Commit Graph

371 Commits

Author SHA1 Message Date
Jakub Jelen
db18a72c64 pkcs11: Implement PKCS #11 3.0 Profile object and its handling in tools 2021-01-11 14:49:22 +01:00
Jakub Jelen
7f9e8ba85c pkcs11-tool: Add option to list PKCS #11 3.0 interfaces 2021-01-11 14:49:22 +01:00
Jakub Jelen
6e25924eb0 common, pkcs11-tool: Use new PKCS #11 API with fallback to old one 2021-01-11 14:49:22 +01:00
Jakub Jelen
85e08ae675 pkcs11-tool: Avoid calloc with 0 argument 2020-11-25 14:38:23 +01:00
Carsten Blüggel
8098b7de61 pkcs11-tool: disable wrap/unwrap test until #1796 is resolved 2020-10-27 11:28:40 +01:00
Conrado P. L. Gouvea
40da5cace2 pkcs11-tool: add --allow-sw flag that removes CKF_HW and allows using software tokens 2020-09-28 12:59:58 +02:00
Peter Marschall
16c889cf7d spelling fixes
Fix various spelling errors, mostly in comments but also in texts displayed.

Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
2020-08-30 10:35:14 +02:00
Doug Engert
f5fe292ae1 pkcs11-tool - use valid data for decription tests
In tests, make sute test data is either padded, or "zero" padded
so size if data <=  modlen - 11. The smallest pad in 11 bytes,
00 | NN | PS | 00. PS is at least 8 bytes.
"zero" padding has N = 00, PS >= 8 byte of 00.

 On branch cardos-5.3
 Changes to be committed:
	modified:   tools/pkcs11-tool.c
2020-05-09 23:59:51 +02:00
Vladimir Panteleev
bb47c1a5d0 pkcs11-tool: Fix mismatched --help text
The addition of --usage-wrap did not add a corresponding help string,
which caused all help text for the options below it to be shifted by one.
2020-04-23 14:54:46 +02:00
Lars Silvén
8257e0186d The PKCS#11 specifies that the PIN parameter(s) in C_Login and C_SetPIN
always should be used, even if a PIN pad reader is used. PIN must only
be fetched from the PIN pad reader if the corresponding parameter is
null.
Before this commit PIN was always fetch from the reader if the PIN could
be fetched from the reader.
The 'pkcs11-tool has also been updated. Before parameters was never
taken from the command line if a PID pad reader was used. Now PINs from
the command line is always used but if not existing the PIN is fetched
from the reader if a reader with a PIN pad is used, otherwise the user
is prompted for PIN(s) from the CLI.
2020-04-08 09:54:07 +02:00
Jakub Jelen
5721961be2 pkcs11-tool: Properly report invalid signatures
Comparison is always false because rv <= 0.

Thanks lgtm
2020-03-04 21:27:56 +01:00
Jakub Jelen
0a610319bd pkcs11-tool: Fix wrong printf arguments
This argument should be of type 'unsigned int' but is of type 'unsigned long'

Thanks lgtm
2020-03-04 21:27:56 +01:00
Frank Morgner
0cd19b59e1 pkcs11-tool: add --usage-wrap (disabled by default)
fixes https://github.com/OpenSC/OpenSC/issues/1913
2020-02-01 22:29:35 +01:00
Frank Morgner
45a77ab88d
Merge pull request #1772 from Jakuje/idprime
Add support for Gemalto IDPrime smart cards
2020-01-31 15:49:29 +01:00
Frank Morgner
ee1c8073c2 pkcs11-tool: allow tests with keys that don't require PIN
... such as the 9e key of a PIV card.
2020-01-17 16:04:39 +01:00
Jakub Jelen
40c41cee0c pkcs11-tool: Make the SHA256 default for OAEP decryption
It is already default in all the other functions and it really makes sense since
the SHA1 is being obsoleted
2020-01-07 13:29:53 +01:00
Priit Laes
0b4b7fbaf0 openssl: Drop all compatibility checks for <=openssl-1.0.0 2020-01-06 15:47:07 +01:00
Julian Strobl
e9aa163fe5 pkcs11-tool: fix output of test_decrypt
Before the output looked like this, if a public key was not found:
```
  testing key 1 (IDKey2)
    RSA-X-509: OK
    RSA-PKCS: OK
  testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS:   testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
```

Now:
```
  testing key 1 (IDKey2)
    RSA-X-509: OK
    RSA-PKCS: OK
  testing key 2 (IDKey3) -- can't find corresponding public key, skipping
  testing key 3 (IDKey4) -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Julian Strobl
81940e123b pkcs11-tool: align output for test_signature
Before it was a bit confusing, e.g.:
```
  testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
    RSA-X-509: OK
couldn't find the corresponding pubkey
  testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```

The error message in line 3 is for IDKey3 and not for IDKey2.

With this patch the output is aligned with `test_verify`:
```
  testing key 1 (IDKey2) with 1 mechanism
    RSA-X-509: OK
  testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
Frank Morgner
07cff0e168 fixed 341844 Incorrect deallocator used 2019-11-05 21:49:30 +01:00
Frank Morgner
53ff7182fb
pkcs11-tool: disable wrap/unwrap test (#1808)
... until https://github.com/OpenSC/OpenSC/issues/1796 is resolved
2019-10-01 11:52:33 +02:00
Frank Morgner
e2491a7d7f
pkcs11-tool: fixed displaying secret key attributes (#1807)
fixes https://github.com/OpenSC/OpenSC/issues/1805
2019-10-01 11:51:55 +02:00
Frank Morgner
25bc8fc167 fix https://github.com/OpenSC/OpenSC/issues/1786
Thanks to Alexandre Gonzalo
2019-09-16 13:06:38 +02:00
Raul Metsma
3a192e2c87 pkcs11-tool: Add extractable option to key import
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
Doug Engert
a2dd500624 Fix pkcs11-tool encryption error Fix #1694
Make sure data being encrypted is less then the modulus.

 On branch pkcs11-tool-encryption
 Changes to be committed:
	modified:   ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
Jakub Jelen
e501c5ae81 Unbreak build without OpenSSL 2019-05-21 18:44:06 +02:00
Frank Morgner
e275b34269 fixed 339157 Unused value 2019-05-14 14:50:17 +02:00
Frank Morgner
86ba3ea489 fixed Wrong type of arguments to formatting function 2019-05-02 10:08:28 +02:00
Frank Morgner
8382f243b2 fixed 337891 Out-of-bounds write 2019-04-25 15:44:11 +02:00
Frank Morgner
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11 2019-04-25 14:51:54 +02:00
alegon01
e21cb5712c Fix in encrypt_decrypt(), initialize the mgf 2019-04-24 14:03:35 +02:00
Dmitriy Fortinskiy
8cf1e6f769 pkcs11-tool: List supported GOST mechanisms 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
a5382d32fd pkcs11-tool: Show GOSTR3410-2012 keys 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
0e12b1dc71 pkcs11-tool: Generate GOSTR3410-2012 keys 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy
4614beb87e pkcs11-tool: Add keys access flags 2019-04-17 16:40:41 +02:00
Raul Metsma
91a1dd9af4 Option to delete object by index
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
Raul Metsma
3935d501bf Implement Secret Key write object
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
Frank Morgner
fe95520e3e explicitly import libpkcs11.h 2019-04-08 11:16:13 +02:00
Jakub Jelen
fc4d600634 pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
alegon01
f631b5f733 Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) 2019-04-05 10:39:52 +02:00
alegon01
4913feadb8 Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) 2019-04-05 10:38:12 +02:00
alegon01
31831c300b Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits. 2019-03-12 08:52:06 +01:00
alegon01
728d099a53 FIX typo OpenSSL vs OpenSsl. 2019-03-06 11:35:11 +01:00
alegon01
b327b76134 FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt(). 2019-03-06 10:26:05 +01:00
Frank Morgner
ba185954c5 fixed 333709 Unchecked return value 2019-03-06 00:42:38 +01:00
alegon01
7271fe610b Add support for the OpenSsl signature format for the signature verification. 2019-02-18 16:03:41 +01:00
alegon01
9ae507c5f8 Fix indentation. 2019-02-12 14:09:26 +01:00
alegon01
b63a868e68 Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined. 2019-02-12 10:42:39 +01:00
alegon01
973625773b Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a. 2019-02-07 10:42:48 +01:00
alegon01
084624f340 Fix CKM_RSA_PKCS in encrypt_decrypt(). 2019-02-05 12:03:51 +01:00