add support for reading, writing and deleting private (require cache_pins) and
public data objects in PKCS11. updated the pkcs11-tool and fixed a few
bugs in the code. Tested on an aladdin etoken.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3176 c6295689-39f2-0310-b995-f0e70906c6a9
Looking at framework-pkcs11.c, it looks like there is a bug in the handling of
auth_count, if there is more then one pin, and one of the pins is a
SC_PKCS15_PIN_FLAG_SO_PIN.
The for loop at line 767 will add a slot for each non SO_PIN or UNBLOCKING_PIN.
But at line 812, the auth_count is still set to the number of pins, even though
the SO_PIN did not cause a new slot to be allocated and thus the test of
hide_empty_tokens will not be used.
With the attached patch, I can get the expected behavior when hide_empty_tokens
= yes in the opensc.conf from pkcs11-tool -L, pkcs11-tool -O and pkcs11-tool -O
-l
There is only 1 slot allocated, the pkcs11-tool -O shows all the public
objects, and pkcs11-tool -O -l (after PIN) shows all the objects, and Heimdal
PKINIT still runs.
I still think that if two or more slots need to be allocated for multiple auth
pins, then all the public objects should be added to each. I have an additional
mod for this too.
Since the cards I am working with only have 1 pin, the attached mods works for
me. Note it looks like the pkcs15-openpgp.c might also be affected by this
change as it defines two pins an auth pin and a SO_PIN, much like the PIV card
does.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3175 c6295689-39f2-0310-b995-f0e70906c6a9
Major improvments in the PIV card modules:
* OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA 2K and 3K
keys.
* The FASC-N in the CHUID object is used as the card serial number.
* A PIV card may have additional objects. These can now be read by pkcs11-tool
and pkcs15-tool.
* The p15card-helper.c module is no longer used. The code to call the
sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c and uses
existing OpenSC routines to parse the certificate to find the modulus_len.
* pkcs15-piv.c will now get the modulus_len from the certificates to store into
the emulated prvkey an pubkey objects as they are being created using the
sc_pkcs15emu_* routines.
* The caching code that was added to card-piv.c in 0.11.2 is disabled, as
pkcs15-piv.c will cache the certificate using existing OpenSC routines.
* piv-tool will now print a serial number.
* The key-usage bits for prvkey and pubkey objects are set in pkcs15-piv.c
* The PIV "9E" key was added. It is not a private object, and can be used
without a PIN. It is used with the "Certificate for Card Authenticaiton".
* When used with the OpenSSL engine to generate a certificate request, the
public key saved by piv-tool during a "generate asymmetric key pair" card
command can be read from a file pointed at by the environment variable
PIV_9*_KEY. Where * is A, C, D or E.
* In the card_atr section of opensc.conf, flags = 20; can be used to only show
the PIV Authentication cert. This feature was in 0.11.1 but was dropped in
0.11.2 when the p15card-helper.c was introduced.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3174 c6295689-39f2-0310-b995-f0e70906c6a9
lot of testing needed multiple applications to be running, it became important
to know what application was making each log entry.
This was reported by Russell Larner <rlarner@rsasecurity.com> on 5/17/2007
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3173 c6295689-39f2-0310-b995-f0e70906c6a9
garbage along with the error message. The attached patch to pkcs11-tool.c
initializes the type to 0 so the attribute will be 0 in case of an error.
by Douglas E. Engert
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3172 c6295689-39f2-0310-b995-f0e70906c6a9
pubkey or from apubkey to a privkey object. But it does not copy the
modulus_len.
This patch will look at pub_info->modulus_len and prv_info->modulus_len and
copy the modulus_len while copying the modulus. This will be used with the
pkcs15-piv code when it creates pub and priv objects, as it has no way other
then from the certificates to know the modulus_len.
By Douglas E. Engert.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3171 c6295689-39f2-0310-b995-f0e70906c6a9
{{{
sc.c:201:sc_detect_card_presence: returning with: Unknown error
SCardGetStatusChange failed: 8010002e
}}}
* When doing a reset with pcsc_reconnect do a cold reset instead a warm one to allow next change
* Change the protocol force feature to change the protocol with a hard reset only when needed to prevent:
{{{
SCardConnect failed: 8010000f
card.c:228:sc_connect_card: returning with: Unknown error
}}}
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3144 c6295689-39f2-0310-b995-f0e70906c6a9