New operations:
- 'erase-application' -- erase on-card application indicated by it's AID;
- 'update-lastupdate' -- parse tokenInfo, set 'lastUpdate' value to the current date and write back tokenInfo content;
- 'ignore-ca-certificates' -- when importing PKCS#12 ignore all CA certificates;
When reading and printing file content, do not read it by small chunks,
but read an entire file.
It allows to verify how card driver reads the data of maximal size
that is allowed for one transaction ('max_recv_size').
* change order of long & short option names: letters first, then the long names
Effect: nicely aligned short and long option names in the help text
* more space between option names and explanation
Effect: better readability on long options
* print "Options:" header only if there is at least one non-hidden options
Effect: nicer output when all options are hidden
* only show printable, non-space short options letters
Effect: no control codes printed to terminal
* get rid of a temporary variable
improvements to opensc-explorer & new tool openpgp-tool
Usefull improvement: probably could be used in automated tests.
I follow Ludovic and attract your attention onto the necessity, in the nearest future,
to supply the doc/man for the tool newly introduced.
Without it the build of OpenSC package will simply not be possible.
Add new argument 'application-info',
that will allow to select the on-card application to by binded with.
pkcs11: use sc_pkcs15init_bind with 'AID' argument
Prototype of sc_pkcs15init_bind() has been changed to add argument with
AID of the on-card application to be binded with.
Add 'echo' command that simply displays its arguments.
With the recently committed script interpreter feature and this echo command,
nice litte scripts can be written, like e.g.
$ cat opengpg-userinfo
#!/usr/bin/opensc-explorer
cd 0065
echo Name:
cat 005B
echo Language:
cat 5F2D
echo Gender:
cat 5F35
quit
If the system libraries are set before the locally built libraries,
libtool will pick the system copy of OpenSC instead of the local one,
and that can make cross-builds fail badly.
This patch is already applied in Gentoo for proper building.
This seems the right thing to do, when you look at the initial commit which added the flags in do_generate_key and the ticket
http://www.opensc-project.org/opensc/ticket/198
Currently when storing a key, the accessflags are not set
* add new function path_to_filename() that converts a path into
filename, and returns a static buffer to it
* convert all occurrences where file names get generated
to using this function
Signed-off-by: Peter Marschall <peter@adpm.de>
Use the easier to read & shorter expression
path->type = (is_id) ? SC_PATH_TYPE_FILE_ID : SC_PATH_TYPE_PATH;
nstead of the longer, but equivalent if () .. else construction.
Signed-off-by: Peter Marschall <peter@adpm.de>
* allow double-quoted strings besides hexdata in ADPU generation
* detect errors in parameter parsing
* use utility function to print bytes sent,
fixing an error that only showed parts of the APDU wheni
it was generated from multiple arguments
Signed-off-by: Peter Marschall <peter@adpm.de>
Simplify argument handling in do_change() and do_unblock(),
making the functions shorter and deasier to understand.,
Signed-off-by: Peter Marschall <peter@adpm.de>
The variables "in_str" in do_update_binary() & do_update_record()
do not serve a purpose: use argv[x] directly & remove them.
Signed-off-by: Peter Marschall <peter@adpm.de>
Convert arg_to_path() to using the standard sc_hex_to_binary() instead of
the local hex2binary().
While at it, return erros on failed conversions.
Signed-off-by: Peter Marschall <peter@adpm.de>
Update do_update_record() to use parse_string_or_hexdata() instead of the old
hex2binary().
This change allows to use double-quoted strings in the "update_record" command.
Signed-off-by: Peter Marschall <peter@adpm.de>
do_update_binary() and do_update_record() expect a fixed number of parameters
each: adapt the checks for argc so that they do the right thing.
Signed-off-by: Peter Marschall <peter@adpm.de>
* add new function parse_string_or_hexdata() that parses
a double-quoted string or a hex-data string (e.g: AA:BB:CC)
into a buffer
* use parse_string_or_hexdata() wherever strings or hexdata
gets parsed into a buffer
Signed-off-by: Peter Marschall <peter@adpm.de>
* extend cmds struct by a new element args for a description of the arguments
* use args in help texts
* new function usage() for centralited dispaly of usage info
* harmonize argument strings for usage / help texts
* re-sort cmd list shown in help texts
* add function "help" to cwallow asking for for help
* space-police
Signed-off-by: Peter Marschall <peter@adpm.de>
* use ID<->name tables instead of arrays of strings where
the index was treated like some "magic" constant.
With the new mapping tables, the meaning is obvious.
* fix a bug with ac_ops_df[]: before the conversion, it was a list
of pointers to strings but was in one case treated like it was a mapping table.
With the conversion to a mapping table, and the adaption of other code parts
this bug got fixed "automagically" ;-)
* use common code to cleanly print ACLs for DFs & EFs
* harmonize EF structure names to the ones used in ISO 7816-4
Signed-off-by: Peter Marschall <peter@adpm.de>
the main difference between 'slot-description' and 'token-label' is that
the first one is unique in any case,
the second one can be the same for more then one slots.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5528 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-wrap.c can be removed. Clarified/changed the meaning of "insecure" flag to pkcs15-init tool,
which will be needed to explicitly enforce the creation of a key which does not require a PIN.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5510 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs11-tool.c:1253: warning: comparison between signed and unsigned
pkcs11-tool.c: In function ‘write_object’:
pkcs11-tool.c:1777: warning: unused variable ‘type’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5505 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c: In function 'main':
opensc-explorer.c:1602: warning: declaration of 'argv' shadows a parameter
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5466 c6295689-39f2-0310-b995-f0e70906c6a9
Not all PKCS#11 driver support the C_SignUpdate.
So, for the short data begin with procedure "C_SignInit & C_Sign".
If no success, try to applicate the procedure "C_SignInit & C_SignUpdate & ... & C_SignFinal".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5458 c6295689-39f2-0310-b995-f0e70906c6a9
'asn1' takes a file_id as argument. This should be selected relative
to the currently selected DF instead of being treated as an ID.
(compare with 'get' & 'cat' that also take a file_id argument)
Patch from Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5417 c6295689-39f2-0310-b995-f0e70906c6a9
In the output of the interacive command 'help', leave more room
for the command names so that they do not flow into the descrition.
Patch from Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5416 c6295689-39f2-0310-b995-f0e70906c6a9
When composing path to file (for ex. to be read), if the type of parent DF is DF_NAME,
the value of the parent path is moved to the aid path member and
file ID takes place of the path value.
; 'cd ..' command takes into account the parent can be presented by DF_NAME
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5391 c6295689-39f2-0310-b995-f0e70906c6a9
EC parameters can be presented in a three forms: namedCurve, OID and implicit data.
This new data type will facilitate manipulation of ec-parameters in the OpenSC tools and library.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5386 c6295689-39f2-0310-b995-f0e70906c6a9
In do_apdu() resp send_apdu/(, flexibilize parsing the APDU string passed
so that extended APDUs are accepted a valid APDUs too.
While at it, fix a bug where more data than available would have been copied,
potentially leading to a SIGSEGV.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5369 c6295689-39f2-0310-b995-f0e70906c6a9
Use ID<->name tables in print_file() innstead of arrays of strings where
the index was treated like some "magic" constant. With the new mapping tables,
the meaning is obvious.
While on it, fix a bug with ac_ops_df[]: before the conversion, it was a list
of pointers to strings but was in one case treated like it was a mapping table.
With the conversion to a mapping table, and the adaption of other code parts
this bug got fixed "automagically" ;-)
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5368 c6295689-39f2-0310-b995-f0e70906c6a9
Use easily extensible tables instead of explicit coding to display
algorithm names and options in list_algorithms.
Leverage the new tables to add more RSA hashes.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5367 c6295689-39f2-0310-b995-f0e70906c6a9
On Windows every DLL has their own file descriptor table, thus specifying
-v from any of the OpenSC tools resulted in a crash when the tool tried to override
ctx->debug_file with stderr.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5359 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-init.c: In function 'verify_pin':
pkcs15-init.c:2840: warning: declaration of 'r' shadows a previous local
pkcs15-init.c:2836: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5268 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:1111: warning: comparison between signed and unsigned
pkcs15-tool.c:1117: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5224 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1440:22: warning: conversion specifies type 'unsigned int' but
the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
printf("expecting %u, got only %d bytes.\n", len, r);
~^ ~~~
%lu
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5137 c6295689-39f2-0310-b995-f0e70906c6a9
If the card supports it, changing a blocked PIN will result in an error before PIN entry, not when the card re-states that the PIN is already blocked.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5123 c6295689-39f2-0310-b995-f0e70906c6a9
emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
* Detect different cards based on ATR-s and on card objects
* Set the card name from the ATR table
* Conditionally add support for 2048b keys
* Add workarounds for broken MULTOS and JavaCard cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:976: warning: declaration of ‘r’ shadows a previous local
pkcs15-tool.c:972: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4867 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:151: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:152: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:153: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:154: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:155: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:156: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:157: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:158: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:159: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:160: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4866 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c:292: warning: declaration of ‘newkey’ shadows a global declaration
piv-tool.c:97: warning: shadowed declaration is here
piv-tool.c: At top level:
piv-tool.c:97: warning: ‘newkey’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4865 c6295689-39f2-0310-b995-f0e70906c6a9
PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
--slot will take the actual CK_SLOT_ID
--slot-label will use the token label to find the correct slot
--slot-index will use the N-th slot from the list returned by C_GetSlotList
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4746 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
This version, additionally, skips this step entirely if there is no current_path; this is useful when starting with --mf "".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4638 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
--debug was not documented and not used by other tools; --help was not handled.
Thanks to Ludolf Holzheid for noticing this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4596 c6295689-39f2-0310-b995-f0e70906c6a9
westcos-tool.c: In function ‘main’:
westcos-tool.c:375: warning: unused variable ‘lecteur’
westcos-tool.c:373: warning: unused variable ‘card_presente’
westcos-tool.c:372: warning: unused variable ‘p’
westcos-tool.c:371: warning: unused variable ‘i’
westcos-tool.c: At top level:
westcos-tool.c:43: warning: ‘version’ defined but not used
westcos-tool.c:45: warning: ‘nom_card’ defined but not used
westcos-tool.c:103: warning: ‘no_lecteur’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4420 c6295689-39f2-0310-b995-f0e70906c6a9
Without GNU C extention 'getline()' the same code of the local 'getpass' procedure is used for Mac OS and Linux.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4272 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-crypt.c: In function ‘sign_ext’:
pkcs15-crypt.c:293: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-crypt.c:299: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4183 c6295689-39f2-0310-b995-f0e70906c6a9