pkcs15init/pkcs15-oberthur.c
M src/pkcs15init/profile.c
M src/pkcs15init/pkcs15-lib.c
M src/pkcs15init/pkcs15-rutoken.c
A src/pkcs15init/pkcs15init.exports
M src/pkcs15init/pkcs15-gpk.c
M src/pkcs15init/Makefile.am
_M src/scconf
M src/scconf/Makefile.am
M src/scconf/parse.c
A src/scconf/scconf.exports
_M src/libopensc
M src/libopensc/card-rutoken.c
M src/libopensc/compression.c
M src/libopensc/sc.c
M src/libopensc/card-piv.c
M src/libopensc/pkcs15-openpgp.c
M src/libopensc/pkcs15-postecert.c
M src/libopensc/pkcs15-tcos.c
M src/libopensc/opensc-config.in
M src/libopensc/reader-pcsc.c
A src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
A src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-infocamere.c
M src/libopensc/internal.h
M src/libopensc/pkcs15-actalis.c
M src/libopensc/pkcs15-starcert.c
M src/libopensc/card-oberthur.c
M src/libopensc/pkcs15-atrust-acos.c
M src/libopensc/p15card-helper.c
D src/libopensc/part10.h
M src/libopensc/ui.c
M src/libopensc/card-gpk.c
M src/libopensc/pkcs15-wrap.c
M src/libopensc/pkcs15-gemsafeGPK.c
M src/libopensc/log.c
M src/libopensc/pkcs15-esteid.c
M src/libopensc/pkcs15-prkey-rutoken.c
M src/libopensc/log.h
M src/libopensc/Makefile.am
M src/libopensc/reader-openct.c
_M aclocal
M aclocal/Makefile.am
_M win32
M win32/Makefile.am
A win32/versioninfo.rc.in
A win32/ltrc.inc
A configure.ac
_M doc
_M doc/tools
M doc/tools/pkcs15-profile.xml
D doc/changelog.sh
D doc/export-wiki.xsl
_M doc/api
_M doc/api/file
M doc/api/man.xsl
_M doc/api/asn1
_M doc/api/apps
_M doc/api/init
_M doc/api/types
_M doc/api/card
M doc/api/html.xsl
_M doc/api/misc
_M doc/api/util
M doc/Makefile.am
D doc/export-wiki.sh
AM doc/nonpersistent
A doc/nonpersistent/export-wiki.xsl
A doc/nonpersistent/Makefile.am
A doc/nonpersistent/export-wiki.sh
A doc/nonpersistent/svn2cl.xsl
D doc/generate-man.sh
D doc/svn2cl.xsl
M Makefile.am
A svnignore
_M etc
M etc/opensc.conf.in
M etc/Makefile.am
D man
_M solaris
M solaris/Makefile
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3405 c6295689-39f2-0310-b995-f0e70906c6a9
This fixes pcsc_lock->pcsc_reconnect->protocol mismatch error escaping from reader-pcsc.c if some other application has set the card to a different protocol.
* pcsc_reconnect uses PC/SC return values, pcsc_reset uses OpenSC; 0 -> SC_SUCCESS
* CCID driver with OmniKey 1021 returns SCARD_W_UNPOWERED_CARD when a card is inserted upside-down. Translate the currently unknown error into 'Unresponsive card'.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3386 c6295689-39f2-0310-b995-f0e70906c6a9
{{{
sc.c:201:sc_detect_card_presence: returning with: Unknown error
SCardGetStatusChange failed: 8010002e
}}}
* When doing a reset with pcsc_reconnect do a cold reset instead a warm one to allow next change
* Change the protocol force feature to change the protocol with a hard reset only when needed to prevent:
{{{
SCardConnect failed: 8010000f
card.c:228:sc_connect_card: returning with: Unknown error
}}}
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3144 c6295689-39f2-0310-b995-f0e70906c6a9
* Remove the locked status from the reader no matter what SCardEndTransaction thinks - either the card was removed or broken pcsc allowed to reset the card while in a transaction (pcsc-lite before Oct. 2006)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3100 c6295689-39f2-0310-b995-f0e70906c6a9
Martin Paljak
Viktor Tarasov
Alon Bar-Lev
Ludovic Rousseau
Frank Morgner
Ludovic Rousseau
martin
ludovic.rousseau
dengert
vtarasov
flc
viktor.tarasov
aj
alonbl
nils