* Make opensc-tool -l display pinpad capabilities, if available
* Detect reader capabilities when a reader is found, not when a connection to a card is opened
* Fix unpadded PIN block parameters to not be rejected by the latest free CCID driver
* When locking the card and it has been reset by some other application (or re-attached), clear cache and lock again
* Enable pinpad detection by default
git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3730 c6295689-39f2-0310-b995-f0e70906c6a9
The major issue is with getting the length of an object or the cert
contained in an object. The PIV card does not have a directory on the card,
So the previous version tried to put off as long as possible the reading
of objects for performance so as to avoid having to read objects that would
not be used. The first standard, NIST 800-73, set maximum sizes for objects.
800-73-2 removed this for certificates.
A certificate object can contain a certificate which might be compressed.
The only way to get the length of the compressed certificate is to decompress
it. Thus the decompressed certificate could be larger then the container object,
so even if the PIV card had a directory, one would still need to decompress
the certificate to find its length.
OpenSC sc_read_binary will use the length obtained by using
sc_select_file(...,&file_out), and thus the lengths must be determined
in sc_select_file.
Change are to card-piv.c and pkcs15-piv.c and include:
* The old cache code which was not working was removed.
* New cache code was added which caches all object read from the card
* If an object has a cert, the cert is decompressed and also cached.
* As part of reading an object the first 8 bytes are read
and this is then used to allocate a large buffer to read in the
object.
* If pkcs15 or pkcs11 asks about a certificate, the cert object
will be read, and the cert decompressed, to get the actual length.
* If piv_select_file is called with the file_out != NULL the object
will be read to get the length If called with NULL it will not be read.
* The enumeration of the objects now starts with 0.
* sc_ctx_suppress_errors_on and off are used to avoid file not found
messages which are are a by product of not having a directory.
* "Unsigned Card Holder Unique Identifier" object in card-piv and pkcs15-piv.c
had conflicting paths, as NIST 800-72-1 had two tables with different
paths. The enumtag for it in card-piv.c was also wrong.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3710 c6295689-39f2-0310-b995-f0e70906c6a9
* Only set messages if the reader has display capabilities.
* Detect rejected pinpad commands
* Whitespace fixes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3679 c6295689-39f2-0310-b995-f0e70906c6a9
multipart encryption when, for example, the data is too big to fit in
one APDU. It basically calls the Cipher.update() method until all data
has been processed. However, the Java Card API documentation advises
against using update():
"This method requires temporary storage of intermediate results. In
addition, if the input data length is not block aligned (multiple of
block size) then additional internal storage may be allocated at this
time to store a partial input data block. This may result in additional
resource consumption and/or slow performance. This method should only
be used if all the input data required for the cipher is not available
in one byte array. If all the input data required for the cipher is
located in a single byte array, use of the doFinal() method to process
all of the input data is recommended."
As the card's JVM was returning an internal exception when using
OP_PROCESS, it was decided to implement an msc_crypt_final_object()
function in OpenSC that uses the msc_object_*() functions to read/write
all the data from the card. This way, it is possible to transmit/receive
"arbitrarily" large data chunks to/from the card and use doFinal(). This
is the fallback method when, for example, using 2048 bit keys and the
card doesn't support extended APDUs.
Thanks to Joao Poupino for the patch
http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3673 c6295689-39f2-0310-b995-f0e70906c6a9
* Update IOCTL definitions to PC/SC part 10 v2.02.05
* Return SC_SUCCESS instead of 0 if returning SC_ codes.
* Detect the presence of a display with FEATURE_IFD_PIN_PROPERTIES
Tested with patched CCID driver on OS X, with SPR532 (no display) and OK3821 (with display)
Known CCID reader with a display:
ATMEL_AT91SO.txt: wLcdLayout: 0x0210
CardMan3821.txt: wLcdLayout: 0x0210
Kobil_EMV_CAP.txt: wLcdLayout: 0x0210
Xiring_XI-SIGN.txt: wLcdLayout: 0x020C
Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3666 c6295689-39f2-0310-b995-f0e70906c6a9
Most users don't use more than one or two tokens concurrently. This way default configuration (or with no configuration file) works even after you insert a PC/SC reader as OpenCT does not "eat up" all PKCS#11 slots with 5 virtual readers.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3618 c6295689-39f2-0310-b995-f0e70906c6a9
* Work as expected without a configuration file
* "Normalize" the configuration file: show the used default and give examples with opposite values.
* DWIM:
* If there is no config file: try all builtin drivers
* If there is a configuration file, allow to turn emulation off
* If there is a configuration file, allow to filter the list of internal drivers
* Introduce a PKCS#15 layer card flag for emulated cards
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3613 c6295689-39f2-0310-b995-f0e70906c6a9
Win64 changed the SCARDCONTEXT from LONG to ULONG_PTR,
pcsc-lite did not follow this on 64bit platforms.
This breaks the pcsc module.
To solve this we use installed winscard.h in order to get proper
declerations.
As mingw32 does not have winscard.h we keep current types. mingw64 and
pcsc-lite system have winscard.h.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3590 c6295689-39f2-0310-b995-f0e70906c6a9
By Stanislav Brabec
entersafe_init_pin_info() was declared as int, but defined and used as
void, resulting in a function returning an unused pseudo-random value.
card-gemsafeV1.c uses comparison 'type == "DF"', which is always false,
as it compares pointer to a string with pointer to the string "DF" in
the code.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3563 c6295689-39f2-0310-b995-f0e70906c6a9
The pkcs15-gemsafeV1.c code assumes that the key_ref is always 3. But that is
not always the case. In our case it is 4. The patch tries to determine the
key_ref by looking at what appears to be a table of allocated keys, and picking
the first allocated key.
In case this is not always true, the patch will also allow for the the
opensc.conf card flag = n to specify the key_ref as the low order 4 bits of the
flag.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3557 c6295689-39f2-0310-b995-f0e70906c6a9
card-akis.c:400: warning: declaration of 'system' shadows a global declaration
/usr/include/stdlib.h:730: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3521 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c:396: warning: declaration of 'priv' shadows a previous local
reader-pcsc.c:367: warning: shadowed declaration is here
reader-pcsc.c:909: warning: declaration of 'reader' shadows a previous local
reader-pcsc.c:901: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3519 c6295689-39f2-0310-b995-f0e70906c6a9
If card was reset or reader reconnected, verify can restart
transaction, as upper level will not cache PIN in this case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3508 c6295689-39f2-0310-b995-f0e70906c6a9
This is not the best solution, but focus on smallest code change.
Changes:
1. Add detect_readers() to reader opts, this adds new readers to the end
of the readers list until list is full.
2. Add sc_ctx_detect_readers() that calls readers' detect_readers().
3. Fixup pcsc_lock() so that it reconnect to the card and report proper
error so caller may be notified if session was lost.
4. Allow context to be created without readers.
5. Call sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with NULL_PTR.
6. Allow no reader at detect_card, as reader my be removed.
7. Since I broke ABI, I updated the external module version requirement
to match OpenSC version. In the future a separate version should be
maintained for each interface, this should be unrelated to the package
version.
Alon
---
svn merge -r 3480:3505 https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp
M src/tools/opensc-tool.c
M src/pkcs11/pkcs11-global.c
M src/pkcs11/slot.c
M src/libopensc/reader-pcsc.c
M src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
M src/libopensc/reader-ctapi.c
M src/libopensc/libopensc.exports
M src/libopensc/reader-openct.c
M src/libopensc/opensc.h
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3506 c6295689-39f2-0310-b995-f0e70906c6a9
Patch opensc-0.11.4.trunk-r3502-fix-segv_print_tags_asn1.diff (for trunk
trunk revision 3502) is draft.
Example 1 (SIGSEGV):
OpenSC Explorer version 0.11.4-svn
OpenSC [3F00]> cd ff00
OpenSC [3F00/FF00]> asn1 0001
Printing tags for buffer of length 512
[Switching to Thread -1211906368 (LWP 25131)]
By Aktiv Co. Aleksey Samsonov
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3504 c6295689-39f2-0310-b995-f0e70906c6a9
files to build on Windows.
I got rutoken to compile, and took out the #ifdef's I had in last week.
The rutoken programmer declared some variables in the middle of a block
rather then having all the declare statements at the beginning of a block
as is normally done in C. The Microsoft compile treats this as an error.
(Actual many errors.)
The makedef.pl is no longer needed, as the exports files can be used.
Note that in the original Makefile.mak files only opensc.def and
pkcs15init.def were created.
winconfig.h has a number of changes. As discussed last week this could
be created by autoconf. I also noted that the Active State Perl that
was required for the makedef.pl has a psed command that could be used
like sed to update winconfig.h. I did not attempt to do this.
win32/Make.rules.mak - Use ENABLE_OPENSSL and ENABLE_ZLIB
src/tools/Makefile.mak - add the rutoken.tool.exe
src/tools/eidenv.c - use PACKAGE_VERSION
src/pkcs11/Makefile.mak - reorder the objest to match the list in the
Makefile.am. Makes it easier to read.
src/include/winconfig.h - The windows version of the config.h
Changes based on discussions on the list last week.
src/common/Makefile.mak - renamed modules.
src/pkcs15init/Makefile.mak - reordered, and added back the rutoken modules
replaced the use of makdef.pl to sue the exports file.
src/scconf/Makefile.mak - reordered objects.
src/libopensc/card-rutoken.c -
error. Moved the declares to the beginning of blocks.
src/libopensc/Makefile.mak - reorder names, and add rutoken.
Use the libopensc.exports file.
src/libopensc/pkcs15-prkey-rutoken.c - more moving of declare statements.
By Douglas E. Engert
http://www.opensc-project.org/pipermail/opensc-devel/2008-April/011011.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3464 c6295689-39f2-0310-b995-f0e70906c6a9
By: Douglas E. Engert
(2) Change the typdefs for the SC_*_t routines.
The WINAPI had to be moved. For example from:
typedef PCSC_API LONG (*SCardEstablishContext_t)...
to:
typedef LONG (PCSC_API *SCardEstablishContext_t)...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3458 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-gemsafeV1.c:150: warning: comparison between signed and unsigned
pkcs15-gemsafeV1.c:331: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3429 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-gemsafeV1.c:126: warning: declaration of 'index' shadows a global declaration
/usr/include/string.h:304: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3428 c6295689-39f2-0310-b995-f0e70906c6a9