* Only set messages if the reader has display capabilities.
* Detect rejected pinpad commands
* Whitespace fixes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3679 c6295689-39f2-0310-b995-f0e70906c6a9
multipart encryption when, for example, the data is too big to fit in
one APDU. It basically calls the Cipher.update() method until all data
has been processed. However, the Java Card API documentation advises
against using update():
"This method requires temporary storage of intermediate results. In
addition, if the input data length is not block aligned (multiple of
block size) then additional internal storage may be allocated at this
time to store a partial input data block. This may result in additional
resource consumption and/or slow performance. This method should only
be used if all the input data required for the cipher is not available
in one byte array. If all the input data required for the cipher is
located in a single byte array, use of the doFinal() method to process
all of the input data is recommended."
As the card's JVM was returning an internal exception when using
OP_PROCESS, it was decided to implement an msc_crypt_final_object()
function in OpenSC that uses the msc_object_*() functions to read/write
all the data from the card. This way, it is possible to transmit/receive
"arbitrarily" large data chunks to/from the card and use doFinal(). This
is the fallback method when, for example, using 2048 bit keys and the
card doesn't support extended APDUs.
Thanks to Joao Poupino for the patch
http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3673 c6295689-39f2-0310-b995-f0e70906c6a9
* Update IOCTL definitions to PC/SC part 10 v2.02.05
* Return SC_SUCCESS instead of 0 if returning SC_ codes.
* Detect the presence of a display with FEATURE_IFD_PIN_PROPERTIES
Tested with patched CCID driver on OS X, with SPR532 (no display) and OK3821 (with display)
Known CCID reader with a display:
ATMEL_AT91SO.txt: wLcdLayout: 0x0210
CardMan3821.txt: wLcdLayout: 0x0210
Kobil_EMV_CAP.txt: wLcdLayout: 0x0210
Xiring_XI-SIGN.txt: wLcdLayout: 0x020C
Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3666 c6295689-39f2-0310-b995-f0e70906c6a9
the old code was undefined, but ok (variables where never used
again in the "goto error" case). but the new code should
be clearer on this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3658 c6295689-39f2-0310-b995-f0e70906c6a9
- Correctly report Cryptoki version if v2.20 is used.
- Consistently report no version for hardware/software we know no version information about.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3627 c6295689-39f2-0310-b995-f0e70906c6a9
* Increase default slot count to 16, which equals 4 concurrent readers by default
* 2 OpenCT + 2 PC/SC on Linux for example
* Rename num_slots to slots_per_card
* Rename internal PKCS#11 variables, remove unneeded defines.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3619 c6295689-39f2-0310-b995-f0e70906c6a9
Most users don't use more than one or two tokens concurrently. This way default configuration (or with no configuration file) works even after you insert a PC/SC reader as OpenCT does not "eat up" all PKCS#11 slots with 5 virtual readers.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3618 c6295689-39f2-0310-b995-f0e70906c6a9
* Work as expected without a configuration file
* "Normalize" the configuration file: show the used default and give examples with opposite values.
* DWIM:
* If there is no config file: try all builtin drivers
* If there is a configuration file, allow to turn emulation off
* If there is a configuration file, allow to filter the list of internal drivers
* Introduce a PKCS#15 layer card flag for emulated cards
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3613 c6295689-39f2-0310-b995-f0e70906c6a9
ACL settings, and check C_CreateObject parameter CKA_PRIVATE aka
pkcs15_create_data args.auth_id variable, aka sc_pkcs15init_new_object
object->flags & SC_PKCS15_CO_FLAG_PRIVATE to decide if "data" or "privdata"
profile needs to be used.
Tested with cryptoflex 32k and opensc-explorer, now I no longer can
"get" the data object file stored with "--private".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3605 c6295689-39f2-0310-b995-f0e70906c6a9
Win64 changed the SCARDCONTEXT from LONG to ULONG_PTR,
pcsc-lite did not follow this on 64bit platforms.
This breaks the pcsc module.
To solve this we use installed winscard.h in order to get proper
declerations.
As mingw32 does not have winscard.h we keep current types. mingw64 and
pcsc-lite system have winscard.h.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3590 c6295689-39f2-0310-b995-f0e70906c6a9
1. They are not binaries.
2. No need for resources.
3. Put in separate files.
Anyway, do we actually need these? why not just document
that cardos-tool should be used instead?
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3574 c6295689-39f2-0310-b995-f0e70906c6a9
5 is not (length byte for data, but no data?). 6 or more is ok
(length byte and data). checking for "5" is not important.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3573 c6295689-39f2-0310-b995-f0e70906c6a9
By Stanislav Brabec
entersafe_init_pin_info() was declared as int, but defined and used as
void, resulting in a function returning an unused pseudo-random value.
card-gemsafeV1.c uses comparison 'type == "DF"', which is always false,
as it compares pointer to a string with pointer to the string "DF" in
the code.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3563 c6295689-39f2-0310-b995-f0e70906c6a9
The pkcs15-gemsafeV1.c code assumes that the key_ref is always 3. But that is
not always the case. In our case it is 4. The patch tries to determine the
key_ref by looking at what appears to be a table of allocated keys, and picking
the first allocated key.
In case this is not always true, the patch will also allow for the the
opensc.conf card flag = n to specify the key_ref as the low order 4 bits of the
flag.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3557 c6295689-39f2-0310-b995-f0e70906c6a9
I found the following patch to opensc-explorer handy when cleaning up
after some failed keygens (but not all, since you can't delete private
key objects). It switches the card to the admin lifecycle at startup:
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3538 c6295689-39f2-0310-b995-f0e70906c6a9
Nowhere in pkcs15init/pkcs15-cardos.c is the user pin ever
requested or presented to the card.
Since the update acl for the key object uses the user pin, the GENERATE
KEY operation fails when it isn't logged in.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3537 c6295689-39f2-0310-b995-f0e70906c6a9
$ opensc-explorer
OpenSC Explorer version 0.11.4-svn
OpenSC [3F00]> cat
only working EFs may be read
OpenSC [3F00]> cat
only working EFs may be read
opensc-explorer: sc.c:492: sc_file_free: Assertion `sc_file_valid(file)' failed.
Aborted
$ opensc-explorer
OpenSC Explorer version 0.11.4-svn
OpenSC [3F00]> cd ff00
OpenSC [3F00/FF00]> cat
only working EFs may be read
OpenSC [3F00/FF00]> cd ..
opensc-explorer: sc.c:492: sc_file_free: Assertion `sc_file_valid(file)' failed.
Aborted
By Aktiv Co. Aleksey Samsonov
And some more Cleanups
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3526 c6295689-39f2-0310-b995-f0e70906c6a9
card-akis.c:400: warning: declaration of 'system' shadows a global declaration
/usr/include/stdlib.h:730: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3521 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c:396: warning: declaration of 'priv' shadows a previous local
reader-pcsc.c:367: warning: shadowed declaration is here
reader-pcsc.c:909: warning: declaration of 'reader' shadows a previous local
reader-pcsc.c:901: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3519 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-cardos.c:547:5: warning: "SET_SM_BYTES" is not defined
pkcs15-cardos.c:585:5: warning: "SET_SM_BYTES" is not defined
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3517 c6295689-39f2-0310-b995-f0e70906c6a9
If card was reset or reader reconnected, verify can restart
transaction, as upper level will not cache PIN in this case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3508 c6295689-39f2-0310-b995-f0e70906c6a9
This is not the best solution, but focus on smallest code change.
Changes:
1. Add detect_readers() to reader opts, this adds new readers to the end
of the readers list until list is full.
2. Add sc_ctx_detect_readers() that calls readers' detect_readers().
3. Fixup pcsc_lock() so that it reconnect to the card and report proper
error so caller may be notified if session was lost.
4. Allow context to be created without readers.
5. Call sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with NULL_PTR.
6. Allow no reader at detect_card, as reader my be removed.
7. Since I broke ABI, I updated the external module version requirement
to match OpenSC version. In the future a separate version should be
maintained for each interface, this should be unrelated to the package
version.
Alon
---
svn merge -r 3480:3505 https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp
M src/tools/opensc-tool.c
M src/pkcs11/pkcs11-global.c
M src/pkcs11/slot.c
M src/libopensc/reader-pcsc.c
M src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
M src/libopensc/reader-ctapi.c
M src/libopensc/libopensc.exports
M src/libopensc/reader-openct.c
M src/libopensc/opensc.h
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3506 c6295689-39f2-0310-b995-f0e70906c6a9
Patch opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff (for trunk
trunk revision 3502) is draft.
Example 1 (SIGSEGV):
OpenSC Explorer version 0.11.4-svn
OpenSC [3F00]> cd ff00
OpenSC [3F00/FF00]> asn1 0001
Printing tags for buffer of length 512
[Switching to Thread -1211906368 (LWP 25131)]
By Aktiv Co. Aleksey Samsonov
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3504 c6295689-39f2-0310-b995-f0e70906c6a9
(1) use the exports for opensc-pkcs11.dll, onepin-opensc-pkcs11.dll,
and pkcs11-spy.dll
(2) don't link common.lib with scconf.lib, to avoid duplicate messages
later.
(3) add piv-tool to openssl_programs.
By Douglas E. Engert
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3466 c6295689-39f2-0310-b995-f0e70906c6a9
files to build on Windows.
I got rutoken to compile, and took out the #ifdef's I had in last week.
The rutoken programmer declared some variables in the middle of a block
rather then having all the declare statements at the beginning of a block
as is normally done in C. The Microsoft compile treats this as an error.
(Actual many errors.)
The makedef.pl is no longer needed, as the exports files can be used.
Note that in the original Makefile.mak files only opensc.def and
pkcs15init.def were created.
winconfig.h has a number of changes. As discussed last week this could
be created by autoconf. I also noted that the Active State Perl that
was required for the makedef.pl has a psed command that could be used
like sed to update winconfig.h. I did not attempt to do this.
win32/Make.rules.mak - Use ENABLE_OPENSSL and ENABLE_ZLIB
src/tools/Makefile.mak - add the rutoken.tool.exe
src/tools/eidenv.c - use PACKAGE_VERSION
src/pkcs11/Makefile.mak - reorder the objest to match the list in the
Makefile.am. Makes it easier to read.
src/include/winconfig.h - The windows version of the config.h
Changes based on discussions on the list last week.
src/common/Makefile.mak - renamed modules.
src/pkcs15init/Makefile.mak - reordered, and added back the rutoken modules
replaced the use of makdef.pl to sue the exports file.
src/scconf/Makefile.mak - reordered objects.
src/libopensc/card-rutoken.c -
error. Moved the declares to the beginning of blocks.
src/libopensc/Makefile.mak - reorder names, and add rutoken.
Use the libopensc.exports file.
src/libopensc/pkcs15-prkey-rutoken.c - more moving of declare statements.
By Douglas E. Engert
http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3464 c6295689-39f2-0310-b995-f0e70906c6a9
By: Douglas E. Engert
(2) Change the typdefs for the SC_*_t routines.
The WINAPI had to be moved. For example from:
typedef PCSC_API LONG (*SCardEstablishContext_t)...
to:
typedef LONG (PCSC_API *SCardEstablishContext_t)...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3458 c6295689-39f2-0310-b995-f0e70906c6a9
rutoken.h:4: warning: 'struct sc_pkcs15_prkey' declared inside parameter
list
rutoken.h:4: warning: its scope is only this definition or declaration,
which is probably not what you want
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3443 c6295689-39f2-0310-b995-f0e70906c6a9
This will place file in more expected location, and
reduce runtime dependencies as dependency DLL will be located
at the same directory.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3441 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-gemsafeV1.c:150: warning: comparison between signed and unsigned
pkcs15-gemsafeV1.c:331: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3429 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-gemsafeV1.c:126: warning: declaration of 'index' shadows a global declaration
/usr/include/string.h:304: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3428 c6295689-39f2-0310-b995-f0e70906c6a9
1. Build system now supports MinGW (Windows) compilation using msys and cross compilation.
2. Ability to explicitly disable and enable dependencies of the package.
3. openct, pcsc and nsplugins features are disabled by default.
4. Modified pcsc driver to use pcsc dynamically, no compile time dependency is required.
5. --enable-pcsc-lite configuration option renamed to --enable-pcsc.
6. Install opensc.conf file (as opensc.conf.new if opensc.conf exists).
7. Add--enable-doc configuration option, allow installing documentation into target.
8. Add --disable-man configuration option, allow msys mingw32 users to
build from svn without extra dependencies.
9. Add export files to each library in order to export only required symbols.
Windows native build may use these files instead of scanning objects' symbols.
10. Add opensc-tool --info to display some general information about the build.
11. Create compatibility library to be linked against library instread of recompiling the
same source files in different places.
12. Add different win32 version resource to each class of outputs.
13. Make xsl-stylesheets location selectable.
14. Some win32 fixups.
15. Some warning fixups.
16. Many other autoconf/automake cleanups.
Alon Bar-Lev
svn diff -r 3315:3399 https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw
_M .
D configure.in
_M src
_M src/openssh
M src/openssh/Makefile.am
_M src/tools
M src/tools/rutoken-tool.c
M src/tools/opensc-tool.c
M src/tools/cardos-info.c
M src/tools/pkcs15-crypt.c
M src/tools/pkcs15-init.c
M src/tools/piv-tool.c
M src/tools/netkey-tool.c
M src/tools/eidenv.c
M src/tools/cryptoflex-tool.c
M src/tools/util.c
M src/tools/pkcs11-tool.c
M src/tools/pkcs15-tool.c
M src/tools/util.h
M src/tools/opensc-explorer.c
M src/tools/Makefile.am
_M src/pkcs11
M src/pkcs11/pkcs11-global.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-display.c
M src/pkcs11/pkcs11-object.c
A src/pkcs11/opensc-pkcs11.exports
M src/pkcs11/sc-pkcs11.h
M src/pkcs11/pkcs11-spy.c
M src/pkcs11/openssl.c
M src/pkcs11/Makefile.am
A src/pkcs11/pkcs11-spy.exports
_M src/tests
_M src/tests/regression
M src/tests/regression/Makefile.am
M src/tests/sc-test.c
M src/tests/pintest.c
M src/tests/Makefile.am
_M src/include
_M src/include/opensc
M src/include/opensc/Makefile.am
A src/include/opensc/svnignore
M src/include/Makefile.am
_M src/signer
_M src/signer/npinclude
M src/signer/npinclude/Makefile.am
M src/signer/Makefile.am
A src/signer/signer.exports
_M src/common
A src/common/compat_dummy.c
D src/common/getopt.txt
D src/common/strlcpy.c
D src/common/LICENSE
A src/common/compat_getopt.txt
A src/common/compat_strlcpy.c
A src/common/LICENSE.compat_getopt
A src/common/compat_getopt.c
D src/common/strlcpy.h
D src/common/ChangeLog
D src/common/getpass.c
D src/common/my_getopt.c
A src/common/compat_strlcpy.h
A src/common/compat_getpass.c
A src/common/compat_getopt.h
A src/common/ChangeLog.compat_getopt
D src/common/README.strlcpy
D src/common/my_getopt.h
A src/common/compat_getpass.h
A src/common/README.compat_strlcpy
D src/common/strlcpy.3
A src/common/README.compat_getopt
D src/common/getopt.3
D src/common/README.my_getopt
A src/common/compat_strlcpy.3
A src/common/compat_getopt.3
M src/common/Makefile.am
M src/Makefile.am
_M src/pkcs15init
M src/pkcs15init/pkcs15-oberthur.c
M src/pkcs15init/profile.c
M src/pkcs15init/pkcs15-lib.c
M src/pkcs15init/pkcs15-rutoken.c
A src/pkcs15init/pkcs15init.exports
M src/pkcs15init/pkcs15-gpk.c
M src/pkcs15init/Makefile.am
_M src/scconf
M src/scconf/Makefile.am
M src/scconf/parse.c
A src/scconf/scconf.exports
_M src/libopensc
M src/libopensc/card-rutoken.c
M src/libopensc/compression.c
M src/libopensc/sc.c
M src/libopensc/card-piv.c
M src/libopensc/pkcs15-openpgp.c
M src/libopensc/pkcs15-postecert.c
M src/libopensc/pkcs15-tcos.c
M src/libopensc/opensc-config.in
M src/libopensc/reader-pcsc.c
A src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
A src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-infocamere.c
M src/libopensc/internal.h
M src/libopensc/pkcs15-actalis.c
M src/libopensc/pkcs15-starcert.c
M src/libopensc/card-oberthur.c
M src/libopensc/pkcs15-atrust-acos.c
M src/libopensc/p15card-helper.c
D src/libopensc/part10.h
M src/libopensc/ui.c
M src/libopensc/card-gpk.c
M src/libopensc/pkcs15-wrap.c
M src/libopensc/pkcs15-gemsafeGPK.c
M src/libopensc/log.c
M src/libopensc/pkcs15-esteid.c
M src/libopensc/pkcs15-prkey-rutoken.c
M src/libopensc/log.h
M src/libopensc/Makefile.am
M src/libopensc/reader-openct.c
_M aclocal
M aclocal/Makefile.am
_M win32
M win32/Makefile.am
A win32/versioninfo.rc.in
A win32/ltrc.inc
A configure.ac
_M doc
_M doc/tools
M doc/tools/pkcs15-profile.xml
D doc/changelog.sh
D doc/export-wiki.xsl
_M doc/api
_M doc/api/file
M doc/api/man.xsl
_M doc/api/asn1
_M doc/api/apps
_M doc/api/init
_M doc/api/types
_M doc/api/card
M doc/api/html.xsl
_M doc/api/misc
_M doc/api/util
M doc/Makefile.am
D doc/export-wiki.sh
AM doc/nonpersistent
A doc/nonpersistent/export-wiki.xsl
A doc/nonpersistent/Makefile.am
A doc/nonpersistent/export-wiki.sh
A doc/nonpersistent/svn2cl.xsl
D doc/generate-man.sh
D doc/svn2cl.xsl
M Makefile.am
A svnignore
_M etc
M etc/opensc.conf.in
M etc/Makefile.am
D man
_M solaris
M solaris/Makefile
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3405 c6295689-39f2-0310-b995-f0e70906c6a9
that should be taken after fork().
Applications should call C_Initialize() immediately after fork()
to reinitialize the provider.
The change monitor the pid that calls C_Initialize(), if it is
different than previous C_Finalize() is called.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3402 c6295689-39f2-0310-b995-f0e70906c6a9
This fixes pcsc_lock->pcsc_reconnect->protocol mismatch error escaping from reader-pcsc.c if some other application has set the card to a different protocol.
* pcsc_reconnect uses PC/SC return values, pcsc_reset uses OpenSC; 0 -> SC_SUCCESS
* CCID driver with OmniKey 1021 returns SCARD_W_UNPOWERED_CARD when a card is inserted upside-down. Translate the currently unknown error into 'Unresponsive card'.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3386 c6295689-39f2-0310-b995-f0e70906c6a9
defined
rutoken-tool.c:107: warning: statement with no effect
rutoken-tool.c:165: warning: left-hand operand of comma expression has no effect
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3305 c6295689-39f2-0310-b995-f0e70906c6a9
SC_ALGORITHM_RSA_PAD_PKCS1 algorithm since it is already done in
card-gemsafeV1.c:gemsafe_init()
Thanks to Douglas E. Engert for the patch
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3299 c6295689-39f2-0310-b995-f0e70906c6a9
asn1 2f01
Dumps asn.1 content of a file
apdu 00:20:00:00:04:31:31:32:32
Send the custom APDU inside the session
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3275 c6295689-39f2-0310-b995-f0e70906c6a9
reported back, and used for verifying.
* PIN CHANGE command is implemented (that is really different
from ISO7816)
* max_pin_len is set to 16 in akis_init
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3270 c6295689-39f2-0310-b995-f0e70906c6a9
gcc 4.3 warning, reported and fixed by novell:
Problem found by David Binderman
Patch created by Michal Vaner
closes our trac bug #153 and novell bug 238660
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3232 c6295689-39f2-0310-b995-f0e70906c6a9
* akis_get_data() implemented
* akis_delete_file() implemented
* akis_set_security_env() implemented, pkcs15 signing works now
* life cycle set/get via cardctl implemented
* card_ops commented, so it is clear whether a function is supported via
iso7816 implementation or not
* mark pin apdu as sensitive in akis_pin_cmd
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3230 c6295689-39f2-0310-b995-f0e70906c6a9
types with SC_ASN1_ALLOC flag, then calls the sc_asn1_decode_utf8string()
function which then fails with BUFFER TOO SMALL cause it wants to end the
string with an extra NULL.
allocation size was supposed to be objlen + 1.
Patch by Gürer Özen
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3225 c6295689-39f2-0310-b995-f0e70906c6a9
* create_file implemented
* EF(DIR) hack removed, it is easier to put a real EF(DIR)
* SC_CARDCTL_GET_SERIALNR implemented
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3224 c6295689-39f2-0310-b995-f0e70906c6a9
The IdAlly CSP calls C_FindObjectsInit looking for CK_PRIVATE_KEY before
C_Login with a pin. If it does not find any, it fails. The pkcs15-piv.c in
0.11.3 and 0.11.3-pre3 set the pubkey and prvkey objects as private.
This patch removes the SC_PKCS15_CO_FLAG_PRIVATE so IdAlly will work with the
PIV cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3221 c6295689-39f2-0310-b995-f0e70906c6a9
static is a good hint to the compiler for that - the function isn't used
outside of this file.
"static inline" is not valid, visual studio doesn't compile that.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3209 c6295689-39f2-0310-b995-f0e70906c6a9
add support for reading, writing and deleting private (require cache_pins) and
public data objects in PKCS11. updated the pkcs11-tool and fixed a few
bugs in the code. Tested on an aladdin etoken.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3176 c6295689-39f2-0310-b995-f0e70906c6a9
Looking at framework-pkcs11.c, it looks like there is a bug in the handling of
auth_count, if there is more then one pin, and one of the pins is a
SC_PKCS15_PIN_FLAG_SO_PIN.
The for loop at line 767 will add a slot for each non SO_PIN or UNBLOCKING_PIN.
But at line 812, the auth_count is still set to the number of pins, even though
the SO_PIN did not cause a new slot to be allocated and thus the test of
hide_empty_tokens will not be used.
With the attached patch, I can get the expected behavior when hide_empty_tokens
= yes in the opensc.conf from pkcs11-tool -L, pkcs11-tool -O and pkcs11-tool -O
-l
There is only 1 slot allocated, the pkcs11-tool -O shows all the public
objects, and pkcs11-tool -O -l (after PIN) shows all the objects, and Heimdal
PKINIT still runs.
I still think that if two or more slots need to be allocated for multiple auth
pins, then all the public objects should be added to each. I have an additional
mod for this too.
Since the cards I am working with only have 1 pin, the attached mods works for
me. Note it looks like the pkcs15-openpgp.c might also be affected by this
change as it defines two pins an auth pin and a SO_PIN, much like the PIV card
does.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3175 c6295689-39f2-0310-b995-f0e70906c6a9
Major improvments in the PIV card modules:
* OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA 2K and 3K
keys.
* The FASC-N in the CHUID object is used as the card serial number.
* A PIV card may have additional objects. These can now be read by pkcs11-tool
and pkcs15-tool.
* The p15card-helper.c module is no longer used. The code to call the
sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c and uses
existing OpenSC routines to parse the certificate to find the modulus_len.
* pkcs15-piv.c will now get the modulus_len from the certificates to store into
the emulated prvkey an pubkey objects as they are being created using the
sc_pkcs15emu_* routines.
* The caching code that was added to card-piv.c in 0.11.2 is disabled, as
pkcs15-piv.c will cache the certificate using existing OpenSC routines.
* piv-tool will now print a serial number.
* The key-usage bits for prvkey and pubkey objects are set in pkcs15-piv.c
* The PIV "9E" key was added. It is not a private object, and can be used
without a PIN. It is used with the "Certificate for Card Authenticaiton".
* When used with the OpenSSL engine to generate a certificate request, the
public key saved by piv-tool during a "generate asymmetric key pair" card
command can be read from a file pointed at by the environment variable
PIV_9*_KEY. Where * is A, C, D or E.
* In the card_atr section of opensc.conf, flags = 20; can be used to only show
the PIV Authentication cert. This feature was in 0.11.1 but was dropped in
0.11.2 when the p15card-helper.c was introduced.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3174 c6295689-39f2-0310-b995-f0e70906c6a9
lot of testing needed multiple applications to be running, it became important
to know what application was making each log entry.
This was reported by Russell Larner <rlarner@rsasecurity.com> on 5/17/2007
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3173 c6295689-39f2-0310-b995-f0e70906c6a9
garbage along with the error message. The attached patch to pkcs11-tool.c
initializes the type to 0 so the attribute will be 0 in case of an error.
by Douglas E. Engert
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3172 c6295689-39f2-0310-b995-f0e70906c6a9
pubkey or from apubkey to a privkey object. But it does not copy the
modulus_len.
This patch will look at pub_info->modulus_len and prv_info->modulus_len and
copy the modulus_len while copying the modulus. This will be used with the
pkcs15-piv code when it creates pub and priv objects, as it has no way other
then from the certificates to know the modulus_len.
By Douglas E. Engert.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3171 c6295689-39f2-0310-b995-f0e70906c6a9