This patch enables using of: SHA224-RSA-PKCS, SHA256-RSA-PKCS,
SHA384-RSA-PKCS, SHA512-RSA-PKCS and PSS variants of these mechanism for
MyEID users. (This patch is related to issue #2173.)
CI tests for these mechanisms are also enabled (using OsEID emulation).
ASN1 tags are represented in two many ways within OpenSC.
This is a trivial change to simplify one aspect of this.
It also makes the code more readable.
SC_ASN1_CLASS_MASK, SC_ASN1_APP, SC_ASN1_CTX, SC_ASN1_PRV,
SC_ASN1_CONS are changed, and SC_ASN1_CLASS_MASK is added.
These then align with the bits defined by SC_ASN1_TAG_CLASS,
SC_ASN1_TAG_APPLICATION, SC_ASN1_TAG_CONTEXT, SC_ASN1_TAG_PRIVATE,
and SC_ASN1_TAG_CONSTRUCTED.
(SC_ASN1_UNI and SC_ASN1_TAG_UNIVERSAL are both 0x00 thus no change
is needed).
(No sign of a right shift of SC_ASN1_CTX or SC_ASN1_PRV causeing
problems has been seen in the code.) If found, can be solved.)
Close examination of the OpenSC code base shows all uses of tags
used by routines and sc_asn1_entry use the defines.
This could allows 26 lines of code in sc_asn1_skip_tag used to test
the 3 CLASS and CONSTRUCTED bits to be replaced by:
if (((cla << 24) | tag) != tag_in)
return NULL;
The 26 lines still work as will any other code in OpenSC
that tests the bits using the defines. It also allows new code
to be simplified.
Problem identified while looking at better way to check response
on GET_DATA (0xCB) that returns TLV as used in card-piv.c
Changes tested using pkcs11-tool --test --login with PIV, SC_HSM
and OpenPGP cards.
Fixes#2141
NIST 800-73-3 based cards only had 2 bits set in first pin policy byte.
NIST 800-73-4 defines additions bits in first pin policy byte.
When one of these bit is set, and the policy prefers the Global pin,
it is not recognized and the local pin is used.
On branch PIV-global-pin-bug
Changes to be committed:
modified: src/libopensc/card-piv.c
When failed to access reader, cxt needs to be released before
exiting the program. Like in the patch of CVE-2019-6502, a
sc_release_context(ctx) is needed before line 71, or a
memory leak may occur.
Update the ATR table for PIV/CAC matrix to 2019 -10-18 version:
https://www.cac.mil/Portals/53/Documents/DoD%20Token%20utilziation%20and%20variation%20matrix%20v2_06_17October2019.docx?ver=2019-10-18-102519-120
Also update table for several PivKey cards, and added ATR for IDEMIA PIV 2.4.1.
But did not update for use of SM or VCI.
Yubico changed the ATR historical data for Yubikey 5 NFC. Code was added to recognize
it, when used with USB or NFC.
Note: Yubikey 5 NFC when used with NFC cant use touch policy. NFC reader may not provide
enough power to power the LED on button.
On branch PIV-update-DOD-Yubikey
Changes to be committed:
modified: card-piv.c
The previous erase sequence did not always work. For example:
% pkcs15-init -C
Using reader with a card: Feitian ePass2003 00 00
New User PIN.
Please enter User PIN: 1234
Please type again to verify: 1234
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Failed to create PKCS #15 meta structure: Security status not satisfied
% pkcs15-init -E
Using reader with a card: Feitian ePass2003 00 00
Failed to erase card: Security status not satisfied
This apparently bricked many people's ePass2003 devices:
https://github.com/OpenSC/OpenSC/issues/767https://sourceforge.net/p/opensc/mailman/message/33621883/https://github.com/OpenSC/OpenSC/wiki/Feitian-ePass2003
Feitian provided a proprietary binary blob called `FIX_TOOL' to recover
devices from this state, but declined to offer source code when asked:
https://download.ftsafe.com/files/ePass/Fix_Tool.tar.gzhttps://download.ftsafe.com/files/reader/SDK/Fix_Tool_20200604.zip
With reverse-engineering help by Saleem Rashid (@saleemrashid on
Github), I was able to find the sequence of three APDUs that the tool
submits to the device to erase it. The mechanism seems to be:
1. Install a magic PIN. This is like install_secret_key, as used by
internal_install_pin, but with a few different magic constants.
2. Verify the magic PIN.
3. Delete the MF file, without selecting anything first.
With this patch, `pkcs15-init -E' successfully erases my ePass2003, and
I am able to initialize it with `pkcs15-init -C -p pkcs15+onepin' if I
set both a user pin and a PUK. (This patch does not prevent the
ePass2003 from getting into the state which could not be erased by the
old erase sequence.)
Fix various spelling errors, mostly in comments but also in texts displayed.
Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
Have do_asn1() accept an optional parameter indicating a record number.
If this is given and the file is a record-oriented file, then ASN.1-decode
the record requested.
Have do_cat() accept an optional second parameter indicating a record number.
If this is given and the file is a record-oriented file, only print the record
requested.
supported by most of the card drivers and can therefore not be regarded to be
part of the public interface.
Modified the only remaining card driver that used it (authentic) to store acls
in a private variable.
- its definition is specific to the IAS-ECC card type
- its presence can not be assumed since it is read from non-mandatory SE type of an SDO
- it is currently not used anywhere in the code
during an unblock operation (this is a sign of a card with invalid PKCS #15
info). Without this error message the program just terminates silently, which
is confusing to the user.
local PINs. This makes the code behave the same way as PIN verification,
change and unblock, before calling the PIN command handler in the card driver.
- Use PIN padding information when provided by upper layers
- Enable PIN padding at card level when min/max len set to same, nonzero value
- Allow PIN-pad use to be dynamically selected for each PIN
excluding the CRT info from the SE-SDO, which is not guaranteed to be
available in all card types.
Use an explicit PIN policy structure type instead of keeping the info in the
sc_pin_cmd_data, since this type of info is only used privately in the card
driver.
- The wrong PIN was selected from the sc_pin_cmd_data structure.
- When the PIN max value was zero from the caller (meaning unknown max), the
reader max value was not used.
- Reset context to undefined handle value on error since call may alter
output parameter.
- Continue to assume -1 as undefined handle value in all PCSC
implementations, to keep this fix as small and surgical as possible.
Recent compilers have activated some additional
checks which let the build fail. (at least with cygwin)
(Normally it would be warnings but opensc compiles
with -Werror)
GCC 9.3:
In file included from profile.c:27:
profile.c: In function '__expr_get':
profile.c:2273:18: error: array subscript has type 'char' [-Werror=char-subscripts]
2273 | while (isspace(*s))
| ^~
clang 8.0.1:
compat_getopt_main.c:102:22: error: array subscript is of type 'char' [-Werror,-Wchar-subscripts]
rc = toupper(rc);
^~~~~~~~~~~
/usr/include/ctype.h:161:25: note: expanded from macro 'toupper'
(void) __CTYPE_PTR[__x]; (toupper) (__x);})
^~~~
Actually the code is correct as isspace and others
are used here with data type char, and are to be used
with data type int.
So either the compiler should have deactivated
this error, or the ctype.h macros have to be
written so the compiler no longer complains.
As there is also a simple workaround by casting
char to unsigned char, there is no need to wait for one
of the former options to be happen sometime.
before 14e396273 sc_wait_for_event() only notified in case of a new
reader, but didn't add it to the internal list of readers. That's why
PKCS#11 needed to bail out early in this case (and the application had
to call C_WaitForSlotEvent a second time to actually get the related
slot). Since sc_wait_for_event() can now handle insertion correctly, we
can now immediately check (and reset) the events on the slots.
Expect a record number as 3rd parameter:
if this record number is greater than 0, indicating a single record,
then append the record number to the file name being constructed.
* Bug fixed
1. It solves the problem that can be signed without input PIN, and new code will check the state that the PIN value
2. The algorithm fails to verify sha256, cause signature failure
3. The format of distinguishing ECC and RSA key pair is added - after the key pair is generated successfully, ECC and RSA need to be distinguished when reading the public key. The return format of ECC is different from the RSA
4. Fix ECC information display bug - The problem is using pkcs15-tool -D to print ECC key pair information no display correctly
5. Modify the module attribute of generating ECC key pair, and add 0x04 flag according to pkcs11 standard
Check SC_READER_CARD_PRESENT flag rather than == 1.
Having no card present on the first loop and then inserting a card will
return rc = CARD_PRESENT | CARD_CHANGED (= 3). SEGFAULT ensures when we mistake
the unset opt_reader as having a present card.
In piv_general_mutual_authenticate sc_asn1_put_tag is not used correctly.
On branch piv-sc_asn1_put_tag-error
Changes to be committed:
modified: card-piv.c
Commit 4fd34e28ea unintentionally replaced top_builddir with
top_srcdir when refactoring flags variables in Makefile.am. This causes
out-of-source builds to fail.
Restore top_builddir in LDADD.
Also, remove a superfluous -L flag also referencing top_srcdir from
AM_CFLAGS while at it.
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
Closes#2027.
Treat CardOS V5_0 and V5_3 cards differently then older versions:
Use card->dvr_data as a pointer to cardos_data_t to store private driver
data to pass internally, especially between set security environment
and the crypto operations. Sc_get_encoding_flags sets sec_flags from
algo_info->flags in pkcs15-sec.c and it passed to decipher.
Some cards when doing a decipher may drop leading 00 byte when
returning data from RSA_RAW decipher. Add leading byte(s) as needed.
Get Cryptographic Mechanism Reference from Key Reference:
Key reference byte appears to be a 4 bit Cryptographic Mechanism Reference
and a 4 bit key reference.
This is only done if key reference & 0xF0 != 0 i.e. default Cryptographic
mechanism reference is 0. which appears to be the case for RSA RAW.
PKCS1 appears to be 0x10 and ECDSA 0x30
See iso 7816-4 table 55 for DST:
84 Reference of a private key
95 Usage qualifier byte - Table 57 - 40 looks OK
80 Cryptographic mechanism reference and referes to section 9.2
The 4 bit key reference limits card to 16 keys. In future this may not work,
but we can derive a Cryptographic Mechanism Reference from what OpenSC
thinks the card needs to do. Only know RSA RAW, PKCS1 and ECDSA.
ECDSA code has not been tested, but expected to work.
Allow setting CardOS type and flags from opensc.conf using card_atr stanza
This is a fallback if newer cards are added or older cards have problems
giving us time to make need changes in next release.
It will help in identifying what flags are needed for each card.
As user can report what combination of flags work for them. They do this by
adding to opensc.conf with something like this. (Change the ATR to your card's ATR):
card_atr 3b:d2:18:00:81:31:fe:58:c9:03:16 {
driver = "cardos";
# type is decimal from cards.h:
# SC_CARD_TYPE_CARDOS_V5_0 is 1009
# SC_CARD_TYPE_CARDOS_V5_3 is 1010
type = 1010;
# flags is hex from opensc.h:
#define SC_ALGORITHM_ONBOARD_KEY_GEN 0x80000000
#define SC_ALGORITHM_NEED_USAGE 0x40000000
#define SC_ALGORITHM_RSA_RAW 0x00000001 /* RSA_RAW is PAD_NONE */
#define SC_ALGORITHM_RSA_PAD_NONE 0x00000001
#define SC_ALGORITHM_RSA_PAD_PKCS1 0x00000002 /* PKCS#1 v1.5 padding */
#define SC_ALGORITHM_RSA_PAD_ANSI 0x00000004
#define SC_ALGORITHM_RSA_PAD_ISO9796 0x00000008
#define SC_ALGORITHM_RSA_PAD_PSS 0x00000010 /* PKCS#1 v2.0 PSS */
#define SC_ALGORITHM_RSA_PAD_OAEP 0x00000020 /* PKCS#1 v2.0 OAEP */
#define SC_ALGORITHM_RSA_HASH_NONE 0x00000100 /* only applies to PKCS1 padding */
# example: SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_RAW
flags = 80000101;
#example: SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_PAD_PKCS1
flags = 80000002;
}
For V5_0 and v5_3 cards, use sc_get_max_send_size and sc_get_max_recv_size
which takes care or reader sizes even on Windows where SCardControl can not get PART_10 sizes.
(commit eddea6f3c2 on Windows forces reader sizes to 255, 256
in reader-pcsc.c if not already set. It should not do this, but leave that up to card drivers.)
pkcs15-cardos.c added:
New file, pkcs15-cardos.c, added as emulation only for CardOS
V5_0 and V5_3 cards.
sc_pkcs15_bind_internal is called to get tokenInfo as CardOS
cards are substantially PKCS15 cards. But some V5_* cards have
errors in the tokenInfo, Which are corrected.
For older CardOS cards, card-cardos.c will create all the
card->algorithms.
Pkcs15-cardos.c will check for card->algorithms and if there
are none, it will do the following:
SC_CARDCTL_CARDOS_PASS_ALGO_FLAGS is called twice. First to get
the flags as set by user via opensc.conf card_atr or default
flags set by the card driver. Then after determining from the
tokenInfo what algorithms the card can support, the new flags
are passed to card_cardos.c to create card->algorithms.
https://atos.net/wp-content/uploads/2018/11/CT_181026_LPM_CardOS_V5-3_Multifunctionality_FS_en3_web.pdf
says card supports: "“Command chaining” in accordance with ISO/IEC 7816-4"
To take advantage of this with older readers, max_send_size and max_recv_size
is now based on minimum of reader limits and "data_field_length" from card.
This should allow card to work in older readers not capable of extended APDU.
So far current cards we have seen do no appear to support “Command chaining”.
Changes to be committed:
modified: src/libopensc/Makefile.am
modified: src/libopensc/Makefile.mak
modified: src/libopensc/card-cardos.c
modified: src/libopensc/cardctl.h
modified: src/libopensc/cards.h
new file: src/libopensc/pkcs15-cardos.c
modified: src/libopensc/pkcs15-syn.c
modified: src/libopensc/pkcs15-syn.h
Some cards can provide supported algorithms in tokenInfo
which contain ECDSA OID, and PKCS11 mechanism
Don't know how many Algo_refs were actually read,
and a ref of 0 may be valid. print at least one Algo_refs.
Print the mechanism from PKCS11, and print operations
Use the $(top_srcdir)/src/pkcs11/pkcs11-display.c on Unix
Use the $(TOPDIR)\src\pkcs11\pkcs11-display.obj on Windows
pkcs15.tool.c treat ECDSA OID as inline
pkcs15-tool prints PKCS11 mechanisms using pkcs11-display.c
Automake now warns that the default will change, in the future
so "[subdir-objects]" is added to configure.ac
Changes to be committed:
modified: configure.ac
modified: src/tools/Makefile.am
modified: src/tools/Makefile.mak
modified: src/tools/pkcs15-tool.c
Mismatch of ASN1 parsing of tokeninfo.supported_algos[n].paramters
in one place parameter was treated as a pointer to sc_object_id
and in another as inline structure. This caused segfaults
in pkcs15-tool when it tried to print the OID.
Changes to be committed:
modified: src/libopensc/opensc.h
modified: src/libopensc/pkcs15.c
CardOS cards may have more then 8 supported_algo_info entries in tokenInfo.
We may bemissing some. We have seen 8 in some pkcs15-tool -i -v output.
Simple fix is to incrase the limit. More appropriate fix is to remove the limit,
much like is done with sc_algorithm_info. and use realloc of the array.
On branch cardos-5.3
Changes to be committed:
modified: src/libopensc/pkcs15-prkey.c
modified: src/libopensc/pkcs15-skey.c
modified: src/libopensc/pkcs15.c
modified: src/libopensc/types.h
In tests, make sute test data is either padded, or "zero" padded
so size if data <= modlen - 11. The smallest pad in 11 bytes,
00 | NN | PS | 00. PS is at least 8 bytes.
"zero" padding has N = 00, PS >= 8 byte of 00.
On branch cardos-5.3
Changes to be committed:
modified: tools/pkcs11-tool.c
always should be used, even if a PIN pad reader is used. PIN must only
be fetched from the PIN pad reader if the corresponding parameter is
null.
Before this commit PIN was always fetch from the reader if the PIN could
be fetched from the reader.
The 'pkcs11-tool has also been updated. Before parameters was never
taken from the command line if a PID pad reader was used. Now PINs from
the command line is always used but if not existing the PIN is fetched
from the reader if a reader with a PIN pad is used, otherwise the user
is prompted for PIN(s) from the CLI.
C_SetPIN modifies the PIN of the user that is currently logged in, or
the CKU_USER PIN if the session is not logged in. ....
This was not true for "if the session is not logged in" before this fix.
- If readers are attatched, the new reader is probed for a card to check
if a notification needs to be sent
- removal of readers are not notified to the user, we assume that PC/SC
sends the correct card removal event
- The list of readers to be monitored is adjusted once a reader (dis)appears
- On macOS, without PnP notification, we always check for new/removed
readers with SCardListReaders
- fixes interrupt handling in opensc-notify on Unix
fixes https://github.com/OpenSC/OpenSC/issues/1874
* replace magic magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_RESP_SIZE
* start error message with upper-case letter
* return 0 on success
* bug fix: pass correct buffer length to sc_update_record()
* bug fix: report correct number of bytes written
* bug fix: check for offs to be small enough
* replace magic magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_DATA_SIZE
* remove print() statement that looks suspiciously like a leftover from debugging
* start error messages with upper-case letters
* use sc_strerror(r) instead of plain numeric r in error messages
* fix spaces before opening curly braces
* replace magic magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_DATA_SIZE
* remove print() statement that looks suspiciously like a leftover from debugging
* start error messages with upper-case letters
* use sc_strerror(r) instead of plain numeric r in error message
* fix spaces before opening curly braces
* replace magic magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_RESP_SIZE
* replace magic number for filename by SC_MAX_PATH_STRING_SIZE
* start error messages with upper-case letters
* use braces after sizeof, i.e. sizeof(X) instead of sizeof X
* fix indentation
* determine DO ID/tag the same way as do_find_tags()
* start error message with upper-case letter
* use sc_strerror(r) instead of plain numeric r in error message
* adapt size of buffer to SC_MAX_EXT_APDU_DATA_SIZE
* determine DO ID/tag the same way as do_find_tags()
* replace magic magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_RESP_SIZE
* change buffer type from unsigned char to u8 for consistency with
do_put_data() & do_find_tags()
* give ID/tag of DO in error message
* open target file in binary mode
* set default values for variables at declaration time
* replace magic number used as potentially too small buffer size
by SC_MAX_EXT_APDU_RESP_SIZE
* use braces after sizeof, i.e. sizeof(X) instead of sizeof X
* set default values for variables at declaration time
* use sizeof(fid) instead of magic number
* use braces after sizeof, i.e. sizeof(X) instead of sizeof X
* start error message with upper-case letter