Jakub Jelen
9be6dc6606
pkcs11: Update the version to 3.0 (unused anywhere though)
2021-06-02 15:46:00 +02:00
Jakub Jelen
9d1a214340
pkcs11: Undefine internal typedef and remove its usage
2021-06-02 15:46:00 +02:00
Jakub Jelen
fc2fecc80e
Use const types for RSA and EC_KEY
...
These are anyway not supposed to be modified even in older versions of
openssl.
Visible when building with -Wno-deprecated-declarations
2021-06-02 15:46:00 +02:00
Jakub Jelen
33426df3ff
p11test: Do not return on warnings for (X)EDDSA keys
2021-05-24 11:25:53 +02:00
Jakub Jelen
8e4134841d
p11test: Add new mechanisms from softhsm
2021-05-24 11:25:53 +02:00
Jakub Jelen
a8a4bddfad
p11test: Debug level from commandline
...
This replaces the debug level defined at build time with -NDEBUG,
which turned out to be quite confusing.
Fixes #2304
2021-05-24 11:25:53 +02:00
Jakub Jelen
a69ab7c70c
tests: Fix context for the asn1 test
2021-05-24 11:25:53 +02:00
Jakub Jelen
fd96d2c960
Do not use deprecated ERR_load_ERR_strings() with OpenSSL 3.0
2021-05-24 11:25:53 +02:00
Jakub Jelen
1b92501ef9
sm: Rewrite to use non-deprecated OpenSSL 3.0 API
2021-05-24 11:25:53 +02:00
Jakub Jelen
07f5e63abf
tests: verify secure messaging functions work as expected
2021-05-24 11:25:53 +02:00
Jakub Jelen
12be677cb8
Drop duplicate -Werror build flag (already used unless --disable-strict)
2021-05-24 11:25:53 +02:00
Jakub Jelen
e4cf0e7b39
Basic unit test for secure messaging functions
2021-05-24 11:25:53 +02:00
Jakub Jelen
0b45e78e4f
idprime: Fix RSA-PKCS mechanism with hashing on card
2021-05-24 10:42:08 +02:00
Yaroslav Isakov
fc08818f6f
OpenPGP: Fix read/write certs with Ed25519/X25519 public key
...
Proper Ed25519/X25519 certs have pubkey algo with OID 1.3.101.112/110, according to
RFC8410. This commit add these OIDs, and also fixes pubkey parsing/creation - according
to the same RFC, it's just a bytestring, without ASN.1 wrapping.
Also, according to the same RFC, EDDSA/X25519 MUST not have params, even empty.
2021-05-21 14:37:30 +02:00
Yaroslav Isakov
23dc52c903
Fixed OpenPGP logic for comparing OIDs
...
It's better to leave oid comparison as it was before, and drop trailing
zero byte after it, when reading from token.
2021-05-20 11:11:05 +02:00
Yaroslav Isakov
29410c170e
Make OpenPGP curves to be a pointer to OpenPGP 3.4 curves list
2021-05-20 11:11:05 +02:00
Yaroslav Isakov
f356d301b9
Enable ed25519/curve25519 support for Yubikey 5
2021-05-20 11:11:05 +02:00
Doug Engert
48a11c0634
Update piv-tool man pages for AES
...
commit 295c523e4
(William Roberts 2014-07-08 13:52:48)
added support for AES keys to card-piv.c but the man page
for piv-tool that uses the code was never updated.
On branch piv-tool-doc
Changes to be committed:
modified: ../../doc/tools/piv-tool.1.xml
2021-05-20 11:07:29 +02:00
Doug Engert
f1bc07dec1
Fix piv-tool on wondows
...
fopen needs "rb" for fopen in two places
fixes #2338
On branch piv-tool-windows
Changes to be committed:
modified: piv-tool.c
2021-05-20 10:37:31 +02:00
Doug Engert
8dfafe4fc2
Fix 2340 pkcs15-sec.c wrong test
...
if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA) { is the correct test.
2021-05-17 15:00:26 +02:00
Vincent JARDIN
5256bc3d3d
tests: minidriver using T0 or T1
...
Some cards should be used with T0 and some others with T1. Let's support
both.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
180737d1b6
tests: minidriver runtime PINCODE
...
Let's define an environment MINIDRIVER_PIN=1234 in order to be able
to reuse the tests with any cards.
usage:
(cmd) set MINIDRIVER_PIN=1234
When the PIN code is not defined, let's skip the tests since it may runs
the number of trials out of the max attempts.
Moreover, some cards may have many roles, but the tests are designed for
the ROLE_USER, so let's enforce only the ROLE_USER.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
f0c059ede8
ATRMask: better describe the rule to be applied
...
Include some notes in order to properly define the ATR values.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2321
2021-05-12 07:51:42 +02:00
Vincent JARDIN
46c50dc51d
CPx: add registration for Windows/minidrivers
...
Let's OpenSC be able to support the IAS/ECC CPx cards.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2321
2021-05-12 07:51:42 +02:00
Georgi Kirichkov
ca01d2c5e2
Code style changes
2021-05-11 11:44:39 +02:00
Georgi Kirichkov
5ae0ef4f41
Sets card->name for IDPrime v3 and v4 cards
2021-05-11 11:44:39 +02:00
Georgi Kirichkov
072c64aaed
Adds Gemalto IDPrime v4
2021-05-11 11:44:39 +02:00
Alon Bar-Lev
35a8a1d7e1
pkcs11.h: avoid C++ comments
2021-05-07 23:59:12 +02:00
Ludovic Rousseau
2ea5ed8ddd
Fix 'make check' when make --jobs= is used
...
The error was:
PASS: test-duplicate-symbols.sh
PASS: test-pkcs11-tool-allowed-mechanisms.sh
XFAIL: test-pkcs11-tool-test.sh
XFAIL: test-pkcs11-tool-test-threads.sh
PASS: test-manpage.sh
FAIL: test-pkcs11-tool-sign-verify.sh
============================================================================
Testsuite summary for OpenSC 0.22.0-rc1
============================================================================
============================================================================
See tests/test-suite.log
Please report to https://github.com/OpenSC/OpenSC/issues
============================================================================
This is because more than 1 test is executed at the same time. So
card_cleanup() is called at the end of one test while another test is
still running.
The problem is easy to replicate using "make --jobs=2".
2021-05-06 15:05:15 +02:00
Jakub Jelen
2f145f5804
Workaround for broken Ubuntu Focal images
...
https://travis-ci.community/t/clang-10-was-recently-broken-on-linux-unmet-dependencies-for-clang-10-clang-tidy-10-valgrind/11527
2021-05-06 15:02:45 +02:00
Jakub Jelen
613b56ee55
Add correct prefix on the clang-tidy commandline
2021-05-05 14:22:58 +02:00
Jakub Jelen
d0b847c6cf
tests: Remove files after disclean
2021-05-05 14:22:58 +02:00
Jakub Jelen
835cee2e5a
tests: Add correct path to enable out-of-source build
2021-05-05 14:22:58 +02:00
Jakub Jelen
06ac408bb4
travis: Invoke distcheck to make sure all needed files are packaged
2021-05-05 14:22:58 +02:00
divinehawk
98663528cf
pkcs15-tool: Write data objects in binary mode
2021-05-03 11:48:28 +02:00
ihsinme
50eaa6bf57
fix possible access outside the array.
...
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
2021-05-03 11:47:51 +02:00
Frank Morgner
32004e74ce
added missing files to distribution
2021-05-01 01:42:11 +02:00
Anton Logachev
570fc56c47
Remove the SC_SEC_ENV_FILE_REF_PRESENT flag for Rutoken ECP cards
...
Rutoken ECP cards have no default SE file. Previous cards ignored
MSE with restoring default SE, but new cards don't. This requires
SC_SEC_ENV_FILE_REF_PRESENT to be removed from env flags.
2021-04-29 23:03:32 +02:00
Doug Engert
19611682bd
Fix for #2283 C_Sign fails ECDSA when card can do HASH on card
...
Do not truncate ECDSA input to size of key if card or driver will do HASH.
On branch Fix_for_2283_ECDSA
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2021-04-27 10:50:00 +02:00
Vincent JARDIN
a21bcf4b41
IASECC/Gemalto: register application
...
Register application for Gemalto Dual ID ONE Cosmo.
2021-04-26 21:37:39 +02:00
Vincent JARDIN
e93bd3983c
IASECC/Gemalto: add support
...
Add support for Gemalto's IAS ECC Dual ID One Cosmo using samples from:
http://cartesapuce-discount.com/fr/cartes-a-puce-ias-ecc/146-cartes-a-puce-protiva-ias-ecc-tpc.html
Some suppots were already available (ATR, init, etc.), but the
select_file was missing the proper cases.
2021-04-26 21:37:39 +02:00
Frank Morgner
3f19991556
updated NEWS
2021-04-26 18:13:43 +02:00
Frank Morgner
4ecb4b39ac
updated documentation
2021-04-26 18:13:43 +02:00
Frank Morgner
75f24d2af7
regenerated egk-tool cmdline
2021-04-26 18:13:43 +02:00
Frank Morgner
2063a1d334
silince generation of files
2021-04-26 18:13:43 +02:00
Vincent JARDIN
e3a3722ad1
IASECC/CPX: Fix SDO path
...
Some objects need to be read from a specific path.
IASECC_SDO_PRVKEY_TAG: from 3F00:0001
IASECC_SDO_CHV_TAG: from 3F00
2021-04-26 15:55:17 +02:00
Vincent JARDIN
fcd2e665fe
IASECC/CPX: fix APDU errors for SE get data
...
On a CPX, this object needs to be read from 3F00.
For instance:
$ opensc-explorer -r 2
OpenSC [3F00]> cd 0002
OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Received (SW1=0x6A, SW2=0x88)
Failure: Data object not found
OpenSC [3F00/0002]> apdu 00 A4 09 04 02 3F 00
Sending: 00 A4 09 04 02 3F 00
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80
Received (SW1=0x90, SW2=0x00)
Success!
Currently, this patch limits to the CPX cards since I cannot know
the behaviour for the other cards. I could not find any reference
from the standard.
Fix: issue #2275
2021-04-26 15:55:17 +02:00
Vincent JARDIN
405ecfc402
IASECC: proper pkcs15init of Algo_refs
...
For some Private RSA Keys, their Algo_refs remain empty:
$ pkcs15-tool -k --verify-pin --pin 1234
Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00
Private RSA Key [CPS_PRIV_SIG]
Object Flags : [0x01], private
Usage : [0x200], nonRepudiation
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_cds:01;
ModLength : 2048
Key ref : 129 (0x81)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001001
MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349
Private RSA Key [CPS_PRIV_AUT]
Object Flags : [0x07], private, modifiable
Usage : [0x06], decrypt, sign
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 6, 3, 4
Access Rules : pso_decrypt:01; int_auth:01;
ModLength : 2048
Key ref : 130 (0x82)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001002
MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543
Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION
may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested.
Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not
make any sense for any card.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Vincent JARDIN
544aa4cc6b
IASECC/CPX: Fix up prkeyinfo/algo_ref
...
Extend the current support from 9abf8ee04c
in order to add a fixup for the CPx cards.
Since the data is not properly encoded when the card is initialized
let's re-build it for each run time from the DF.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2270
2021-04-26 15:52:09 +02:00
Vincent JARDIN
137286858f
IASECC/CPX: enable calls thru pkcs15-iasecc.c
...
Same than Gemalto's IASECC, the CPX cards need a workaround since
the PrKey does not have its Algo_regs.
We get:
pkcs15-tool -k --verify-pin --pin 1234
Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00
Private RSA Key [CPS_PRIV_SIG]
Object Flags : [0x01], private
Usage : [0x200], nonRepudiation
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_cds:01;
ModLength : 2048
Key ref : 129 (0x81)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001001
MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349
Private RSA Key [CPS_PRIV_AUT]
Object Flags : [0x07], private, modifiable
Usage : [0x06], decrypt, sign
Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract
Algo_refs : 0
Access Rules : pso_decrypt:01; int_auth:01;
ModLength : 2048
Key ref : 130 (0x82)
Native : yes
Path : e828bd080f8025000001ff0010::
Auth ID : 01
ID : e828bd080f8025000001ff001002
MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543
We need to get Algo_regs to be set to something that is not 0.
Fix: issue #2267
2021-04-26 15:52:09 +02:00