emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c:292: warning: declaration of ‘newkey’ shadows a global declaration
piv-tool.c:97: warning: shadowed declaration is here
piv-tool.c: At top level:
piv-tool.c:97: warning: ‘newkey’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4865 c6295689-39f2-0310-b995-f0e70906c6a9
PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c: In function ‘load_object’:
piv-tool.c:130: warning: implicit declaration of function ‘sc_asn1_find_tag’
piv-tool.c:130: warning: nested extern declaration of ‘sc_asn1_find_tag’
piv-tool.c:130: warning: cast from function call of type ‘int’ to non-matching type ‘u8 *’
piv-tool.c:130: warning: cast to pointer from integer of different size
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4178 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
1. Build system now supports MinGW (Windows) compilation using msys and cross compilation.
2. Ability to explicitly disable and enable dependencies of the package.
3. openct, pcsc and nsplugins features are disabled by default.
4. Modified pcsc driver to use pcsc dynamically, no compile time dependency is required.
5. --enable-pcsc-lite configuration option renamed to --enable-pcsc.
6. Install opensc.conf file (as opensc.conf.new if opensc.conf exists).
7. Add--enable-doc configuration option, allow installing documentation into target.
8. Add --disable-man configuration option, allow msys mingw32 users to
build from svn without extra dependencies.
9. Add export files to each library in order to export only required symbols.
Windows native build may use these files instead of scanning objects' symbols.
10. Add opensc-tool --info to display some general information about the build.
11. Create compatibility library to be linked against library instread of recompiling the
same source files in different places.
12. Add different win32 version resource to each class of outputs.
13. Make xsl-stylesheets location selectable.
14. Some win32 fixups.
15. Some warning fixups.
16. Many other autoconf/automake cleanups.
Alon Bar-Lev
svn diff -r 3315:3399 https://www.opensc-project.org/svn/opensc/branches/alonbl/mingw
_M .
D configure.in
_M src
_M src/openssh
M src/openssh/Makefile.am
_M src/tools
M src/tools/rutoken-tool.c
M src/tools/opensc-tool.c
M src/tools/cardos-info.c
M src/tools/pkcs15-crypt.c
M src/tools/pkcs15-init.c
M src/tools/piv-tool.c
M src/tools/netkey-tool.c
M src/tools/eidenv.c
M src/tools/cryptoflex-tool.c
M src/tools/util.c
M src/tools/pkcs11-tool.c
M src/tools/pkcs15-tool.c
M src/tools/util.h
M src/tools/opensc-explorer.c
M src/tools/Makefile.am
_M src/pkcs11
M src/pkcs11/pkcs11-global.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-display.c
M src/pkcs11/pkcs11-object.c
A src/pkcs11/opensc-pkcs11.exports
M src/pkcs11/sc-pkcs11.h
M src/pkcs11/pkcs11-spy.c
M src/pkcs11/openssl.c
M src/pkcs11/Makefile.am
A src/pkcs11/pkcs11-spy.exports
_M src/tests
_M src/tests/regression
M src/tests/regression/Makefile.am
M src/tests/sc-test.c
M src/tests/pintest.c
M src/tests/Makefile.am
_M src/include
_M src/include/opensc
M src/include/opensc/Makefile.am
A src/include/opensc/svnignore
M src/include/Makefile.am
_M src/signer
_M src/signer/npinclude
M src/signer/npinclude/Makefile.am
M src/signer/Makefile.am
A src/signer/signer.exports
_M src/common
A src/common/compat_dummy.c
D src/common/getopt.txt
D src/common/strlcpy.c
D src/common/LICENSE
A src/common/compat_getopt.txt
A src/common/compat_strlcpy.c
A src/common/LICENSE.compat_getopt
A src/common/compat_getopt.c
D src/common/strlcpy.h
D src/common/ChangeLog
D src/common/getpass.c
D src/common/my_getopt.c
A src/common/compat_strlcpy.h
A src/common/compat_getpass.c
A src/common/compat_getopt.h
A src/common/ChangeLog.compat_getopt
D src/common/README.strlcpy
D src/common/my_getopt.h
A src/common/compat_getpass.h
A src/common/README.compat_strlcpy
D src/common/strlcpy.3
A src/common/README.compat_getopt
D src/common/getopt.3
D src/common/README.my_getopt
A src/common/compat_strlcpy.3
A src/common/compat_getopt.3
M src/common/Makefile.am
M src/Makefile.am
_M src/pkcs15init
M src/pkcs15init/pkcs15-oberthur.c
M src/pkcs15init/profile.c
M src/pkcs15init/pkcs15-lib.c
M src/pkcs15init/pkcs15-rutoken.c
A src/pkcs15init/pkcs15init.exports
M src/pkcs15init/pkcs15-gpk.c
M src/pkcs15init/Makefile.am
_M src/scconf
M src/scconf/Makefile.am
M src/scconf/parse.c
A src/scconf/scconf.exports
_M src/libopensc
M src/libopensc/card-rutoken.c
M src/libopensc/compression.c
M src/libopensc/sc.c
M src/libopensc/card-piv.c
M src/libopensc/pkcs15-openpgp.c
M src/libopensc/pkcs15-postecert.c
M src/libopensc/pkcs15-tcos.c
M src/libopensc/opensc-config.in
M src/libopensc/reader-pcsc.c
A src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
A src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-infocamere.c
M src/libopensc/internal.h
M src/libopensc/pkcs15-actalis.c
M src/libopensc/pkcs15-starcert.c
M src/libopensc/card-oberthur.c
M src/libopensc/pkcs15-atrust-acos.c
M src/libopensc/p15card-helper.c
D src/libopensc/part10.h
M src/libopensc/ui.c
M src/libopensc/card-gpk.c
M src/libopensc/pkcs15-wrap.c
M src/libopensc/pkcs15-gemsafeGPK.c
M src/libopensc/log.c
M src/libopensc/pkcs15-esteid.c
M src/libopensc/pkcs15-prkey-rutoken.c
M src/libopensc/log.h
M src/libopensc/Makefile.am
M src/libopensc/reader-openct.c
_M aclocal
M aclocal/Makefile.am
_M win32
M win32/Makefile.am
A win32/versioninfo.rc.in
A win32/ltrc.inc
A configure.ac
_M doc
_M doc/tools
M doc/tools/pkcs15-profile.xml
D doc/changelog.sh
D doc/export-wiki.xsl
_M doc/api
_M doc/api/file
M doc/api/man.xsl
_M doc/api/asn1
_M doc/api/apps
_M doc/api/init
_M doc/api/types
_M doc/api/card
M doc/api/html.xsl
_M doc/api/misc
_M doc/api/util
M doc/Makefile.am
D doc/export-wiki.sh
AM doc/nonpersistent
A doc/nonpersistent/export-wiki.xsl
A doc/nonpersistent/Makefile.am
A doc/nonpersistent/export-wiki.sh
A doc/nonpersistent/svn2cl.xsl
D doc/generate-man.sh
D doc/svn2cl.xsl
M Makefile.am
A svnignore
_M etc
M etc/opensc.conf.in
M etc/Makefile.am
D man
_M solaris
M solaris/Makefile
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3405 c6295689-39f2-0310-b995-f0e70906c6a9
Major improvments in the PIV card modules:
* OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA 2K and 3K
keys.
* The FASC-N in the CHUID object is used as the card serial number.
* A PIV card may have additional objects. These can now be read by pkcs11-tool
and pkcs15-tool.
* The p15card-helper.c module is no longer used. The code to call the
sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c and uses
existing OpenSC routines to parse the certificate to find the modulus_len.
* pkcs15-piv.c will now get the modulus_len from the certificates to store into
the emulated prvkey an pubkey objects as they are being created using the
sc_pkcs15emu_* routines.
* The caching code that was added to card-piv.c in 0.11.2 is disabled, as
pkcs15-piv.c will cache the certificate using existing OpenSC routines.
* piv-tool will now print a serial number.
* The key-usage bits for prvkey and pubkey objects are set in pkcs15-piv.c
* The PIV "9E" key was added. It is not a private object, and can be used
without a PIN. It is used with the "Certificate for Card Authenticaiton".
* When used with the OpenSSL engine to generate a certificate request, the
public key saved by piv-tool during a "generate asymmetric key pair" card
command can be read from a file pointed at by the environment variable
PIV_9*_KEY. Where * is A, C, D or E.
* In the card_atr section of opensc.conf, flags = 20; can be used to only show
the PIV Authentication cert. This feature was in 0.11.1 but was dropped in
0.11.2 when the p15card-helper.c was introduced.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3174 c6295689-39f2-0310-b995-f0e70906c6a9
dengert
martin
ludovic.rousseau
aj
alonbl
nils