Commit Graph

7435 Commits

Author SHA1 Message Date
Frank Morgner 887340c04d Generalized fuzzing script 2019-01-30 21:57:59 +01:00
Frank Morgner 7f7bcbff52 fixed misuse of realloc
calling it with size 0 leads to a free, which eventually may lead to a
double free corruption.
2019-01-30 21:57:59 +01:00
Frank Morgner d0b499cda3 reuse previous fuzzing results if possible 2019-01-30 21:57:59 +01:00
Frank Morgner 9e5d7bc873 added minimal test script for fuzzing with AFL
Credits go to https://www.x41-dsec.de/lab/blog/smartcards/
2019-01-30 21:57:59 +01:00
Frank Morgner 2ad7453718 use const qualifier for sc_simpletlv_read/put_tag 2019-01-30 21:57:59 +01:00
Frank Morgner 893be0d9c0 fixed memory leaks 2019-01-30 21:57:59 +01:00
Frank Morgner 83c4ebe9d6 goid-tool: reset authentication status 2019-01-30 13:00:14 +01:00
Frank Morgner fc08d89247 goid-tool: differ PAccess and SoCManager usage 2019-01-30 09:35:16 +01:00
Frank Morgner a8c84d490a handle multiple verifications when changing secret 2019-01-30 09:35:11 +01:00
Raul Metsma 70d690ace7 r value is already checked on line 113 (#1582) 2019-01-24 13:15:13 +01:00
Jakub Jelen f161c3a178 Remove repeated words from manual pages 2019-01-23 20:41:01 +01:00
Frank Morgner 4916d07ff2 fixed unused check 2019-01-20 23:02:21 +01:00
Frank Morgner 1565f48084 added LGTM badge 2019-01-20 23:02:21 +01:00
Frank Morgner 79d019fc5f fixed typo
closes https://github.com/OpenSC/OpenSC/issues/1576
2019-01-20 23:02:21 +01:00
Frank Morgner 745b8cf420 added include guards to compatibility headers 2019-01-20 23:02:21 +01:00
Frank Morgner 6bf7c0d219 don't hide global variables 2019-01-20 23:02:21 +01:00
Frank Morgner 1991dcea0d removed unused comparison 2019-01-20 23:02:21 +01:00
Frank Morgner 3fe198f21e treat records with size_t 2019-01-20 23:02:21 +01:00
Frank Morgner 1106508656 removed tautologic comparison 2019-01-20 23:02:21 +01:00
Frank Morgner 4b30858092 pkcs11-tool: fixed argument type
reported by lgtm
2019-01-20 23:02:21 +01:00
Frank Morgner d806ee3245 fixed unsafe usage of gmtime
reported by lgtm
2019-01-20 23:02:21 +01:00
Frank Morgner b8b4f7c36f goid-tool: added error checking for verify/change 2019-01-18 23:02:36 +01:00
Martin Paljak c3a9837b10 Add mechanisms used by SoftHSM2
/Library/OpenSC/bin/pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -M

will not show any more numeric mechanisms.

Source: https://www.cryptsoft.com/pkcs11doc/STANDARD/include/v240e01/pkcs11t.h
2019-01-15 13:07:58 +02:00
Raul Metsma 3c1d425eb9 Remove unused include
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-01-15 12:48:26 +02:00
Mat e19fe680c4 Add object type "secrkey" to help of --type switch in pkcs11-tool (#1575)
* Add object type "secrkey" to help of --type switch in pkcs11-tool

Reading an object with pkcs11-tool requires the `--type` switch. The help for that switch is currently incomplete as it is missing the (not very friendly named" *secrkey* option used to read out a secret key object.

I have added this information to the help description.

* Update man page

Describe secrkey option of pkcs11-tool's --type switch in man page
2019-01-15 07:32:41 +01:00
Hannu Honkanen 87d7eb2214 Select MyEID applet with AID in myeid_init() to ensure that it is selected before sending other commands. 2019-01-15 07:32:03 +01:00
Doug Engert 08a02ed5d2 Fix PKCS#11 Object Restrictions
Framework-pkcs15.c silently ignores adding objects if MAX_OBJECTS
is exceeded while creating the fw_data objects. This simple fix
is to change the MAX_OBJECTS from 64 to 128. A better fix would
be to realloc the objects arrays as needed.

__pkcs15_create_data_object and __pkcs15_create_secret_key_object
now return rv like the other  __pkcs15_create_*_object routines.

pkcs15_dobj_get_value now calls sc_pkcs15_read_data_object just like
the other pkcs15_*_get_value routines. The problem was introduced
in 0c3412bb 2018-04-09 which added:
 `return sc_to_cryptoki_error(SC_SUCCESS, "C_GetAttributeValue");`
before trying to read the data object.

The MAX_OBJECT problem was discovered while trying to use a new PIV
card with 24 standard cert objects and 10 other objects for a total
of 106 objects. Each cert object corresponds to a cert, pubkey,
private key, and the cert object itself for a possible 112 data objects.

The pkcs15_dobj_get_value was found while running:
running pkcs11-tool -r -y data --application-id 2.16.840.1.101.3.7.2.1.1
using git bisect to locate the bad commit.  The pkcs11 data objects are
created last from the pkcs15 objects which are a linked list with no limits.

 On branch fix-object-restrictions
	modified:   src/pkcs11/framework-pkcs15.c
2019-01-15 07:31:39 +01:00
Frank Morgner 53dfde94a9 iso-sm: fixed allocating enough data
regression from aa940e8619
2019-01-15 07:31:20 +01:00
Frank Morgner 7d36bab701 don't force the max buffer size with Le=0
This happens, when we know the size will be smaller, but we still use
Le=0 in case of SM.
2019-01-15 07:31:20 +01:00
Frank Morgner 609e2d89cf added GoID Tool 2019-01-15 07:31:20 +01:00
Frank Morgner 141ec6ab23 added shortcut to update binary via sfid 2019-01-15 07:31:20 +01:00
Frank Morgner 1eda4c1795 sc-hsm-tool: add support for initializing biometry 2019-01-15 07:31:20 +01:00
Frank Morgner 3611b5c9f2 tools: fixed colors if -v is specified 2019-01-15 07:30:46 +01:00
Frank Morgner fbb4d1f843 tools: use consistent behavior of -v
-v switches to debug output to stderr in OpenSC tools regardless of the opensc.conf setting
2019-01-15 07:30:46 +01:00
Frank Morgner 0af46c88b7 added tests for Microsoft CryptoAPI
imported from https://github.com/CardContact/sc-hsm-embedded
2019-01-15 07:30:13 +01:00
Frank Morgner d9e253bd1b reduce the number of builds
a single build of clang and gcc each is enough
2019-01-15 00:10:55 +01:00
Frank Morgner f453c412b6 Simulate and test Open Source Java Card Applets
Compiles jCardSim, IsoApplet, GidsApplet, ykneo-openpgp, PivApplet as described [here](https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Simulation).  Thanks to https://github.com/arekinath/jcardsim/ this is now also possible on Linux in combination with https://github.com/frankmorgner/vsmartcard.

Travis-CI now also runs some basic personalization and PKCS#11-tests.

This commit also adds caching of apt, brew and maven packages as well as the OpenSSL/OpenPACE build on macOS
2019-01-15 00:10:55 +01:00
Peter Marschall bb6b78937f OpenPGP: harmonize error messages around 'key_id'
* consistently use term "Invalid key ID; must be 1, 2, or 3" in error messages
  about invalid key IDs instead of various alternatives.
* use error type SC_ERROR_INVALID_ARGUMENTS instead of SC_ERROR_INVALID_DATA
  when the key_id was passed to the respective function
* harmonize the checks to consistently use 'key_id < ... || key_id > ...'

In addition, initialize a variable to keep clang & compilers on OSX happy.
2019-01-06 22:34:52 +01:00
Peter Marschall 57e66fd42e OpenPGP: harmonize error messages
Combine sequences
	sc_log(..., "...");
	LOG_FUNC_RETURN(...);
where c_log() prints a constant string
by
	LOG_TEST_RET(..., "...");

This change results in shorter, more concise code as well as
better harmonized error messages.
2019-01-06 22:34:52 +01:00
Peter Marschall 5544418339 OpenPGP: harmonize error messages used in LOG_TEST...() calls
Don't terminate the messages with a period, because they are going to end up
as the first argument to a format string of the form "%s: ...".
I.e. they will be part of a longer string and terminated by a colon anyway.
2019-01-06 22:34:52 +01:00
Peter Marschall b95d936e6c OpenPGP: allow reading large DOs in v3 cards
Set the read buffer size in pgp_read_blob() large enough to contain DOs
with the maximum size defineable in the extended capabilities DO 00C0.
2019-01-06 22:28:14 +01:00
Frank Morgner ee9abfcc71 Appveyor: use deploy_script 2019-01-04 00:46:41 +01:00
Frank Morgner 5c50dc58da fixed 320270 Dereference after null check 2019-01-04 00:44:45 +01:00
Frank Morgner aa940e8619 iso-sm: avoid allocation of big chunk of data
Use unencrypted APDU's resplen to estimate the size of the required SM
response buffer
2019-01-04 00:43:48 +01:00
Frank Morgner 6f0f42c506 fixed use of uninitialized data
When card->sm_ctx.ops.free_sm_apdu gets called in sc_sm_single_transmit
with a prior transmission error, then `sm_encrypt` still tries to
decrypt the response and hence, accesses the previously uninitialized
`resp`.
2019-01-04 00:43:48 +01:00
Peter Marschall a6ee84f13d opensc-explorer: fix 'pin_info' command
Correctly treat 'data.pin1.logged_in' as tristate instead of boolean.
While at it, fix visual glitch to not wrap around a stand-alone period.
2019-01-02 09:08:00 +01:00
Peter Marschall d577802ea7 OpenPGP: emulate SC_PIN_CMD_GET_INFO command for cards not supporting it 2019-01-02 09:06:54 +01:00
Peter Marschall 7092d32830 OpenPGP: get rid of "magic" constants in pgp_gen_key()
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'apdu_data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(apdu_data)' instead of additional magic constants.
2019-01-02 09:05:51 +01:00
Peter Marschall 4c51a53bed OpenPGP: get rid of "magic" constants in gnuk_delete_key()
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants and C's string semantic.
Also use 'sizeof(data)' instead of strange strlen() calculations.
2019-01-02 09:05:51 +01:00
Peter Marschall 0a903522b8 OpenPGP: get rid of "magic" constants in pgp_build_extended_header_list()
Use defined symbolic names for well-known DOs to copy data to a correctly
defined buffer 'data' using ulong2bebytes() instead of relying on
"magic" constants.
2019-01-02 09:05:51 +01:00