58fa53ac91
sc-hsm: Add missing secp384r1 curve parameter
2019-06-14 14:29:58 +02:00
94388f9538
fixed more clang-tidy warnings
2019-06-05 13:48:51 +02:00
0322401aae
gemsafeV1: remove redundant match card call to allow for opensc.conf match
...
At the point when gemsafe_match_card is called, the card type is already known,
either because of a previous match at card.c, or because it is forced at opensc.conf.
With this redundant match it's not possible to force selection on opensc.conf.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-06-05 13:43:52 +02:00
3a192e2c87
pkcs11-tool: Add extractable option to key import
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
a2dd500624
Fix pkcs11-tool encryption error Fix #1694
...
Make sure data being encrypted is less then the modulus.
On branch pkcs11-tool-encryption
Changes to be committed:
modified: ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
3a665f6479
allow single character strings with sc_hex_to_bin
...
fixes https://github.com/OpenSC/OpenSC/issues/1684
fixes https://github.com/OpenSC/OpenSC/issues/1669
2019-05-31 14:15:37 +02:00
e3ff3be4fe
pteid: add new ATRs
...
One ATR have been confirmed on my personal card and also added to the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
There is another ATR I am adding blind from the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-05-31 14:12:12 +02:00
cc189585c8
pkcs11-spy: display CK_GCM_PARAMS.ulIvBits field
2019-05-29 15:17:15 +02:00
0fbd2663e6
Add missing ulIvBits to CK_GCM_PARAMS
...
The PKCS#11 specification text does not document the ulIvBits field.
But the header file defining CK_GCM_PARAMS uses it.
Since the header file is the normative version we need to add it.
See also https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126o
and https://lists.oasis-open.org/archives/pkcs11-comment/201602/msg00001.html
and https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
2019-05-29 15:17:15 +02:00
b7b501d0a5
fixed issues reported by clang-analyzer
2019-05-21 19:34:46 +02:00
3c83a80b57
fixed printing non primitive tag
...
fixes undefined bitshift
2019-05-21 19:34:46 +02:00
1423c6bb90
CI: integrate clang-tidy (disabled)
...
files that have warnings are currently excluded
2019-05-21 19:34:46 +02:00
1e59643caa
Remove process_arr unused file argument and fix clang-tidy warnings
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-21 19:34:46 +02:00
e501c5ae81
Unbreak build without OpenSSL
2019-05-21 18:44:06 +02:00
65d607af66
fixed 325860 Dereference before null check
2019-05-14 14:50:17 +02:00
630bcbedd4
fixed 337490 Unchecked return value
2019-05-14 14:50:17 +02:00
e275b34269
fixed 339157 Unused value
2019-05-14 14:50:17 +02:00
2829c5870f
Address review comments
...
Change-Id: I9aa97c8a9878dddd3e6f1a2baa877d188b9d7fe5
2019-05-02 11:51:02 +03:00
5f5d40521e
Avoid 6282 reply for a successful operation
...
Change-Id: I5d4d3103692fc6db51f13fc5338360289c26af9a
2019-05-02 11:51:02 +03:00
fc8e9bf3f3
Address review comments and further reduce LOC
...
and make sure the card is always handled emulated card first
Change-Id: I60174c2793bb882fb73716f62a652d84e028382c
2019-05-02 11:51:02 +03:00
b3d4a0d69a
EstEID 2018+ driver
...
This adds support for a minimalistic, small and fast card profile based on IAS-ECC.
Based on information from https://installer.id.ee/media/id2019/TD-ID1-Chip-App.pdf
and proprietary driver snoops.
Thanks to @metsma and @frankmorgner.
Change-Id: I2e4b4914d8a3b991d9a639728695abf4a2362ca0
2019-05-02 11:47:31 +03:00
c3a9458fa8
egk-tool: fix missed initialisation of card pointer
...
If util_connect_card_ex() fails, sc_disconnect_card() will use a
random pointer leading to segmentation faults.
2019-05-02 10:09:08 +02:00
209be72979
eGK: fix path for vd/gvd
...
path was wrong, the same as for pd
2019-05-02 10:09:08 +02:00
9ca836975a
Starcos: added another ATR for 2nd gen. eGK (TK)
2019-05-02 10:09:08 +02:00
63fd71c245
Remove unused sc_pkcs15emu_opt_t structure
...
Only usage was removed SC_PKCS15EMU_FLAGS_NO_CHECK flag
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:08:46 +02:00
f0a6a568f4
fixed Local variable hides global variable
2019-05-02 10:08:28 +02:00
0bc95cb6a1
added include guards
2019-05-02 10:08:28 +02:00
86ba3ea489
fixed Wrong type of arguments to formatting function
2019-05-02 10:08:28 +02:00
5123531e62
Fix EstEID 3.4 signing
...
opensc master requires now SC_ALGORITHM_RSA_HASH_NONE
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:06:19 +02:00
7449b00768
pkcs11: avoid double initialization of notify
2019-04-26 23:51:37 +02:00
c671083ee3
fixed missing file
2019-04-25 16:46:07 +02:00
7df789ec5d
fixed 337490 Unchecked return value
2019-04-25 15:44:11 +02:00
8382f243b2
fixed 337891 Out-of-bounds write
2019-04-25 15:44:11 +02:00
bbec50bfdb
Remove unused SC_PKCS15EMU_FLAGS_NO_CHECK flag
...
Fixes #1634
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-25 14:53:25 +02:00
3688dfe238
MyEID: simplify key component loading
...
Encode the component ID to be key type and component ID. This allows
each combination to be unique and direct mapping to card component
ID type in the code by just taking the low byte. This simplifies
the code, and reduces confusion as there is now only one #define
for each component.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
3f832ca6da
MyEID: implement support for 4K RSA keys (MyEID 4.5+)
...
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.
This updates the following:
* detection code properly announces 3K and 4K RSA support
when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
0e25c1d2a6
MyEID: detect card from ATR historical data instead of full ATR
...
This will simplify the matching code, and match prototype cards.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
ffaaf1c0d3
pkcs11-spy: parse CKM_AES_GCM for C_EncryptInit()
2019-04-25 14:52:20 +02:00
69727c79ad
pkcs11.h: add CK_GCM_PARAMS structure
2019-04-25 14:52:20 +02:00
98ec27e768
pkcs11-spy: log pParameter buffer for C_EncryptInit & C_DecryptInit
2019-04-25 14:52:20 +02:00
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11
2019-04-25 14:51:54 +02:00
e21cb5712c
Fix in encrypt_decrypt(), initialize the mgf
2019-04-24 14:03:35 +02:00
13429baed0
cac: Avoid signed/unsigned casting reported by coverity
...
src/libopensc/card-cac.c:1707: negative_returns: "val_len" is passed to a parameter that cannot be negative.
2019-04-23 14:49:45 +02:00
8cf1e6f769
pkcs11-tool: List supported GOST mechanisms
2019-04-17 16:42:12 +02:00
a5382d32fd
pkcs11-tool: Show GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
0e12b1dc71
pkcs11-tool: Generate GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
4614beb87e
pkcs11-tool: Add keys access flags
2019-04-17 16:40:41 +02:00
aff2059ec1
card-rtecp: Fix SELECT FILE
2019-04-17 16:38:49 +02:00
fe4dae4d31
card-rtecp: Add Rutoken ECP SC ATR
2019-04-17 16:38:49 +02:00
91a1dd9af4
Option to delete object by index
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
3935d501bf
Implement Secret Key write object
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
066c30bb4e
opensc-notify: add to autostart
2019-04-08 11:16:13 +02:00
159821497c
egk-tool: fixed verbose logging
2019-04-08 11:16:13 +02:00
fe95520e3e
explicitly import libpkcs11.h
2019-04-08 11:16:13 +02:00
6f9b58af72
added pkcs11-register
2019-04-08 11:16:13 +02:00
fc4d600634
pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
...
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
f631b5f733
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:39:52 +02:00
4913feadb8
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:38:12 +02:00
fd20ffe608
optimize bin/hex low parsing level functions ( #1646 )
...
* optimize sc_hex_to_bin
* optimize sc_bin_to_hex
* added documentation
closes https://github.com/OpenSC/OpenSC/pull/1643
thanks to carblue <ka6613-496@online.de>
2019-04-04 12:52:08 +02:00
0abe9d11c7
pkcs11: (de-) initialize notifications on load
...
fixes https://github.com/OpenSC/OpenSC/issues/1507
fixes https://github.com/OpenSC/pkcs11-helper/issues/16
2019-04-04 11:04:50 +02:00
9ba8f56037
Change u8 *data to const because sc_apdu unsigned char *data is const
...
Name sc_format_apdu parameters for IDE help hints
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-03 22:15:54 +02:00
4ba086bfd4
Use strdup and fix all casts
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-01 12:53:33 +02:00
ea74308512
iso7816_read_binary: do not assume that 6282 is returned with data
...
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)
This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.
Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
2019-04-01 12:51:00 +02:00
f070c99b65
opensc-tool: do not use card driver to read ATR
...
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
2019-03-25 14:34:26 +01:00
b389b19ca5
Merge pull request #1633 from metsma/esteid
...
Only EstEID 3.5 has EC 384 keys
2019-03-25 14:31:02 +01:00
2f4df1b93e
tools: unified handling of gengetopt
2019-03-25 14:30:09 +01:00
fc9277b778
use compat_getopt_long if getopt_long is not available
...
uses the autoconf way for replacing getopt.h
fixes https://github.com/OpenSC/OpenSC/issues/1527
2019-03-25 14:30:09 +01:00
7ae54f490d
Remove dead code ( #1638 )
2019-03-25 14:28:53 +01:00
8dea0a9028
fix overlapping memcpy
...
Fixes https://github.com/OpenSC/OpenSC/issues/1631
2019-03-18 23:33:24 +01:00
6aa5410e73
goid-tool: live with short length APDUs
2019-03-18 13:59:11 +01:00
4d2254a092
Only EstEID 3.5 has EC 384 keys
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 23:01:07 +02:00
2e87e4cfed
fixed issues from review
2019-03-13 21:22:19 +01:00
b7ec7f95b1
pkcs11: fixed token label
2019-03-13 21:22:19 +01:00
0079d836f3
pkcs11: truncate oversized labels with '...'
2019-03-13 21:22:19 +01:00
1e6d3df201
Remove un-lincenced header file
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 21:19:26 +01:00
71b85d15e4
opensc.conf: Configure handling of private_certificate
...
possible choices: ignore, protect, declassify
fixes https://github.com/OpenSC/OpenSC/issues/1430
2019-03-13 21:18:57 +01:00
1e0743b29f
removed untested use of SC_SEC_OPERATION_AUTHENTICATE
...
fixes https://github.com/OpenSC/OpenSC/issues/1271
2019-03-13 21:17:54 +01:00
106b3a28b1
acos5: removed incomplete driver
...
fixes https://github.com/OpenSC/OpenSC/issues/1204
2019-03-13 21:17:54 +01:00
9fa1722f73
sc_bin_to_hex returns a Nul terminated string
2019-03-13 21:17:00 +01:00
eb8f28db20
fixed error handling
2019-03-13 21:17:00 +01:00
d4f1decd15
Make sure card's strings are Nul terminated
...
Avoids out of bounds reads when using internal operations with the given string
2019-03-13 21:17:00 +01:00
d953998aa3
npa-tool: force default card driver
2019-03-13 12:01:09 +01:00
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
6472027848
tools: release context when card connection fails
2019-03-07 22:18:54 +02:00
bc4eeda573
Remove readers when smart card service stops
...
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
2019-03-07 21:51:02 +02:00
9ed5f63c17
Fix smart card removal handling for older PC/SC
...
Older PC/SC doesn't have the code SCARD_E_NO_READERS_AVAILABLE, so fix
the code to handle such systems as well.
2019-03-07 21:51:02 +02:00
9e9bdac2f1
Handle reader going missing
...
It might just be this specific reader going missing, and not all
of them.
2019-03-07 21:51:02 +02:00
b227fb8b9f
Cleanup EstEID 1.0/1.1 lefovers
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-07 21:31:08 +02:00
0d79675497
Small memory leak fix (CVE-2019-6502 in #1586 )
...
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
2019-03-06 19:51:43 +01:00
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
19c5ab315d
fixed uninitialized use of variable
2019-03-06 08:53:47 +01:00
070370895f
fixed 333707 Dereference before null check
2019-03-06 00:42:38 +01:00
8fbd0b3ee1
fixed 333708 Dereference after null check
2019-03-06 00:42:38 +01:00
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
e8f8f0bfbb
fixed 333714 Uninitialized scalar variable
2019-03-06 00:42:38 +01:00
9abe44f03c
fixed 333715 Dereference after null check
2019-03-06 00:42:38 +01:00
e876cf62eb
fixed 333711 Dereference before null check
2019-03-06 00:42:38 +01:00
b1a58c7925
removed dead code
2019-03-06 00:42:38 +01:00
27526de021
implemented sc_format_apdu_ex
2019-03-05 13:54:13 +01:00
Andreas Schwier
Frank Morgner
Nuno Goncalves
Raul Metsma
Doug Engert
Ludovic Rousseau
Jakub Jelen
Martin Paljak
Andreas Kemnade
Timo Teräs
Ludovic Rousseau
alegon01
Dmitriy Fortinskiy
Peter Popovec
Pierre Ossman
Scott Gayou