Frank Morgner
a899a46b09
replaced SC_TEST_RET with LOG_TEST_RET
2018-12-06 09:26:42 +01:00
Frank Morgner
907c9479e2
replace sc_debug_hex with sc_log_hex
2018-12-06 09:26:42 +01:00
Frank Morgner
e3dda8894e
log errors in verbose
2018-12-06 09:26:42 +01:00
Frank Morgner
00a150f74c
replaced SC_FUNC_RETURN with LOG_FUNC_RETURN
2018-12-06 09:26:42 +01:00
Frank Morgner
24b50a4277
replace sc_debug with sc_log
2018-12-06 09:26:42 +01:00
Frank Morgner
cf55cdc637
replace SC_FUNC_CALLED with LOG_FUNC_CALLED
2018-12-06 09:26:42 +01:00
Frank Morgner
b01ca2dcc9
added support for colors ( #1534 )
...
because everyone loves colors
2018-11-25 22:08:36 +01:00
Jakub Jelen
fd2343f4a2
cac: Dump the data model number, which is useful for the capabilities detection
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-11-25 22:07:33 +01:00
Shahin Hajikhorasani
0fca7df33a
Update reader-pcsc.c ( #1537 )
...
Error handling extended in case of changing the card reader
2018-11-25 22:05:35 +01:00
Frank Morgner
ad83c2c5a9
use proper debug level for card matching
2018-11-20 12:48:58 +01:00
Hannu Honkanen
aa8f666f46
Removed unnecessary spaces from framework-pkc15.c as requested.
...
pkcs15: added explicit comparison when checking return value of sc_compare_oid() to make the logic more obvious.
2018-11-20 11:52:54 +01:00
Hannu Honkanen
7f91b6e07f
MyEID: add AES algorithms to tokenInfo as supported during init. It is better to do it already in init, because adding them in C_UnwrapKey operations would require SO-PIN which is inconvenient.
...
pkcs15: added function to get a specific supported algorithm, checking also OID.
This is needed because for AES there are different OIDs for each key length.
2018-11-20 11:52:54 +01:00
Steve Ross
abdbb9d8c0
Enable CoolKey driver to handle 2048-bit keys.
...
For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524 >.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
pkcs11-tool --test --login
fails to complete all of its tests.
This commit consists of a patch from @dengert.
To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.
With this change, the command
pkcs11-tool --test --login
succeeds.
2018-11-19 12:42:17 +01:00
Frank Morgner
ee3fdc6938
fixed missing function stub
2018-11-13 15:50:17 +01:00
Frank Morgner
2cb6f9c94f
fixed compilation without OpenSSL
...
closes https://github.com/OpenSC/OpenSC/pull/1518
2018-11-13 15:50:17 +01:00
Frank Morgner
027ccad439
allow specifying the size of OpenSSL secure memory
...
... and set it for builds where we're linking OpenSSL statically (i.e.
Windows and macOS)
fixes https://github.com/OpenSC/OpenSC/issues/1515
2018-11-13 15:50:17 +01:00
Andreas Kemnade
eddea6f3c2
fix logic of send/recv sizes in config files
...
- they are not set if
SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
fails
- regarding max_send_size the logic is inverted
2018-11-09 08:56:53 +01:00
Frank Morgner
1e7bb83659
CID 324485 ( #1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)
2018-11-06 15:53:17 +01:00
Frank Morgner
609095a4f4
CID 325860 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
Frank Morgner
22c8204a2f
Merge remote-tracking branch 'upstream/pr/1393'
...
closes https://github.com/OpenSC/OpenSC/pull/1393
2018-11-06 10:51:24 +01:00
Frank Morgner
13c7574510
PIV: less debugging
...
- debugging pointers is useless in static log file
- removed double debugging of APDUs
2018-11-06 01:42:41 +01:00
Jakub Jelen
eaed345a76
Add missing header file to the tarball
2018-11-05 09:15:20 +01:00
Jakub Jelen
9342f8ad0a
padding: Fix error checking in RSA-PSS
2018-11-05 09:15:20 +01:00
Jakub Jelen
7cced08a88
coolkey: Check return values from list initialization (coverity)
...
>>> CID 324484: Error handling issues (CHECKED_RETURN)
>>> Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
2018-11-05 09:15:20 +01:00
Jakub Jelen
f276f7f8f4
coverity: Add allocation check
...
*** CID 323588: Uninitialized variables (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
2018-11-05 09:15:20 +01:00
Hannu Honkanen
351e0d2bd6
Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
2018-11-02 13:42:41 +02:00
Frank Morgner
c70888f9ab
allow compilation with --disable-shared
2018-11-01 00:17:22 +01:00
Frank Morgner
5c7b7bb0b1
fixed minor XCode documentation warnings
2018-11-01 00:17:22 +01:00
Hannu Honkanen
f88419bc63
Removed pointless curly brackets
2018-10-31 10:36:50 +02:00
Hannu Honkanen
7bb53423a1
Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings.
2018-10-31 10:36:41 +02:00
Hannu Honkanen
90ec7123ba
Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
ec297b618f
sc_pkcs15_wrap: Fixed checking target key type. (checked partly from wrapping key)
2018-10-31 10:27:03 +02:00
Hannu Honkanen
e636b64377
Fixed: Return OK by PKCS#11 convention if NULL out buffer is provided, when caller wants to query required buffer size.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
f2c041d290
card-myeid: Removed NULL out buffer assertion to allow caller to query required buffer size.
...
mechanism.c: Bug fix to sc_pkcs11_wrap. Wrong operation was stopped in end of the function.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
287a63c704
Fixes to key wrapping and unwrapping code: Set IV correctly in symmetric unwrap. Correctly distinguish symmetric and asymmetric operation when building APDUs. Check CKA_TOKEN from the pkcs15 object in framework_pkcs15. Updated some comments.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
861d8b308b
Fixed myeid_unwrap with symmetric keys: set correct p2 and no padding indicator byte.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
c891ad2aad
Fixed version check for key wrapping functionality. Return needed buffer size in myeid_wrap_key, if no buffer or too small buffer is provided.
2018-10-31 10:27:03 +02:00
Lars Silvén
6b8c284d3e
Fixing pointer conversion that is invalid on some architectures.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
550d4eb030
Small fixes to key wrapping and unwrapping. Handle target file ref using sc_sec_env_param type. Transmit initialization vector in symmetric key operations from PKCS#11 layer (mechanism param) to the card driver level, allow setting it in sc_set_security_env.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
7454133272
Added flags to distinguish AES ECB and CBC modes. Added SC_ALGORIHM_UNDEFINED definition to be used with CKK_GENERIC_SECRET type keys. Added sc_sec_env_param type, which can be used to define additional parameters when settings security environment. This is now used for setting IV in symmetric crypto and target EF in key wrapping/unwrapping.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a2156da044
Fix encoding of SC_ASN1_CHOICE entry "parameters" in c_asn1_algorithm_info. Format only the selected entry of the choice.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
ae5675ca22
Fixed MSE for unwrap operation. Fixed wrong P1 when formatting APDU in myeid_unwrap_key.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
aa814fd8e8
Implemented C_Wrap into PKCS#11 interface. Added support for wrapping and unwrapping with secret keys into framework-pkcs15.c and all the way to the card driver level.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a9ee85452e
Resolved a merge conflict. Included both changes manually.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
c217b254fc
MyEID: Initial implementation of key wrapping and unwrapping operations, and the related additions to myeid_set_security_env.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
1c09fa8a22
Handle AES algorithm. Doesn't set any flags, but check for AES is needed to avoid SC_ERROR_NOT_SUPPORTED.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
7fc6c52f81
Set native=1 as default when decoding. Check supported algorithms and set PKCS#11 key type, if key supports AES.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
a10480d50e
Continued implementation of unwrap: Creation of a target key object on card to receive an unwrapped key. Setting target key path in sc_security_env_t.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
5f51d5d315
Added implementation of C_UnwrapKey all the way from PKCS#11 interface to the card driver level.
...
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
2018-10-31 10:22:16 +02:00