opensc

Author	SHA1	Message	Date
Vincent JARDIN	e93bd3983c	IASECC/Gemalto: add support Add support for Gemalto's IAS ECC Dual ID One Cosmo using samples from: http://cartesapuce-discount.com/fr/cartes-a-puce-ias-ecc/146-cartes-a-puce-protiva-ias-ecc-tpc.html Some suppots were already available (ATR, init, etc.), but the select_file was missing the proper cases.	2021-04-26 21:37:39 +02:00
Vincent JARDIN	e3a3722ad1	IASECC/CPX: Fix SDO path Some objects need to be read from a specific path. IASECC_SDO_PRVKEY_TAG: from 3F00:0001 IASECC_SDO_CHV_TAG: from 3F00	2021-04-26 15:55:17 +02:00
Vincent JARDIN	fcd2e665fe	IASECC/CPX: fix APDU errors for SE get data On a CPX, this object needs to be read from 3F00. For instance: $ opensc-explorer -r 2 OpenSC [3F00]> cd 0002 OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x6A, SW2=0x88) Failure: Data object not found OpenSC [3F00/0002]> apdu 00 A4 09 04 02 3F 00 Sending: 00 A4 09 04 02 3F 00 Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x90, SW2=0x00) Success! Currently, this patch limits to the CPX cards since I cannot know the behaviour for the other cards. I could not find any reference from the standard. Fix: issue #2275	2021-04-26 15:55:17 +02:00
Vincent JARDIN	396cbc46cf	IASECC/CPX: set default flags The CPX has the standard capabilities of the IASECC standard. Let's be carefull with memory leakage, see the previous commit `83162c5c8` Fix: issue #2270	2021-04-26 15:52:09 +02:00
Peter Marschall	344ac0abe6	iasec: use proper printf format specifiers for size_t Do not hard-code the printf format specifier for size_t: use the macro instead. This fixes compliation on 32-bit architectures.	2021-04-20 14:26:37 +02:00
Vincent JARDIN	1a3666364d	IASECC/CPX: Avoid APDU Incorrect Parameters Without this patch, we would get from the logs: Outgoing APDU (18 bytes): 00 A4 04 00 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%.... 00 10 .. [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 6A 86 j. [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) [opensc-pkcs11] apdu.c:537:sc_transmit: returning with: 0 (Success) [opensc-pkcs11] card.c:523:sc_unlock: called [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2 [opensc-pkcs11] card-iasecc.c:1064:iasecc_select_file: Warning: SC_ERROR_INCORRECT_PARAMETERS for SC_PATH_TYPE_DF_NAME, try again with P2=0x0C [opensc-pkcs11] apdu.c:548:sc_transmit_apdu: called [opensc-pkcs11] card.c:473:sc_lock: called [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) [opensc-pkcs11] apdu.c:515:sc_transmit: called [opensc-pkcs11] apdu.c:363:sc_single_transmit: called [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:C, data(13) 0x7fff4b339b20 [opensc-pkcs11] reader-pcsc.c:323:pcsc_transmit: reader 'Ingenico TL TELIUM (25005334) 00 02' [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit: Outgoing APDU (18 bytes): 00 A4 04 0C 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%.... 00 10 .. [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 90 00 .. Let's align it with the behaviour of the other IASECC cards.	2021-04-01 11:11:33 +02:00
Vincent JARDIN	0df0f80b55	IASECC: log any APDU Incorrect parameters From the logs, we can detect many 6A 86 (Incorrect P1 or P2 paremeters). A deeper analysis will be required, but the best option to check them is to start emitting any Warning for such events.	2021-04-01 11:11:33 +02:00
Frank Morgner	83162c5c87	fixed memory leak fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32324 sc_enum_apps() causes card->cache.current_ef to be allocated for IAS/ECC, but not freed if any other error occurs during initialization. since sc_enum_apps() is called anyway during PKCS#15 initialization. Having this at the card driver level (instead of the PKCS#15 level) is not needed.	2021-03-24 23:27:01 +01:00
Vincent JARDIN	b18234a7d9	iasecc: Fix ACLs support when length is 6 (#2264 ) * IASECC: offset is a size_t Let's use a size_t for the offset in order to have a proper logic along with the related arithmetics. Fix: part if issue #2262 Suggested-by: Frank Morgner <frankmorgner@gmail.com> * iasecc: Fix ACLs support when length is 6 ACLs with length < 6 are allowed, depending on the mask of the offset 0. For instance, when the offset 0 is 0x7B, then length can be up to 7 when the offset 0 is 0x7A, the loop was never performing any access to the acls[7] thanks to: if (!(mask & acls[0])) continue; However, the oss-fuzz tools cannot guess such behavior. So let's have a robust boundary check. Fix: issue #2262 Fix: `ae1cf0be90` 'Prevent stack buffer overflow when empty ACL is returned' Co-authored-by: Vincent JARDIN <vjardin@free.fr> Co-authored-by: Frank Morgner <frankmorgner@gmail.com>	2021-03-22 13:08:28 +01:00
Vincent JARDIN	fc0df4e5d5	IASECC/CPX: revert removal of 3F00 from the path Few years ago, the commit `03628449b7` did squash the 3F00nnnn path to nnnn. For instance, 3F002F00 becomes 2F00. It is an issue such as: 00000200 [139681798813440] APDU: 00 A4 09 04 02 2F 00 00029790 [139681798813440] SW: 6A 82 Fix: issue #2231	2021-03-17 10:58:20 +01:00
Vincent JARDIN	76507508d7	IASECC/CPX: code factorization There are two flavours of CPX cards: - contact mode, - contactless mode	2021-03-17 10:58:20 +01:00
Vincent JARDIN	20f359ea04	IASECC/CPX: SC_PATH_TYPE_FILE_ID, wrong APDU For SC_PATH_TYPE_FILE_ID, P2 should be 0x04, if not, then we get the following errors: [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit: Outgoing APDU (7 bytes): 00 A4 02 00 02 A0 01 ....... [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 6A 86 j. [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success) [opensc-pkcs11] card.c:523:sc_unlock: called [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2 [opensc-pkcs11] card-iasecc.c:1107:iasecc_select_file: iasecc_select_file() check SW failed: -1205 (Incorrect parameters in APDU) [opensc-pkcs11] card.c:866:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU) when running: ./pkcs11-tool --test --login --pin abcd	2021-03-17 10:58:20 +01:00
Vincent JARDIN	6efd7b3029	IASECC: send/recv from EF.ATR Log the send/recv data extracted from the EF.ATR (2F01).	2021-03-17 10:58:20 +01:00
Vincent JARDIN	41edcaa413	IASECC/CPX: proper set of RSA support The previous commit was over simplified. According to the known mechanism, we should have the following scope: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-X-509, keySize={512,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS, keySize={512,2048}, sign, verify RSA-PKCS-PSS, keySize={512,2048}, hw, sign, verify SHA1-RSA-PKCS-PSS, keySize={512,2048}, sign, verify SHA256-RSA-PKCS-PSS, keySize={512,2048}, sign, verify do not use the default flags yet: _sc_card_add_rsa_alg(card, 1024, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 2048, IASECC_CARD_DEFAULT_FLAGS, 0x10001); _sc_card_add_rsa_alg(card, 512, IASECC_CARD_DEFAULT_FLAGS, 0x10001); Contactless specific behaviour shall be added later on.	2021-03-17 10:58:20 +01:00
Vincent JARDIN	7cd713d15d	IASECC/CPX: enable RSA algorithms Without this fix, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest Once we include it, we get: ./pkcs11-tool --module ../lib/onepin-opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest RSA-9796, keySize={1024,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, generate_key_pair	2021-03-17 10:58:20 +01:00
Vincent JARDIN	560692221b	IASECC/CPX: file selection and app enumeration Thanks to this commit, we get the full support of: - ./opensc-explore cd 0001 asn1 2F00 - ./pkcs11-tool -O - etc.	2021-03-17 10:58:20 +01:00
Vincent JARDIN	acb8822444	IASECC: Add support for CPx cards The French CPx Healthcare cards are designed to support the IASECC standard.	2021-03-17 10:58:20 +01:00
Jakub Jelen	ae1cf0be90	iasecc: Prevent stack buffer overflow when empty ACL is returned Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800	2021-02-25 09:08:52 +01:00
Vincent JARDIN	66e5600b27	IASECC: log AID selection Record the selection of the AID for better debugging	2021-02-05 12:09:20 +01:00
Jakub Jelen	03cbf91be5	iasecc: Avoid another memory leak Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29456	2021-01-22 19:07:05 +01:00
Zoltan Kelemen	bad74e1ed6	Enabled code for using PUK reference for PIN unblock, when available.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	ba76bc0239	Improved syntactic readability without any change in functionality.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	c903ddfce1	Fixed bounds checking and enabled the function again.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	163b69e6a7	Change ADF selection to return FCP for Oberthur cards. No need to simulate since it is supported.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	3331a7f134	Fix MF selection APDU to use 0x0c in P2 (no data). The previous value of 0x00 is invalid according to IAS-ECC and resulted in 6A 86 on the Oberthur cards that we tested with.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	471468260e	Improved PIN unblock function: - Uses PIN padding from merged policy - Added PIN-pad support - Use ISO 7816 layer to avoid code duplication	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	79e81eeef0	Improved PIN change function: - Uses PIN padding from merged policy - Improved PIN-pad logic and merged here from separate function	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	5ae488c1b9	Improved PIN verification function: - Uses PIN padding from merged policy - Moved PIN-pad logic into this function instead of keeping separate	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	d0b3e90431	Simlified low-level CHV verification function: - Removed special PIN-pad case, moving logic into high-level function. - Use ISO 7816 layer to avoid code duplication.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	8c2d629f94	Functions used to control PIN padding and PIN pad use: - Use PIN padding information when provided by upper layers - Enable PIN padding at card level when min/max len set to same, nonzero value - Allow PIN-pad use to be dynamically selected for each PIN	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	ca911e342c	Improved PIN info retrieval, now returning verification status, and attempts left even when previously not available (due to card not providing it in the SDO).	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	19063932f0	Simplified PIN policy retrieval to only read the data that is actually needed, excluding the CRT info from the SE-SDO, which is not guaranteed to be available in all card types. Use an explicit PIN policy structure type instead of keeping the info in the sc_pin_cmd_data, since this type of info is only used privately in the card driver.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	741ee73ec9	Add generic function for PIN status retrieval, for subsequent use (among others intended to replace iasecc_pin_is_verified). Base it on functionality in the ISO 7816 layer to avoid code duplication.	2020-07-22 22:57:23 +02:00
Zoltan Kelemen	7ed876c816	Added ATR mask for Idemia (Oberthur) IAS-ECC card to recognize Cosmo V8 cards.	2020-07-22 22:57:23 +02:00
Frank Morgner	a7d563b657	Merge branch 'master' into recursion	2020-05-11 18:45:36 +02:00
Jakub Jelen	1ddef2cd15	iasecc: Avoid memory leak on error Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21297	2020-04-06 17:56:28 +02:00
Jakub Jelen	7bfca52bab	iasecc: Free old driver data if the driver was initialized correctly CID: 354007	2020-03-04 21:27:56 +01:00
Jakub Jelen	9c0a7adbfc	iasecc: Avoid memory leaks on error Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20700	2020-03-04 21:27:56 +01:00
Frank Morgner	6c855c561c	fixed memory leak fixes https://oss-fuzz.com/testcase-detail/5739164513599488	2020-02-12 04:48:40 +01:00
Frank Morgner	70baccbe95	iso7816_*_sfid: return the number of bytes processed	2020-01-31 15:04:31 +01:00
Frank Morgner	8d7092c0cb	13598 Unchecked return value	2019-11-05 21:49:30 +01:00
Frank Morgner	b7b501d0a5	fixed issues reported by clang-analyzer	2019-05-21 19:34:46 +02:00
Frank Morgner	85485eb9b0	fixed unused assignments	2019-02-14 09:22:23 +01:00
Frank Morgner	fdb0e6d581	Fixed Potential leak of memory	2019-02-14 09:22:23 +01:00
Frank Morgner	7a7ff50422	fixed memory leaks during card initialization	2019-01-30 21:57:59 +01:00
Jakub Jelen	74105300bf	card-iasecc: Avoid memory leaks on failure	2018-10-01 23:07:34 +02:00
Priit Laes	1f06a76b1a	openssl: Bump openssl requirement to 0.9.8	2018-09-14 08:21:40 +02:00
Frank Morgner	db438f61c1	ias/ecc: fixed GET CHALLENGE	2018-08-24 13:59:03 +02:00
Frank Morgner	94f9fdf145	ias/ecc: fixed card detection regression of `439a95f2d`	2018-08-24 13:51:15 +02:00
Frank Morgner	5daec17e32	ias/ecc: ignore missing serial on card initialization fixes problem in card detection introduced in `50b000047c`	2018-08-24 13:50:53 +02:00

1 2 3

110 Commits