Use easily extensible tables instead of explicit coding to display
algorithm names and options in list_algorithms.
Leverage the new tables to add more RSA hashes.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5367 c6295689-39f2-0310-b995-f0e70906c6a9
On Windows every DLL has their own file descriptor table, thus specifying
-v from any of the OpenSC tools resulted in a crash when the tool tried to override
ctx->debug_file with stderr.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5359 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-init.c: In function 'verify_pin':
pkcs15-init.c:2840: warning: declaration of 'r' shadows a previous local
pkcs15-init.c:2836: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5268 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:1111: warning: comparison between signed and unsigned
pkcs15-tool.c:1117: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5224 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1440:22: warning: conversion specifies type 'unsigned int' but
the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
printf("expecting %u, got only %d bytes.\n", len, r);
~^ ~~~
%lu
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5137 c6295689-39f2-0310-b995-f0e70906c6a9
If the card supports it, changing a blocked PIN will result in an error before PIN entry, not when the card re-states that the PIN is already blocked.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5123 c6295689-39f2-0310-b995-f0e70906c6a9
emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
* Detect different cards based on ATR-s and on card objects
* Set the card name from the ATR table
* Conditionally add support for 2048b keys
* Add workarounds for broken MULTOS and JavaCard cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:976: warning: declaration of ‘r’ shadows a previous local
pkcs15-tool.c:972: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4867 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:151: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:152: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:153: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:154: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:155: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:156: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:157: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:158: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:159: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:160: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4866 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c:292: warning: declaration of ‘newkey’ shadows a global declaration
piv-tool.c:97: warning: shadowed declaration is here
piv-tool.c: At top level:
piv-tool.c:97: warning: ‘newkey’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4865 c6295689-39f2-0310-b995-f0e70906c6a9
PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
--slot will take the actual CK_SLOT_ID
--slot-label will use the token label to find the correct slot
--slot-index will use the N-th slot from the list returned by C_GetSlotList
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4746 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
This version, additionally, skips this step entirely if there is no current_path; this is useful when starting with --mf "".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4638 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
--debug was not documented and not used by other tools; --help was not handled.
Thanks to Ludolf Holzheid for noticing this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4596 c6295689-39f2-0310-b995-f0e70906c6a9
westcos-tool.c: In function ‘main’:
westcos-tool.c:375: warning: unused variable ‘lecteur’
westcos-tool.c:373: warning: unused variable ‘card_presente’
westcos-tool.c:372: warning: unused variable ‘p’
westcos-tool.c:371: warning: unused variable ‘i’
westcos-tool.c: At top level:
westcos-tool.c:43: warning: ‘version’ defined but not used
westcos-tool.c:45: warning: ‘nom_card’ defined but not used
westcos-tool.c:103: warning: ‘no_lecteur’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4420 c6295689-39f2-0310-b995-f0e70906c6a9
Without GNU C extention 'getline()' the same code of the local 'getpass' procedure is used for Mac OS and Linux.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4272 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-crypt.c: In function ‘sign_ext’:
pkcs15-crypt.c:293: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-crypt.c:299: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4183 c6295689-39f2-0310-b995-f0e70906c6a9
for DES_ecb_encrypt() input and output parameters.
I have no idea how it could have worked.
Fix
cardos-tool.c: In function ‘cardos_sm4h’:
cardos-tool.c:421: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:421: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4181 c6295689-39f2-0310-b995-f0e70906c6a9
util.c:11: warning: declaration of ‘wait’ shadows a global declaration
/usr/include/sys/wait.h:255: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4180 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1606: warning: passing argument 3 of
‘util_connect_card’ discards qualifiers from pointer target type
rutoken-tool.c:492: warning: passing argument 3 of ‘util_connect_card’
discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4179 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c: In function ‘load_object’:
piv-tool.c:130: warning: implicit declaration of function ‘sc_asn1_find_tag’
piv-tool.c:130: warning: nested extern declaration of ‘sc_asn1_find_tag’
piv-tool.c:130: warning: cast from function call of type ‘int’ to non-matching type ‘u8 *’
piv-tool.c:130: warning: cast to pointer from integer of different size
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4178 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix pkcs11-tool.c:2954: warning: dereferencing type-punned pointer will
break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4174 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
pkcs11-tool.c:1899: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1902: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1906: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1910: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1914: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1918: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1922: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4173 c6295689-39f2-0310-b995-f0e70906c6a9
Four method are added to the 'sc_pkcs15init_operations':
emu_update_dir -- create or not the DIR file;
emu_update_any_df -- update the non-pkcs15 descriptors that are equivalents to pkcs15 xDF files;
emu_update_tokeninfo -- update analog of tokenInfo;
emu_write_info -- to not create OPENSC-INFO file;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4128 c6295689-39f2-0310-b995-f0e70906c6a9
It's implemented for the card with emulated pkcs#15 and protected private object attributes.
Update to man pages is comming soon.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4126 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
(with "Unsupported card"). This needs to be improved.
This patch changes the "initialization" to "binding", so we at least
can tell people: you need to initialized an empty card first.
Needs to be improved of course.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4117 c6295689-39f2-0310-b995-f0e70906c6a9
Implemented to have the possibility to verify PIN after binding of the pkcs15 card and before any 'substantial' operation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4093 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
The implementation was based on the previous MSC build, each tool had its own
description in version resource.
This change sets a single version resource to all files, and produces much
simpler build.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3980 c6295689-39f2-0310-b995-f0e70906c6a9