CKA_SPKI is a vendor defined attribute to be used internally
as input to to OpenSSL d2i_PUBKEY
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: framework-pkcs15.c
modified: mechanism.c
modified: openssl.c
modified: pkcs11-opensc.h
OpenSC opennssl.c in sc_pkcs11_verify_data assumes that it can
retieve the CKA_VALUE for a public key object, and expect it to
be usable as RSA.
But internally sc_pkcs15_pubkey can have a "raw" or "spki"
version of the public key as defined by PKCS#15. Card drivers
or pkcs15-<card> routines may store either the "raw" or "spki"
versions. A get attribute request for CKA_VALUE for a public key
will return either the raw, spki or will derived rsa verison of the
pubkey.
This commit will test if the CKA_VALUE is a spki and use d2i_PUBKEY
which takes a spki version and returns an EVP_KEY. If it not an spki
the current method, d21_PublicKey(EVP_PKEY_RSA,...) is used which
only works for RSA.
The problem was found while testing pkcs11-tool -t -l where
the verify tests would fail with a CKR_GENERAL_ERROR because
the card driver stored the public key as a spki.
On branch verify-pubkey-as-spki-2
Changes to be committed:
modified: src/pkcs11/openssl.c
Date: Fri Apr 07 07:50:00 2017 -0600
- pcsc driver takes over all the functionality
- no dedicated reader driver config values for cardmod, use application
specific blocks to define a different behavior for the pcsc reader if
needed
- removes legacy code; requiring at least libpcsclite 1.6.5
Fixes https://github.com/OpenSC/OpenSC/issues/892
Keygen should write public keys with explicit CKA_PRIVATE=false by default (possibility to modify by --private switch)
Related to 4df35b92 discussing writing separate objects years ago.
* Set security context for CardOS 5.3 with p1=0x41 (as Coolkey does)
* Do not emulate signatures in CardOS 5.3
Remove the bogus SC_ALGORITHM_NEED_USAGE which prevents using the
actual implementation in cardos_compute_signature().
It might be bogus also in previous version, but I don't have a way
to verify against these cards.
* Do not advertise RSA-X-509 mechanism for CardOS 5.3 (card strips padding)
For testing RSA-X-509, we are generating random bytes for signing. It
may happen that the modulus is smaller than the random number
generated, which triggers an error in the card. With this change, we
are setting the most significant byte to 0x00 to assure the random
number is smaller than the modulus.
card-cac.c
* CLANG_WARNING: The left operand of '<' is a garbage value
card-coolkey.c
* CLANG_WARNING: overwriting variable
* CPPCHECK_WARNING: memory leak / overwrite variable
* CLANG_WARNING: null pointer dereference
* UNUSED_VALUE: unused return value
card-gids.c
* CLANG_WARNING: Branch condition evaluates to a garbage value
* SIZEOF_MISMATCH: suspicious_sizeof
card-myeid.c
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
* CLANG_WARNING: overwriting variable
* (rewrite not to confuse coverity)
pkcs15-cac.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-coolkey.c
* UNUSED_VALUE: unused return value
pkcs15-piv.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-sc-hsm.c
* DEADCODE
pkcs11/framework-pkcs15.c
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
pkcs15init/pkcs15-lib.c
* CLANG_WARNING: Assigned value is garbage or undefined
pkcs15init/pkcs15-myeid.c
* UNREACHABLE: Probably wrong placement of code block
tests/p15dump.c
* IDENTICAL_BRANCHES
pkcs15-init.c
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
pkcs15-tool.c
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
* MISSING_BREAK: The above case falls through to this one.
sc-hsm-tool.c
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
westcos-tool.c
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
* (rewrite not to confuse coverity)
card-cac.c
* Avoid malloc with 0 argument
gids-tool.c
* FORWARD_NULL -- copy&paste error
scconf.c
* CLANG_WARNING: Call to 'malloc' has an allocation size of 0 bytes
closes#982
According to minidriver specs CardReadFile() method output parameters are
optional so don't return SCARD_E_INVALID_PARAMETER when they are NULL.
Also, use this opportunity to walk through this function helpers to make
sure they correctly return error status.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
According to minidriver specs CardGetChallenge() method parameters
are purely for output and do not have a meaning of requested challenge
length, so remove a misleading log line.
There is also no need to have a special case for pcbChallengeData being
NULL since in this case the function would have exited early anyway with
SCARD_E_INVALID_PARAMETER (also, it was just dereferenced in the previous
code line).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since last commit GCC warns us about problems with format strings and their
arguments in minidriver, so let's fix these warnings just as we did in rest
of the OpenSC code.
Most of these warnings were about DWORDs being printed as ints, there were
also some format directives and size_t size specifiers missing and various
misc format / parameter disagreements.
Attempt was made to keep log strings as-is, only the most obvious typos
were fixed.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Commit "Add GCC format checking attributes to log functions" added format
and parameter checking to OpenSC log functions.
Minidriver, however, logs most of its output via a dedicated log function,
so this function needs such attributes, too.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Mingw currently links to msvcrt.dll as C runtime.
This library is documented by Microsoft as off-limits to applications and
its feature set vary between Windows versions.
Due to this, presence of particular printf() format string directives
depends on which Windows version the code is run.
This is, naturally, bad, so mingw developers introduced ability to replace
formatted output functions with built-in equivalents with defined feature
set by setting "__USE_MINGW_ANSI_STDIO" macro to 1.
There are, however, no built-in equivalents for "_s" suffixed functions.
Fortunately, they are used only a few times in minidriver so let's simply
replace them with equivalent code using standard functions.
This also allows skipping "MINGW_HAS_SECURE_API" macro definition so any
future uses will be caught by compiler.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Looks like Travis CI build server found a few cases of log function format
string not being a string literal (now that log functions have necessary
attributes to check for such things).
Some instances clearly aren't a real problem, but to be future-proof and to
avoid compiler warnings let's fix all of them (that I was able to find in
code).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Since "Add GCC format checking attributes to log functions" commit GCC
warns us about problems with format strings and their arguments provided
to OpenSC message logging functions.
This commit fixes all cases where GCC warned about incorrect format on
64-bit Linux, 32-bit and 64-bit mingw builds (with SM and OpenSSL enabled).
Well, almost all since on mingw GCC does not recognize "ll" size specifier
(present at least since Visual Studio 2005, also in mingw own CRT) so these
(few) warnings about it remain.
In most cases format size specifier for size_t type was missing (usually
size was left at default int level, with is different on 64-bit x86).
Some formats had too few / too many arguments.
In some cases pointers were printed as integers.
Some long variables were missing "l" prefix (especially with regard to %x
format).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
GCC can check format and parameter correctness in printf()-like functions
for us so let's add necessary attributes to our log functions to emit a
warning where their way of being called is likely in need to be inspected
for correctness.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver currently has basic support for unblocking card PIN by providing
PUK as an administrator password to CardUnblockPin() function.
However, this doesn't work for example when trying to unblock PIN via
system smartcard PIN unblock screen accessible after pressing Ctrl+Alt+Del
as it wants to use challenge / response authentication.
MS Smart Card Minidriver specification (version 7.07) explicitly says that
challenge / response is the only authentication mode that Windows uses to
authenticate an administrator.
Unfortunately, this way of unblocking PIN seems to not be widely supported
by cards.
However, we can simply treat the provided response to challenge as PUK.
Because (at least) Ctrl+Alt+Del PIN unblock screen accepts only hex string,
every PUK digit X has to be input as '3X' (without quotes) there.
Also the response string is not hidden behind asterisks on this screen as
it should been.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver contained a hack since commit 7ef766b785 in 2010 to print to
debug file directly under mingw (instead of using normal OpenSC logging
system), as there was problem with "%S" format specifier then.
However, on recent mingw versions "%S" format works fine so let's remove
this hack.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Some of existing code prints pointer differences, but without taking into
account that printf length modifier required for this differs between
systems.
Add SC_FORMAT_LEN_PTRDIFF_T macro for this, just as we have for size_t
variables.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Add "--reset" parameter with optional argument to opensc-tool which
resets a card in reader. Both cold or warm resets are possible
(cold is default).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
C_OpenSession() creates a long int session handle from address of allocated
session struct, however it has to be taken into consideration that on Win64
long int is still 32-bit, so the address is going to be truncated and
because of that not guaranteed to be unique.
Add session handle uniqueness check to catch when there is already a
session with the same handle present.
This also fixes a warning when building on 64-bit mingw.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
SM test in configure.ac makes use of LIB_PRE and DYN_LIB_EXT variables so
let's move it further down in this file, just after these variables are
assigned.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
This commit fixes most of warnings shown by GCC on 64-bit Linux, 32-bit and
64-bit mingw builds (with SM and OpenSSL enabled).
These warnings were mostly caused by missing casts.
In minidriver there was also a bit of unused variables and dead code.
Remaining warnings on mingw are mostly caused by GCC not recognizing on
this platform "ll" size specifier (present at least since
Visual Studio 2005, also in mingw own CRT) and "z" size specifier (this one
will be fixed in next commits).
There is also a warning about pointer truncation on Win64 when making
PKCS#11 object handle from pointer to this object.
This is a legitimate warning, since it could result in the same handles
being generated from different pointers and so from different objects.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Currently, minidriver build is broken on mingw. Let's make it work again.
For this, include adapted cardmod-mingw-compat.h with few function argument
decorations from Alon Bar-Lev's old build repository to make mingw build
almost self-contained - still requires cardmod.h from CNG, however.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Minidriver installer custom action library needs WiX SDK to build.
Since installer is an optional component anyway let's detect whether WiX
SDK is present on build platform and then decide whether to build installer
custom action library or not.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
OpenSC used SUSv3 "z" printf length modifier for printing size_t variables,
however this modifier is not available on Windows ("I" must be used
instead), at least for now.
Introduce SC_FORMAT_LEN_SIZE_T define for that purpose and convert existing
code to use it when printing size_t variables.
This define can't go into libopensc/internal.h since tools use it, too.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>