Doug Engert
2de38a1230
pkcs11-tool sets CKA_DECRYPT=true rather then CKA_DERIVE=true when generating EC keys ( #277 )
...
RSA and EC keys have different usage attributes. Appropriate attributes are set
When using --keypairgen the user can use the --usage-sign, --usage-decrypt,
and --usage-derive. to get finer control.
Changes to be committed:
modified: tools/pkcs11-tool.c
2014-08-26 09:59:40 -05:00
William Roberts
295c523e4e
Add AES support for PIV General Authenticate
...
This adds algorithm IDs 0xA, 0xA, 0xC which as documented
by the NIST PIV specification is algorithms AES-128, AES-192
and AES-256 respectively.
This patch also addresses some of the hardcodes that prevented
nonces greater than the single byte TLV length tags would allow.
It was explicitly tested with AES-256 and 256 byte nonces.
Signed-off-by: William Roberts <w2.roberts@samsung.com>
2014-08-25 18:27:13 -07:00
Sumedha Widyadharma
d13549600d
openpgp-tool: Return EXIT_SUCCESS if no error occurs
...
exit_status is either set directly or a function return is ORed with it,
in which case EXIT_SUCCESS can never be returned if the initial value is !=
0;
2014-08-20 21:53:25 +02:00
Nguyễn Hồng Quân
7c9bc4d283
OpenPGP: Fix crash after accessing inexistent file.
2014-07-14 23:58:28 +08:00
Nguyễn Hồng Quân
c71934af67
OpenPGP: Rename private "blob" type to avoid confusing with variable name.
...
This name has been used for both data type and variable name of that
type.
2014-07-14 23:58:28 +08:00
Nguyễn Hồng Quân
aded490b64
OpenPGP: Use directly binary array of APDUs for ERASE command.
...
I used a string presentation before and it needed an extra conversion step.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
968c9bb061
OpenPGP: Don't reimplement gnuk_delete_key in openpgp-tool.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
ba4fe34700
OpenPGP: Don't use sc_log in openpgp-tool.
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
7c27cea61f
OpenPGP: Make indentation consistent (space -> tab).
2014-07-14 23:53:44 +08:00
Nguyễn Hồng Quân
6aa4896b35
Move declaration to top of block.
2014-07-14 02:02:08 +08:00
Nguyễn Hồng Quân
7ba89893da
OpenPGP: Make code neater
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
a42eb5e585
OpenPGP: Correct parameter checking.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
a1c8c99858
OpenPGP: Delete key as file, for Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
e71906ed23
OpenPGP: Overcome the restriction of even data length of Gnuk.
...
When write certificate with odd length to Gnuk, we add zero padding to make it even.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
bbca9c4827
pkcs15-openpgp: Change to sc_put_data instead of sc_update_binary when writing certificate.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
cbc53b9a97
OpenPGP: Support write certificate for Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
ebbebb4fa6
OpenPGP: Provide enough buffer to read pubkey from Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
9a2a6e6dc0
PKCS15-OpenPGP: Allow to store data to pkcs15 data object.
...
Only one DO is supported now.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
6a55c09793
PKCS15-OpenPGP: Do not show empty DO in pkcs15 emu_init.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
1df3daeb62
OpenPGP: Read some empty DOs from Gnuk.
...
In Gnuk, some empty DOs are returned as not exist, instead of existing with empty value.
So, we will consider them exist in driver.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
db39041cc1
OpenPGP: Correct building Extended Header List when importing keys.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
c4bbfa6759
openpgp-tool: Support deleting key in Gnuk.
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
3b8f77882b
OpenPGP: Support erasing (reset) card.
...
Command: openpgp-tool --erase
2014-07-14 02:02:07 +08:00
Nguyễn Hồng Quân
24e3bdb872
PKCS15-OpenPGP: Declare DATA objects.
...
Begin to support read/write DATA object for PKCS-OpenPGP binding.
This object is used by TrueCrypt.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
c81eab5a70
OpenPGP: Include private DO to filesystem at driver initialization.
...
In old implementation, the DOs which their access is restricted by
PIN (like DOs 0101 -> 0104) were excluded from the fake filesystem,
leading to that we cannot read their data later, even if we verified PIN.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
a4d9261087
OpenPGP: Add Gnuk in pkcs15 emulation layer.
2014-07-14 02:02:06 +08:00
Nguyễn Hồng Quân
1789cf0345
OpenPGP: Detect and support Gnuk Token.
...
http://www.fsij.org/gnuk/
2014-07-14 02:02:06 +08:00
Andreas Schwier
5279bfa2d1
sc-hsm: Prevent double-free crash if key generation fails
...
Fixes #262 (SEGV when reader does not support extended length ADPU)
2014-07-09 14:27:08 +02:00
Frank Morgner
bb92019e53
iso7816: allow extended length APDUs
2014-06-27 08:26:35 +02:00
Viktor Tarasov
db60f8da59
release 0.14.0
2014-06-26 19:15:33 +02:00
Andreas Schwier
440289a091
sc-hsm: reduce indicated maximum PIN length to 15
...
Fix bogus minimum PIN length to support more PIN pad readers
2014-06-26 17:57:26 +02:00
Raul Metsma
cd7fbe3f8c
MacOSX: Build fat binaries i386...
...
revert part of 6e255a95
Chrome is still 32 bit only
This allows plugins running in Chrome (32bit) to use OpenSC PKCS#11, which would otherwise be only 64bit. Tokend "hides" the cpu architecture issue otherwise.
2014-06-26 17:56:09 +02:00
Viktor Tarasov
852a4719cf
release: OpenSC-0.14.0 RTM
2014-06-09 16:34:06 +02:00
Frank Morgner
35b74f3923
fixed warning unused variable
2014-06-09 16:03:14 +02:00
Frank Morgner
359660c454
dnie: removed dead and untested SM wrapping code
2014-06-09 15:48:20 +02:00
Raul Metsma
55bb8e9ff8
New generation card-s don't have issues with T1 and 3.5 card with same ATR has issues with T0 (recursive GET BINARY/GET DATA)
2014-06-09 15:46:13 +02:00
Andreas Schwier
072dfeb71c
sc-hsm-tool: Fixed SEGV if no or invalid card in reader
2014-06-09 15:05:42 +02:00
Henryk Plötz
b1b5a39ffa
Use sc_pkcs15_find_pin_by_auth_id() in asepcos_create_key() to correctly set the newly created key up for use with the configured PIN.
2014-06-06 18:46:48 +02:00
Nikos Mavrogiannopoulos
77d8fa390d
base64 decoding: Do not assume that char is signed.
...
In the systems where char is unsigned by default the base64 decoding
would crash.
2014-06-06 11:06:09 +02:00
Joachim Bauch
2f6b5174a8
Support "D-TRUST card 2.4 2ce".
2014-06-06 10:25:24 +02:00
Viktor Tarasov
3f13f571c0
openpgp-tool: issue-220: read and display OpenPGP data
2014-06-01 19:42:01 +02:00
Emanuele Pucciarelli
ee0566af09
pkcs11: pr-239: PKCS15 pubkey release fix
2014-06-01 18:55:56 +02:00
Raul Metsma
77c71be833
Don't depend configuration default value
2014-05-31 21:15:19 +02:00
Raul Metsma
ccf6da2dbe
Add windows onepin makefile
2014-05-31 21:15:19 +02:00
Raul Metsma
8e13acf51e
Restore pkcs11 onepin module for Firefox usage
2014-05-31 21:15:19 +02:00
Viktor Tarasov
f87a364ddc
release: candidate for the next stable version
2014-05-31 20:06:30 +02:00
Viktor Tarasov
cfc9461fe5
Update NEWS for opensc-0.13.1
2014-05-16 16:51:01 +02:00
Viktor Tarasov
612c7fe43a
git: ignore version.m4.ci
2014-05-16 16:50:27 +02:00
Viktor Tarasov
3418e9c146
OpenSC 0.13.1 rc1
2014-05-16 09:18:17 +02:00
Henrik Andersson
de6d61405b
Dont use sha256 if openssl is older than 0.9.8.
2014-05-14 22:11:31 +02:00