- IAS/ECC has the category indicator byte in EF.ATR, which is a
violation of ISO 7816-4, where it is only allowed in the historical
bytes of ATR. Removing the IAS/ECC specific modification of EF.ATR
allows reading ISO complient EF.ATR again.
- IAS/ECC parsing should still be successfull. We now always try to
check for ISO7816_TAG_II_STATUS_SW ignoring the category indicator
byte
introduced paramter to signal back the login state
- used for the pin command SC_PIN_CMD_GET_INFO
- implemented in accordance to ISO 7816-4; all other implementations
are currently set to an unknown login state
implemented and exporeted sc_pkcs15_get_pin_info
use sc_pkcs15_get_pin_info in C_GetTokenInfo
C_GetSessionInfo: Check whether a logout was done
Closes https://github.com/OpenSC/OpenSC/pull/624
rebased by @viktorTarasov
`sm_incr_ssc` performed an out of bounds write when `ssc` is bigger than
255. The local variable `ii` needs to be decremented instead of
incremented in the `for`-loop.
This was introduced in d30cd83a, wheras The previous implementation did
actually decrement `ii`, see d30cd83ad4
Fixes https://github.com/OpenSC/OpenSC/issues/785
========================================
rebased by VTA -- commits are forged to one,
excluding the following chunk
(reason -- if not explicitely indicated, the mechanism has to be found out using the mechanism flags):
@@ -1713,8 +1713,9 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
int ii;
if (!opt_mechanism_used)
+ opt_mechanism = CKM_EC_KEY_PAIR_GEN;
if (!find_mechanism(slot, CKF_GENERATE_KEY_PAIR, mtypes, mtypes_num, &opt_mechanism))
- util_fatal("Generate EC key mechanism not supported\n");
+ util_warn("Generate EC key mechanism not listed as supported");
for (ii=0; ec_curve_infos[ii].name; ii++) {
if (!strcmp(ec_curve_infos[ii].name, type + 3))
will close PR #747
Based on the paragraph from PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures:
If the length of the hash value is larger than the bit length of n, only
the leftmost bits of the hash up to the length of n will be used. Any
truncation is done by the token.
This is affecting NIST PIV Test cards with non-hashed mechanisms.
@mouse07410 has asked for it in
https://github.com/OpenSC/OpenSC/issues/688#issuecomment-219433611
VTA: I do not see the difference (if the other arguments are properly used),
but assume that @mouse07410 has it's own valid reasons
Also included the few coding style touches.
Avoid having problems with sc_hex_to_bin when called from sc_pkcs15_format_id
both for id and auth_id numbers
Changes to be committed:
modified: pkcs15-piv.c
default values of reader's max send/receive sizes correspond to only short APDU supported;
these values can be overwritten by reader itself with the proper value of dwMaxAPDUDataSize from TLV properties,
or with the corresponding options in OpenSC configuration.
resolves issue #735
This is a cleaner fix for #720 which take part of #721 and #730
A driver private struct is used which allow to remove all globals which might changed base on the token in use.
With very long labels it is unable identify which PIN Firefox is asking.
PKCS11 label is 32 char's and it gets truncated.
Current format "LABEL (PIN1)"
New format "PIN1: LABEL"
simclist.h is changed to either accept a predefined inline and/or
predefined restrict macro or tests for known compilers and sets
simclist_inline and simclist_restrict with the approprate keyword
for the compiler being used or defines them as blank.
The logic used is based on code in OpenSSL-1.1 e_os2.h
For example, "configure" could define inline and/or restrict.
But OpenSC is built on other platforms without a config.h and thus
changes to simclist.h are still needed.
simclist.c is changed by replacing inline with simclist_inline
and restrict with simclist_restrict.
The one and only use of inline in card-dnie.c is removed as there
is no need to have the function inline. This avoids any inline issues.
If inline is needed in other OpenSC code or in card-dnie.c,
simclist_inline could be used.
(Another option is to just remove all inline and restrict keywords
from OpenSC code.)
Changes to be committed:
modified: src/common/simclist.c
modified: src/common/simclist.h
modified: src/libopensc/card-dnie.c
3 bytes is the size of SC_ASN1_TAG_MASK used when composing
the asn1 templates with 'struct sc_asn1_entry'.
With this limitation maximal supported ASN.1 tag number is 2^^14-1 .
Fixed 'dead-code' coverity-scan issue.
Close#707
sm-card-iasecc.c: In function ‘sm_iasecc_get_apdu_delete_file’:
sm-card-iasecc.c:188:25: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
unsigned int file_id = (unsigned int)sm_info->cmd_data;
^
iasecc-sm.c:697:22: warning: cast to 'void *' from smaller integer type
'unsigned int' [-Wint-to-void-pointer-cast]
sm_info->cmd_data = (void *)file_id;
^
der-pcsc.c:1101:11: warning: comparison of integers of different signs:
'LONG' (aka 'int') and 'unsigned int' [-Wsign-compare]
if (rv == SCARD_E_NO_SERVICE) {
~~ ^ ~~~~~~~~~~~~~~~~~~
pkcs11-spy.c:259:49: warning: format specifies type 'long' but the argument has
type 'int' [-Wformat]
fprintf(spy_output, "%s.%03ld\n", time_string, tv.tv_usec / 1000);
~~~~~ ^~~~~~~~~~~~~~~~~
%03d
penpgp-tool.c:367:9: warning: comparison of integers of different signs: 'int'
and 'unsigned int' [-Wsign-compare]
if (r != count) {
~ ^ ~~~~~
Remove 3 casts
Add 1 cast
Fix a format problem
opensc-explorer.c:1727:8: warning: comparison of integers of different signs:
'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if(r > len) {
~ ^ ~~~
log.c:94:87: warning: format specifies type 'long' but the argument has type
'int' [-Wformat]
...%03ld ", (unsigned long)pthread_self(), time_string, tv.tv_usec / 1000);
~~~~~ ^~~~~~~~~~~~~~~~~
%03d
Simplify create tokens rules, no need to manipulate applications in
'pkcs11' configuration part,
applications can be enabled/disabled on the 'pkcs15' one.
Fix the possibility to expose only 'sign' PIN
The EPO hands this card out to attorneys and inventors to authenticate
with their online services. The applet on the card seems to be identical
to the one on Swedish eID cards.
Ludovic Rousseau's list identifies the card as Gemalto IDClassic 340.
Gemalto Classic Client identifies the card as GemSAFE V3.
Previously the EPO was using a GemSAFE V1 card, its ATR was added with
81bbddfc24 ("card-gemsafeV1: Add a GemSafe V1 ATR").
Add new PKI Card ATR into OpenSC support, all of these ATR using same
PKI Applet. and the ATR/JAVA CARD is provided by Feitian.
More information, please check www.javacardos.com
Fixes a memory leak in `entersafe_select_fid`
Closes https://github.com/OpenSC/OpenSC/pull/625
Make universal mask for choose input format from PEM or DER.
Input file at PEM may be contain at start:
"-----BEGIN RSA PRIVATE KEY-----"
or
"-----BEGIN PRIVATE KEY-----"
Make universal properties at RSF-files. Additional Miller-Rabin tests
aren't needed for 'Rutoken ECP' and for 'Rutoken ECP 2.0'
fixes https://github.com/OpenSC/OpenSC/issues/648 :
'Incorrect parameters in APDU' at 'Rutoken ECP 2.0' when 'pkcs15-init -G
rsa/1024 ...'
GemSAFE V1 cards support signing 36 bytes of free form data.
When signing a hash, the hash must be prepended by the DigestInfo
header. The PKCS#1 padding is done on the card. The 36 bytes limit
is sufficient for MD5 (16 + 18 bytes for the header), SHA1 and
RIPEMD160 (both use 20 + 15 bytes for the header) and MD5_SHA1
(16 + 20 bytes, no header). The algorithm reference ("cryptographic
mechanism reference" in ISO 7816 parlance) for signing free form data
is 0x12.
GemSAFE V3 cards changed the algorithm reference for signing free
form data to 0x02. In addition, they gained the ability to sign SHA256.
Since SHA256 exceeds the 36 bytes limit (32 + 19 bytes for the header),
it must be sent to the card *without* DigestInfo header. The header
will be prepended by the card and it is instructed to do so by sending
algorithm reference 0x42.
This scheme is also supported for SHA1, the algorithm reference is
0x12 in this case. However using this is not necessary as SHA1 fits
within the 36 bytes limit, including the header.
Supporting SHA256 is straightforward, we just add it to the flags
before adding the RSA algorithms. When sc_pkcs15_compute_signature()
calls sc_get_encoding_flags(), the input will be "iFlags 0x202, card
capabilities 0x8000021A" and the output will be "pad flags 0x0, secure
algorithm flags 0x202". I.e. the hash is neither prepended by the
DigestInfo header nor PKCS#1 padded and the hash algorithm is passed
to gemsafe_set_security_env() which can send the appropriate algorithm
reference 0x42 to the card.
However there's a catch: Once we add SHA256 to the flags, PKCS#11
applications will be unable to use the other hashes like SHA1 or
RIPEMD160. That's because register_mechanisms() checks if the card
supports no hashes, and if so, adds all of them:
if (!(rsa_flags & SC_ALGORITHM_RSA_HASHES)) {
rsa_flags |= SC_ALGORITHM_RSA_HASHES;
}
We cannot add these missing hashes to the flags like we did with SHA256
because like SHA256, they would be sent to the card *without* DigestInfo
header. What we want is to send all hashes *with* DigestInfo header,
*except* for SHA256.
We can achieve that by registering a fake RSA algorithm which includes
the missing hashes in its flags. This fake algorithm is never used
because sc_card_find_rsa_alg() searches the algorithm list in-order
and we register the fake algorithm *after* the real algorithms.
The fake algorithm persuades register_mechanisms() to register the
missing hashes because it ORs the flags of all RSA algorithms together:
num = card->algorithm_count;
while (num--) {
switch (alg_info->algorithm) {
case SC_ALGORITHM_RSA:
rsa_flags |= alg_info->flags;
break;
}
}
So when signing e.g. a RIPEMD160 hash and sc_pkcs15_compute_signature()
calls sc_get_encoding_flags(), the input will be "iFlags 0x102, card
capabilities 0x8000021A" and the output will be "pad flags 0x100, secure
algorithm flags 0x2". This will result in the hash being prepended by
the DigestInfo header, which is what we want.
pkcs15-piv.c was setting the auth_id of the public keys
which would cause some appications to require a login to access
a public key. The public keys are obtained from the certificates
which do not require the PIN to read.
Very early drafts of NIST 800-73 did require the PIN to access the
certificates, and the auth_id was removed in the opensc code for
certificates many years ago, but not from the public keys.
This patch fixes bug found in opensc 0.14.0-2 (Debian 8) that blocks
certificate update and removal on Athena ASEPCOS smartcard with error
Failed to update certificate: Security status not satisfied
OpenSC tries to get the parent's 'DELETE' access before cert removal
and leaves path variable pointing to dir not file to be removed.
Author-Change-Id: IB#1047758
Some cards (e.g., BELPIC) have a hardcoded file length that does not
match the actual file length (e.g., 65535 bytes), and simply return the
data that is actually on the card when asked.
It is useful to still be able to do an ASN.1 decode in that case.
Signed-off-by: Wouter Verhelst <w@uter.be>
- bug fix: re-initialize index to start searching at the right place
- get rid of unnecessary variable
- add some line breaks & comemnts for easier understanding
- get rid of unnecessary variable
- use easily understandable hex representation of APDUs
- auto-calculate APDU length based on hex representation
- restrict scope of some variables
- use sc_log() instead of directly writing to console
- line breaks & comments for easier reading/understanding
- fix typo in log message
- 2 line breaks between functions for easier reading
- function type on separate line
- mark each function as 'ABI' or 'Internal'
- slightly doxygen-ize comments introducing functions
- fix typos in comments
- break over-long comment lines
- break comment lines at sensible places
- consistent calling style for DRVDATA()
- no code change
- get rid of unnecessary variables
- use for-loop to initialize/check/increase run variable in one place
- restrict variables to the necessary scope
- use ternary operator inside a statement instead of if...else...
PIV cards uses get/put data not select file and read_binary.
To allow access via pkcs15 emulation card-piv.c emulates
select_file and read_binary but only when used with the path as
created by the piv emulation.
There are no MF.DIR or ED.DIR files.
opensc-tool and opensc-explorer will not work with this emulation.
Patch removes code that caused problems with opensc-tooland opensc-explorer.
card-piv.c was not selecting the PIV AID correctly from piv_find_aid.
This cause a CAC card that also has the PIV application to fail a VERIFY command
of the pin would use a VERIFY APDU P2 where P2 for PIV is 80, but for CAC was 00.
A CAC card could work if the caller requested the serial number of the card
which did call piv_select_aid. All the OpenSC tools, minidriver and
PKCS#11 do this, but Tokend does not.
This is a partial fix for https://github.com/OpenSC/OpenSC/issues/570.
Tokend in later MacOS versions still has other issues.
A more complete solution is needed for cards with multiple applications.
I do not have a CAC card or MAC to do any testing.
Thanks to https://github.com/mouse07410 who has a CAC card, and a Mac,
and has tested this fix.
Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
For ECDSA signatures, there are multiple ways to format the signature:
- R|S (R and S filled with zeroes at the most significant bytes)
- ASN1 sequence of R,S integers (e.g. used by OpenSSL).
It is rare that the filling with zeroes is needed.
But if it is, in the second case, the filling zeroes should not be there
or the verification of the signature by OpenSSL will fail.
in cases where you use pam_pkcs11, HOME might not be set
so paths based on $HOME are not usable, so that the combination
of home and caching does not work. Having the paths configurable
(together with a good setting of access rights)
resolves that problem.
The special value still needs to be handled for commands that are issued
during card initialization. This especially concerns T=0 cards that need
to use iso_get_response.
fixes#533
regression of 85b79a3332
This adds support for the Yubikey NEO. I'm not sure whether it breaks
the specification, or follows some other version of the spec, but in my
testing it returns SW1=0x63, SW2=0x0N for N PIN tries remaining.
Ignoring the top nibble seems a harmless change to the behaviour to
support this device.
This is already supported for a couple of the card drivers, but
since it's a general feature of ISO7816 it should go in iso7816.c,
rather than the current situation where identical code for this is
copy and pasted in each driver.
However, some cards apparently don't support this feature and count
it as a failed PIN attempt, so I've added a flag for now to indicate
whether the card supports this feature. It future, it could be moved
to blacklist cards rather than whitelist them, subject to more testing.
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
If the reader announces extended length support, but the card driver
leaves max_send_size/max_recv_size at `0`, max_send_size/max_recv_size
previously would have been overwritten with the reader's size though the
card might not have set SC_CARD_CAP_APDU_EXT. This commit fixes this
behavior.
Additionally card->max_send_size/max_recv_size is always initialized to
a value different from 0 after the card initialization. This removes the
need to check for this special value in all subsequent calls.
../../src/libopensc/errors.h:73:37: warning: statement with no effect [-Wunused-value]
#define SC_ERROR_INVALID_ARGUMENTS -1300
^
card-masktech.c:181:48: note: in expansion of macro 'SC_ERROR_INVALID_ARGUMENTS'
if (crgram_len > SC_MAX_EXT_APDU_BUFFER_SIZE) SC_ERROR_INVALID_ARGUMENTS;
This is name change only fix.
The variable name "card" was being used to refer to a struct sc_card or a struct sc_pkcs11_card
in some files including sc_pkcs11.h. In other files the variable name "p11card" is used for struct sc_pkcs11_card.
This creates hard to read code, such as: slot->card->card.
All definitations of sc_pkcs11_card *card now use p11card as the variable name.
Fix#471
The PKCS#11 Usage Guide, at least up to v2.40, says that calling
C_Initialize() in the child after fork is "considered to be good
Cryptoki programming practice, since it can prevent the existence of
dangling duplicate resources that were created at the time of the fork()
call."
(It neglects to mention that doing so in the child of a multi-threaded
process is a clear violation of POSIX, mind you. Not to mention being
utterly pointless if all you're going to do in the child is exec something
else anyway.)
Regardless of the sagacity of this recommendation, we need to cope when
it happens. Historically, we've been quite bad at that. Let's add a test
to pkcs11-tool in the hope it'll help...
Fixes#464
card-piv.c tries to read the first 8 bytes of an object to get object size
so it can allocate a buffer. It then reads the whole object. apdu.c has changed
over the years, and apdu.c will keep reading as long as the card returns
status of 61 XX thus apdu.c will read the whole object while discarding
the extra data and returning to the caller only the first part of the data.
This in effect causes a double read of objects.
This patch sets SC_APDU_FLAGS_NO_GET_RESP to tell apdu to stop doing the
extra get-response commands thus avoiding most of the extra overhead.
This in not an optimal patch as it only works with T=1 cards/readers
but the patch is confined to just card-piv.c.
A better patch is in the works.
Fixes#462
* factorize the code from CardAuthenticatePIN into CardAuthenticateEx
* allows authentication with the PINPAD without a UI
minidriver: fix some code analysis warnings
Improve the error code when the user cancel the operation ("The operation was canceled by the user" instead of "invalid parameter")
Signed-off-by: vletoux <vincent.letoux@gmail.com>
Prior to 066132327c71300188aa66180fde2fb3d90c5140, CKM_ECDH1_DERIVE and
CKM_ECDH1_COFACTOR_DERIVE were always registered for cards that support
SC_ALGORITHM_ECDSA_RAW.
The mentioned commit changed this behavior, so that the ECDH mechanisms
are only registered for cards that set the SC_ALGORITHM_ECDH_CDH_RAW
capability flag.
To keep the existing behavior for the cards, they need to set this flag
in the card driver.
Prior to this commit, all hashes registered for RSA or other key types were
registered for ECDSA as well.
register ECDH mechanism only when supported by card
ECDH should only be registered if the card driver sets the
SC_ALGORITHM_ECDH_CDH_RAW flag.
register software PKCS#1 (1.5) padding only when RAW RSA is supported by card
If OpenSC supports PSS/OAEP padding or other padding mechanisms in
future, and there would be a card that enforces hardware PSS/OAEP
padding, the PKCS#1 v1.5 padding mechanism should not be registered.
This patch fixes 3 issues which consecutively have shown up when debugging the original problem:
1 - Newer DNIe report a byte count for public certificates which is the compressed size,
while older DNIe report the uncompressed size. This resulted in short-reading the x509 certificates,
and in an error parsing. Therefore, during initialization we proceed to set path->count for
public certificates to -1. This ensures that the lenght of the certificates for reading
will be set to file-> length, which has the correct size.
2 - pkcs11-tool -t was broken for DNIe (old and new)as it tried to strip pcks11 padding
from the data to sign and OpenSC tried signatures with non-padded data
(as the card had SC_ALGORITHM_RSA_RAW).
The new algoflags (SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_PAD_PKCS1) and the
removal of the strip-padding call fix the issue.
3 - The new cards won't allow setting the LE bytes when calculating the TLV, when LE equals
256. This caused an wrong SM object error response (0x69 0x88). Therefore,
we don't send the LE bytes anymore in this case.
The patch has been tested to work on the new problematic card and on another old one.
close#451
We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad