PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
--slot will take the actual CK_SLOT_ID
--slot-label will use the token label to find the correct slot
--slot-index will use the N-th slot from the list returned by C_GetSlotList
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4746 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
This version, additionally, skips this step entirely if there is no current_path; this is useful when starting with --mf "".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4638 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
--debug was not documented and not used by other tools; --help was not handled.
Thanks to Ludolf Holzheid for noticing this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4596 c6295689-39f2-0310-b995-f0e70906c6a9
westcos-tool.c: In function ‘main’:
westcos-tool.c:375: warning: unused variable ‘lecteur’
westcos-tool.c:373: warning: unused variable ‘card_presente’
westcos-tool.c:372: warning: unused variable ‘p’
westcos-tool.c:371: warning: unused variable ‘i’
westcos-tool.c: At top level:
westcos-tool.c:43: warning: ‘version’ defined but not used
westcos-tool.c:45: warning: ‘nom_card’ defined but not used
westcos-tool.c:103: warning: ‘no_lecteur’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4420 c6295689-39f2-0310-b995-f0e70906c6a9
Without GNU C extention 'getline()' the same code of the local 'getpass' procedure is used for Mac OS and Linux.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4272 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-crypt.c: In function ‘sign_ext’:
pkcs15-crypt.c:293: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-crypt.c:299: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4183 c6295689-39f2-0310-b995-f0e70906c6a9
for DES_ecb_encrypt() input and output parameters.
I have no idea how it could have worked.
Fix
cardos-tool.c: In function ‘cardos_sm4h’:
cardos-tool.c:421: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:421: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4181 c6295689-39f2-0310-b995-f0e70906c6a9
util.c:11: warning: declaration of ‘wait’ shadows a global declaration
/usr/include/sys/wait.h:255: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4180 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1606: warning: passing argument 3 of
‘util_connect_card’ discards qualifiers from pointer target type
rutoken-tool.c:492: warning: passing argument 3 of ‘util_connect_card’
discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4179 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c: In function ‘load_object’:
piv-tool.c:130: warning: implicit declaration of function ‘sc_asn1_find_tag’
piv-tool.c:130: warning: nested extern declaration of ‘sc_asn1_find_tag’
piv-tool.c:130: warning: cast from function call of type ‘int’ to non-matching type ‘u8 *’
piv-tool.c:130: warning: cast to pointer from integer of different size
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4178 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix pkcs11-tool.c:2954: warning: dereferencing type-punned pointer will
break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4174 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
pkcs11-tool.c:1899: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1902: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1906: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1910: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1914: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1918: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1922: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4173 c6295689-39f2-0310-b995-f0e70906c6a9
Four method are added to the 'sc_pkcs15init_operations':
emu_update_dir -- create or not the DIR file;
emu_update_any_df -- update the non-pkcs15 descriptors that are equivalents to pkcs15 xDF files;
emu_update_tokeninfo -- update analog of tokenInfo;
emu_write_info -- to not create OPENSC-INFO file;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4128 c6295689-39f2-0310-b995-f0e70906c6a9
It's implemented for the card with emulated pkcs#15 and protected private object attributes.
Update to man pages is comming soon.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4126 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
(with "Unsupported card"). This needs to be improved.
This patch changes the "initialization" to "binding", so we at least
can tell people: you need to initialized an empty card first.
Needs to be improved of course.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4117 c6295689-39f2-0310-b995-f0e70906c6a9
Implemented to have the possibility to verify PIN after binding of the pkcs15 card and before any 'substantial' operation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4093 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
The implementation was based on the previous MSC build, each tool had its own
description in version resource.
This change sets a single version resource to all files, and produces much
simpler build.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3980 c6295689-39f2-0310-b995-f0e70906c6a9
thus we don't need to worry about if the pin/so-pin was passed
for the old structures (before erase) or the new ones (if used
with create).
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3966 c6295689-39f2-0310-b995-f0e70906c6a9
One of the three unblock methods can be activated from the 'opensc-pkcs11' section of opensc.conf:
- C_SetPin() in the unlogged sesssion;
- C_SetPin() in the CKU_SPECIFIC_CONTEXT session;
- C_InitPin() in CKU_SO session (inspired by Pierre Ossman).
-- This last one works, for a while, only for the pkcs15 cards without SOPIN auth object.
For the pkcs15 cards with SOPIN, this method will be useful for the cards
that do not have then modes '00' and '01' of ISO command 'RESET RETRY COUNTER'.
Test commands:
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin -l --login-type context-specific --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999"
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3901 c6295689-39f2-0310-b995-f0e70906c6a9
Splitted key is stored as the two private keys with the same ID.
(It's not conform to PKCS#15, but tolerated by OpenSC.)
Previously used 'sc_pkcs15_find_prkey_by_id()' is not appropriated to the case of splitted key.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3900 c6295689-39f2-0310-b995-f0e70906c6a9
a minor mistake in my patch for opensc_info(). For the Sun Studio 12.1
compiler (__SUNPRO_C == 0x5100) and later versions also, it must be
(__SUNPRO_C >> 4) & 0xFF to split the micro and mask the major version
number.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3881 c6295689-39f2-0310-b995-f0e70906c6a9
Working now with GOST R 34.10:
$ pkcs15-init --store-private-key key --key-usage sign,decrypt --auth-id 2 --id 1 --pin "12345678"
$ pkcs15-init --store-certificate my_cert --id 1 --pin "12345678"
But have problem: no CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if pub_key object was removed (see parse_x509_cert, asn1_decode_gostr3410_params)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3859 c6295689-39f2-0310-b995-f0e70906c6a9
* Make opensc-tool -l display pinpad capabilities, if available
* Detect reader capabilities when a reader is found, not when a connection to a card is opened
* Fix unpadded PIN block parameters to not be rejected by the latest free CCID driver
* When locking the card and it has been reset by some other application (or re-attached), clear cache and lock again
* Enable pinpad detection by default
git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3730 c6295689-39f2-0310-b995-f0e70906c6a9
1. They are not binaries.
2. No need for resources.
3. Put in separate files.
Anyway, do we actually need these? why not just document
that cardos-tool should be used instead?
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3574 c6295689-39f2-0310-b995-f0e70906c6a9
5 is not (length byte for data, but no data?). 6 or more is ok
(length byte and data). checking for "5" is not important.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3573 c6295689-39f2-0310-b995-f0e70906c6a9
I found the following patch to opensc-explorer handy when cleaning up
after some failed keygens (but not all, since you can't delete private
key objects). It switches the card to the admin lifecycle at startup:
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3538 c6295689-39f2-0310-b995-f0e70906c6a9