- Added session_object flag to sc_pkcs15init_skeyargs to enable on-card session objects.
- Corrections to handling native and extractable flags
- Allow creating an empty secret key EF for receiving an unwrapped key later.
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
Commit e5707b545e broke signing using minidriver on Windows.
More specifically changing #define SC_ALGORITHM_RSA_PAD_NONE from 0x00000000 to 0x00000001 caused a call to sc_pkcs1_encode() to fail as the padding algorithm was not specified anywhere in the CardSignData() implementation. It kind of worked as long as SC_ALGORITHM_RSA_PAD_NONE was 0x00000000, but the above mentioned commit broke this.
Now padding algorithm has to be explicitly specified, otherwise a call to sc_pkcs1_encode() will fail.
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it