Viktor Tarasov
f0189e8378
pkcs11-tool: option to 'decrypt some data'
2015-04-30 15:57:44 +02:00
Andreas Schwier
0dba2d453f
sc-hsm: fix signed char for ARM platforms
...
char is unsigned by default on ARM
fix #450
2015-04-30 12:03:01 +02:00
viktorTarasov
c754e3f197
Merge pull request #444 from frankmorgner/pkcs11-error-handling
...
Improved error handling for PKCS#11 module
2015-04-25 13:04:07 +02:00
Thomas Calderon
0a754b694e
pkcs11-tool: pass key usage flags to created objs
...
* Command-line parameters were introduced to specify key usage
(--usage-{sign,decrypt,derive}). However, those are not used when importing
external objects using C_CreateObject function.
fix #445
2015-04-25 12:28:48 +02:00
Doug Engert
ee23d28654
EC field_length changes for non-multiple of 8 bits curves
...
In OpenSC the EC field_length is the number of bits in the field.
Most curves have a field_length which is a multiple of 8 bits
but there are many that are not.
The X and Y points and privateD are stored in octetstrings
so there may need to be an extra byte in the octetstring.
An OpenSSL BIGNUM will drop leading zero bytes, so its size can not be used
to determine the field_length.
fix #440
fix #433
2015-04-25 12:21:39 +02:00
Shaun Schutte
665807d6de
Rename minidriver-italian-cns to minidriver-italian-cns.reg
2015-04-24 09:45:20 +02:00
Shaun Schutte
e456074fd9
Create minidriver-italian-cns
...
These are the required registry values to get the Italian CNS card working under Windows 7 32 bit and 64 bit.
2015-04-23 16:54:11 +02:00
Frank Morgner
bcb5fc15e5
honour HAVE_CONFIG_H
2015-04-22 23:55:33 +02:00
Frank Morgner
9f318b829f
remove slots of removed readers
2015-04-21 02:00:06 +02:00
Frank Morgner
02f3997632
added error handling to print_ssh_key
2015-04-21 01:32:37 +02:00
Frank Morgner
e359b2a310
handle unexpected meltdown of PC/SC service
2015-04-21 01:09:21 +02:00
Frank Morgner
cbc43eeb88
fixed compiler warning
2015-04-21 01:04:18 +02:00
Frank Morgner
c8a7c8bc7a
fixed typo
2015-04-21 01:04:18 +02:00
Frank Morgner
54f285d57a
correctly handle readers that have been removed
2015-04-21 01:04:18 +02:00
Frank Morgner
c45c90a337
sc_pkcs11_close_all_sessions: close all sessions even if closing one fails
2015-04-20 16:18:11 +02:00
Thomas Calderon
23ca1f101d
pkcs11-tool: Add support for creating EC privkey
...
* This patch allows to create EC private keys. The feature re-use the GOST
parsing function as instanciating an ECDSA key is the same as a GOST key.
2015-04-15 08:58:05 +02:00
Frank Morgner
a7a903fd81
check ATRs even for forced card driver
...
some card drivers depend on a card type which is initialized by matching the card's ATR
2015-04-15 08:56:22 +02:00
Viktor Tarasov
96556dea7b
fix #433 : EC privateD octetstring may need leading zeros
2015-04-12 13:35:27 +02:00
German Blanco
6caa85f238
Issue 395. Avoiding a couple of memory leaks.
2015-04-12 11:35:09 +02:00
Frank Morgner
6e84ee0ba7
pkcs11-tool: honour unsupported signature mechs
2015-04-12 11:28:25 +02:00
Frank Morgner
643080baf9
honour key capabilities for decryption/verification
...
fixes #419
2015-04-12 11:28:25 +02:00
Frank Morgner
d7ab0df51d
export sc_pkcs15_bind_internal
...
allows bootstrapping an external pkcs15 driver
2015-04-12 11:28:25 +02:00
Viktor Tarasov
3e2d51e0ba
iasecc: use PIN PAD with variable PIN length
2015-04-11 16:47:13 +02:00
Viktor Tarasov
5757d82cc9
libopensc: stored-length member in PIN CMD data
2015-04-11 16:45:17 +02:00
Viktor Tarasov
49598b6016
libopensc: invalid OID comparison for EC keys
...
Thanks to Peter Popovec <popovec.peter@gmail.com>
2015-04-09 11:49:05 +02:00
vletoux
ce962c14f4
fix #425 : guid computation issue
...
Compilation without OpenSSL - guid computation issue
This case is triggered when:
- built without OpenSSL
- called from a minidriver where id.len = 1
- card number is less than 15 bytes
(VTA: codding style slightly touched)
2015-04-08 18:41:51 +02:00
Dirk-Willem van Gulik
4000e6d5b0
Add missed option debug info
...
Fix misspelled key in --help output (thanks Philip Wendland).
2015-04-08 18:03:46 +02:00
vletoux
8ea328ff7f
Minor code quality improvements.
...
Basically checks that the memory allocation succeed.
The ctbcs.c change improve the readability
because count = 0 and len > 254 does not add any value.
VTA: added few coding style changes
2015-04-05 13:15:57 +02:00
Frank Morgner
db860c0d2a
export sc_sm_stop
2015-04-04 22:09:22 +02:00
Philip Wendland
fa045d44ec
pkcs11-tool: Let the user choose the ECDSA signature format
...
Instead of hard-coding the format depending on whether OpenSC was compiled with
OpenSSL or not, the user should be able to choose the format himself.
The default format now is the normal concatenation of R,S both for CKM_ECDSA
and CKM_ECDSA_SHA1.
2015-04-04 22:01:22 +02:00
Philip Wendland
f93835add9
Allow log functions to be called with ctx==NULL
...
This change allows functions to be used from places where there is no
sc_context (ctx) available.
2015-04-04 22:01:22 +02:00
Viktor Tarasov
95ad11a253
iasecc: special case for 'Gemalto GemPC Pinpad'
...
issue 424
VTA: this pinpad, the only available, do not accept different values
for min and max PIN lengths in P10 block.
2015-04-04 21:41:28 +02:00
Frank Morgner
c0fac2a4f6
stop SM in case of SM errors
2015-04-02 09:54:41 +02:00
Frank Morgner
e07c4bcfbb
added sc_sm_stop
...
implementation taken from the ISO SM driver of
https://github.com/frankmorgner/vsmartcard/tree/master/npa
2015-04-02 09:54:41 +02:00
Frank Morgner
30b24e79c0
fixed memory corruption in encode_file_structure
...
as suggested by Peter Popovec
2015-04-01 09:42:21 +02:00
Dirk-Willem van Gulik
88ec461bc5
tool: RFC4716 compliant key output
...
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.
VTA: use short form of log call in iso7816
2015-03-31 19:09:25 +02:00
Frank Morgner
0790969b97
recognize short EF identifier
2015-03-31 18:48:57 +02:00
Thomas Calderon
4a4d750e73
iasecc: Fix log output is always displayed
...
* iasecc_read_public_key function uses SC_SUCCESS instead of log level
value, hence the log output is always displayed. This uses
SC_LOG_DEBUG_NORMAL instead.
VTA: updated to use short form of LOG macro
2015-03-31 18:47:11 +02:00
Thomas Calderon
117f3a74be
iasecc: Fix key usage when provisioning card
...
* Avoids overriding key_usage when creating objects on the card.
2015-03-31 18:25:54 +02:00
Robert Quattlebaum
548c2780d3
Add support for ACOS5-64 cards.
...
The ACOS5-64 cards have a different ATR than the original
ACOS5-32 cards. This change simply adds this ATR so that it
will be recognized properly.
2015-03-29 14:09:35 +02:00
vletoux
5007e9fc9f
md: fix build without OPENSSL_VERSION_NUMBER
...
Fix the WCHAR / CHAR conversion problem in CardAuthenticateEx in case of PinPAD (vs->wzPinContext is UNICODE)
Fix UNICODE compilation problem( MessageBoxA instead of MessageBox)
2015-03-29 13:59:21 +02:00
vletoux
3b873adad2
win32: allows UNICODE built.
...
UNICODE is set by default by Visual Studio (but can be deactived)
The trick is to force ANSI version by appending a A to the function calls.
2015-03-29 13:54:51 +02:00
Philip Wendland
c8d206ece1
IsoApplet: Increase indicated version to 00.06
...
Backward compatiblity with 00.05 is kept.
2015-03-29 13:34:58 +02:00
Philip Wendland
9078856675
IsoApplet: register ECC mechanisms only when ECC is supported by card
...
There are few Java Cards that do not support ECDSA at all.
Starting with IsoApplet version 00.06, the applet returns whether the card
supports ECDSA or not. This commit uses this information to decider whether to
register ECDSA mechanisms or not.
2015-03-29 13:34:58 +02:00
Philip Wendland
76facf0d73
IsoApplet: add support for GET CHALLENGE
2015-03-29 13:34:58 +02:00
Philip Wendland
e258cec13e
IsoApplet: Add nistp224, secp192k1 and secp256k1 curves
...
secp*k1 curves are only supported applet version >= 0.6.0 because of an issue
with encoding ECC public keys with small parameters.
2015-03-29 13:34:58 +02:00
Philip Wendland
ab5ca331b2
IsoApplet: Obtain applet version and card capabilities *after* match_card()
2015-03-29 13:34:58 +02:00
Philip Wendland
bba6e17aa9
isoApplet: Fix indentation of isoApplet.profile
2015-03-29 13:34:58 +02:00
Viktor Tarasov
090aed2fc2
ec: fix length of allocated mem for EC signature
...
discussion in PR #398
2015-03-29 13:08:01 +02:00
Philip Wendland
4b51b99748
pkcs11-tool: harmonize supported ECC curves
...
pkcs15-pubkey.c holds a struct containing supported ECC curves. The contents of
this struct are being harmonized with pkcs11-tool supported curves.
2015-03-29 12:55:54 +02:00
Frank Morgner
f3573ede0d
fixed requesting PACE features
2015-03-29 12:42:13 +02:00
Andreas Schwier
b1bdfae200
sc-hsm: revert broken a4c8d671
...
sc-hsm: Fixed minimum value for number of password shares
2015-03-29 12:40:44 +02:00
Wouter Verhelst
5149dd3e62
belpic: Support 2K cards
...
Recent BELPIC cards (issued since March 2014) have a validity of 10
years (rather than 5 as before), and therefore also increased the key
size from 1024 bits to 2048 bits.
Key size can be detected by checking the applet version, for which we
have to issue a "GetCardData" command. If the applet is version 0x17 or
higher, keys are 2048 bits.
Use #defines rather than magic numbers
Keeps the code slightly more readable.
While we're at it, refactor slightly so that the code which issues the
GET CARD DATA command doesn't just keep the applet version, but also
makes other things available.
This latter in preparation of setting the serial number.
2015-03-29 12:11:44 +02:00
Frank Morgner
c019a62309
pkcs11: parameter checking for 'get_mechanism_list'
...
fixes #409
2015-03-29 12:11:08 +02:00
Thomas Calderon
435291f216
iasecc: initial support for Morpho IAS Agent Card
...
* This commit adds initial support for Morpho French Agent card which is an
IAS card. Signature operations are working. Since my test card was
read-only, I was unable to test object management functions.
* Add missing copy of AID in structure
2015-03-29 12:10:55 +02:00
Viktor Tarasov
c0c8a89126
mcrd: move driver to the end of detection list
...
the drivers that need to probe the AIDs to recognize its supported card
have to be placed at the end of the list of internal drivers
2015-03-20 18:08:18 +01:00
Hannu Honkanen
2fffbce65c
myeid: update EC support for MyEID-v4 card
2015-03-14 17:47:44 +01:00
Viktor Tarasov
877fa862d9
isoApplet: prototype of asn1_sig_value_sequence_to_rs() has changed
2015-03-10 09:09:14 +01:00
viktorTarasov
595be37fee
Merge pull request #305 from philipWendland/master
...
Add support for the IsoApplet Java Card applet
2015-03-07 23:36:25 +01:00
Viktor Tarasov
2abe135f97
asn1: re-fix error in EC signature encode helper
...
see comment for 8cf99a9372
2015-03-07 22:40:43 +01:00
Viktor Tarasov
1739300657
pkcs15: fix name of EC curve, add new ones
2015-03-05 10:32:54 +01:00
Viktor Tarasov
6f6286de99
pkcs11: generate EC key: use allocated EC params
...
For internal use allocate and copy the EC params data from the caller's template,
rather then use them directly as a pointer in internal public key data.
2015-03-04 19:47:13 +01:00
Viktor Tarasov
31124ac4f9
pkcs15init: allocate EC parameters
2015-03-04 19:46:21 +01:00
Viktor Tarasov
1123768ac3
libopensc: invalid 'free' and 'assign NULL' order
2015-03-04 19:45:23 +01:00
Viktor Tarasov
8cf99a9372
asn1: fix error in EC signature encode helper
...
The raw format of EC signature was invalid when 'r' and 's' had different length.
https://github.com/OpenSC/OpenSC/pull/381#issuecomment-77016382
According to PKCS#11 v2.20:
"If r and s have different octet length, the shorter of both must
be padded with leading zero octets such that both have the same octet length."
2015-03-04 19:43:15 +01:00
Philip Wendland
74aeb8c923
IsoApplet: register supported EC curve *per curve*
2015-02-22 23:08:18 +01:00
Doug Engert
58d1f1db3f
Merge pull request #385 from darconeous/patch-2
...
Allow PKCS15 cache to work with PIV cards (if enabled)
2015-02-21 21:51:50 -06:00
Philip Wendland
85d16fbc57
IsoApplet: use helper function sc_asn1_sig_value_sequence_to_rs() introduced in #381
2015-02-20 23:02:04 +01:00
Philip Wendland
1aeebdaf1c
IsoApplet: react to changes of _sc_card_add_ec_alg() in fa923831f8
2015-02-20 22:56:23 +01:00
Philip Wendland
59eeacb74b
IsoApplet: react to removal of sc_pkcs15_ec_parameters in fa923831f8
2015-02-20 22:07:49 +01:00
Philip Wendland
a9d43af4bf
IsoApplet: use a buffer large enough when generating EC keys larger than 320 bit
2015-02-20 21:55:35 +01:00
Philip Wendland
da05fa2a47
IsoApplet: try to fix EC parameters when importing private keys from file
2015-02-20 21:55:35 +01:00
Philip Wendland
44d724b012
IsoApplet: fix more (comment) alignment issues with tabstop=8
2015-02-20 21:55:35 +01:00
Philip Wendland
5628a06353
IsoApplet: Align comments with spaces instead of tabs
...
Better view with tabstop=8.
2015-02-20 21:55:35 +01:00
Philip Wendland
43fa99c0f2
IsoApplet: Move the key gen debug info to the right places
2015-02-20 21:55:35 +01:00
Philip Wendland
0473decae4
IsoApplet: clear memory after prkey import.
...
Private key import via plain APDUs is dangerous and not recommended anyway, but clearing the apdu buffer does not hurt anyone.
2015-02-20 21:55:34 +01:00
Philip Wendland
73b391731b
IsoApplet: Don't set ECC field length of 512
...
512 is wrong for EC FP (correct would be 521 bit), and neither of those
two are currently supported by OpenSC.
2015-02-20 21:55:34 +01:00
Philip Wendland
e791948e42
IsoApplet: Simplify the private key import
...
Use the new features of sc_asn1_put_tag introduced in OpenSC/OpenSC#314 .
Additionally, a RSA private key is sent from one large buffer using either extended APDUs or chaining (in compliance to IsoApplet API version 00.05).
2015-02-20 21:55:34 +01:00
Philip Wendland
6cdf6c08a5
IsoApplet: use AID directly when selecting applet
...
Now that apdu.data is const (see ef94c6b875
), this can be done without discarding the const qualifier of the aid parameter.
2015-02-20 21:55:34 +01:00
Philip Wendland
09acfd7ec0
IsoApplet: ECDSA signatures - only strip excess zeroes
...
It is required to strip excessive zeroes returned by some Java Cards when removeing the ASN1 structural information for PKCS#11 so that the x/y can be calculated by dividing the signature length by 2. However, the leading zero may only be stripped if it is excessive (outside the field length). Otherwise generated signatures are wrong in rare cases (1 out of 256).
2015-02-20 21:55:33 +01:00
Philip Wendland
c463f1a7a1
IsoApplet: Do not set RSA hashes
...
See: 189e998486
The IsoApplet requires the host to do the hashes with RSA. OpenSC will
add all hashes that are available in software and will not expect the
card to do the hashing.
2015-02-20 21:55:33 +01:00
Philip Wendland
e3cc851b72
IsoApplet: EC key-gen rework and refactorings
...
Rework the EC key generation mechanism to send the curve parameters to
the card. In earlier versions, the applet had a copy of the curve
parameters and there was a different algorithm reference for every
curve. This is unfeasible when trying to support a larger number of
curves because of size limitations of the applet.
This commit additionally includes some refactorings that should not
change the functionality.
2015-02-20 21:55:33 +01:00
Philip Wendland
6f9e894ebe
IsoApplet: set lock when doing command chaining
2015-02-20 21:55:33 +01:00
Philip Wendland
48bd6b0964
Add support for the IsoApplet (Java Card applet)
...
The IsoApplet can be found here:
https://github.com/philipWendland/IsoApplet
Add read/write support for this applet, including RSA and
ECC support.
2015-02-20 21:55:26 +01:00
Frank Morgner
bff0ea4837
fixed compiler warning
2015-02-20 19:54:40 +01:00
Frank Morgner
16ea926d29
fixed indentation
2015-02-20 19:54:40 +01:00
Frank Morgner
236e68b17c
fixed NULL dereference
2015-02-20 19:54:40 +01:00
Frank Morgner
da07e22c97
use memmove for overlapping memory
2015-02-20 19:54:40 +01:00
Pedro Martelletto
ced77ae6c7
cardos: overwrite content of deleted private key
...
when deleting a private key object, overwrite its contents so the key can no longer be used.
(VTA: original commit touched to use LOG macros and add debug logs)
2015-02-20 18:03:37 +01:00
Viktor Tarasov
b08671fab5
pkcs15-crypt: option for output format of ECDSA signature
2015-02-20 14:20:28 +01:00
Viktor Tarasov
80c496671f
helper functions to change format of ECDSA signature
2015-02-20 14:20:19 +01:00
Viktor Tarasov
fa923831f8
introduce EC curve OID into algorithm info data
...
needed to store information about EC curve supported by card.
Primary usage is when importing/generating key to get know if particular curve is supported by card.
2015-02-20 13:49:18 +01:00
Doug Engert
d7475c8180
Add brackets in card-piv.c
2015-02-16 10:43:19 -06:00
Doug Engert
572218c59c
Fall through comment before break
2015-02-16 10:11:24 -06:00
Robert Quattlebaum
0ffad3f3bb
Fix for bad caching behavior of PIV PKCS15 emulator.
2015-02-12 16:42:17 -08:00
Doug Engert
981a0fbbaf
Fix-up changes caused by Coverity scan
...
piv-tool.c add /* fall through */ to avoif false warning
card-piv.c - clean up if sc_lock fails.
2015-02-11 13:39:59 -06:00
Viktor Tarasov
3c1d8ad695
accept no output for 'SELECT' MF and 'SELECT' DF_NAME
...
PR #342
2015-02-07 21:46:44 +01:00
Martin Campbell
d162143964
Updating to fix failure of ePass2003 USB smart card due to failure to re-authenticate secure messaging when card is reset due to multiple applications using PKCS11 sessions
2015-02-07 21:46:44 +01:00
Thomas Calderon
22fb49b554
PKCS#11: Improve compliance for public keys.
...
* Key usage required when calling C_CreateObject for public key are not used.
This adds the logic to convert from PKCS#11 attributes to PKCS#15 in the
structure that is sent to underlying _store_pubkey functions.
2015-02-07 20:17:12 +01:00
Viktor Tarasov
96265e6d08
pkcs15init: superpluous 'ec-params' in init data
...
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
2015-02-07 20:00:41 +01:00
Viktor Tarasov
e374f88b82
pkcs15-pubkey: add EC params in SPKI encoding
2015-02-07 19:55:08 +01:00
Viktor Tarasov
9148f21cd1
pkcs15-pubkey: possible NULL dereference, logs
...
... remove obsolete comments, minor coding style corrections
2015-02-07 19:55:08 +01:00
Philip Wendland
faaa11e091
Prefer serial number from EF(TokenInfo) and cached serials over CARDCTL
...
sc_pkcs15_get_object_guid() should prefer the serial number from
EF(TokenInfo) over card->serialnr because the user may override the
card's serial number with "pkcs15-init -C --serial". The card->serialnr
should be used before calling card CTL with SC_CARDCTL_GET_SERIALNR
because it might contain a cached value.
This change *should* allow cards to be used with the minidriver even if
SC_CARDCTL_GET_SERIALNR is not implemented. For example, a driver might
set card->serialnr at initialization or the user might initialize a
PKCS#15 card with its own "--serial".
See also the discussion at the mailing list:
[Opensc-devel] AT_SIGNATURE and AT_EXCHANGE Problem
2015-02-07 19:48:10 +01:00
Viktor Tarasov
08eb700b97
revert or partially revert some of recent commits
...
b94c163
- invalid, non-tested
11881a6
-- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7
-- src/pkcs11/slot.c -- SEGFAULT issue #373
3a92bf7
-- src/tools/piv-tool.c -- confirmed by author
6759c04
-- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
2015-02-07 19:31:17 +01:00
Frank Morgner
3a92bf7af5
fixed resource leaks
2015-02-05 01:38:41 +01:00
Frank Morgner
11881a61b8
removed/fixed dead code
2015-02-05 01:38:41 +01:00
Frank Morgner
a3fc62f79f
fixed NULL dereference (or warning thereof)
2015-02-05 01:38:40 +01:00
Frank Morgner
8d902d1ed3
fixed out of bounds read/write/access
2015-02-04 09:24:50 +01:00
Frank Morgner
a4c8d67110
fixed improper use of negative value
2015-02-04 09:03:27 +01:00
Frank Morgner
761e175212
fixed sc_driver_version check
2015-02-04 08:52:30 +01:00
Frank Morgner
5cafbe0f4b
fixed undefined shift behaviour
2015-02-04 08:50:19 +01:00
Frank Morgner
ed9572422f
check return values
2015-02-05 01:37:53 +01:00
Frank Morgner
47df45f5f2
set le instead of p2 twice
2015-02-05 01:37:53 +01:00
Frank Morgner
5e3d54186a
removed useless check for non-null array
2015-02-05 01:37:53 +01:00
Frank Morgner
ac4da89d0d
use memmove for overlapping memory
2015-02-05 01:37:53 +01:00
Frank Morgner
53e1992cc2
use strerror for failure of gettimeofday
2015-02-05 01:37:53 +01:00
Frank Morgner
db0cb7557c
Merge pull request #363 from frankmorgner/travis-ci
...
added travis-ci configuration
2015-02-02 23:51:54 +01:00
Frank Morgner
2f3eaa1dbe
Merge pull request #366 from frankmorgner/coverity
...
Fixes for Problems reported by Coverity Scan
2015-02-02 23:51:10 +01:00
Viktor Tarasov
3047fe2c3b
log: implement 'dump OID'
2015-02-02 17:03:33 +01:00
Viktor Tarasov
8e9a2361c6
pkcs15-tool: print length of EC public key
...
when this key is read from dedicated EF
2015-02-02 16:55:07 +01:00
Frank Morgner
6759c04b26
don't ignore errors
2015-01-28 04:45:08 +01:00
Frank Morgner
2e04fa99c1
fixed pointless array comparisons
2015-01-28 07:39:35 +01:00
Frank Morgner
bd3cfcf5ef
fixed copy/paste error
2015-01-28 07:26:34 +01:00
Frank Morgner
b94c16394f
card-asepcos: fixed puk handling
2015-01-28 07:25:46 +01:00
Frank Morgner
734cb67924
fixed algo ref
2015-01-28 07:23:34 +01:00
Frank Morgner
3a557ad0dd
fixed parsing pace output data
2015-01-28 07:22:03 +01:00
Frank Morgner
92ad6eb63c
fixed determining ef type
2015-01-28 07:21:55 +01:00
Frank Morgner
7fb495ac31
fixed self assignment
2015-01-28 07:10:57 +01:00
Frank Morgner
ac0424e947
fixed pkcs11spy's version number
2015-01-28 07:09:02 +01:00
Frank Morgner
b9f1fb333c
fixed bad output data length
2015-01-28 07:07:33 +01:00
Frank Morgner
08fcfcc8f0
fixed wrong sizeof argument
2015-01-28 07:04:02 +01:00
Frank Morgner
87b2403673
fixed out of bounds access/write
2015-01-28 07:00:02 +01:00
Frank Morgner
68d86644fd
fixed use after free
2015-01-28 06:10:16 +01:00
Frank Morgner
b1b99ce7e5
fixed integer underflow
2015-01-28 06:03:52 +01:00
Frank Morgner
027e4a0867
fixed out of bounds read
2015-01-28 05:59:41 +01:00
Frank Morgner
7c497b324f
fixed not null terminated buffer
2015-01-28 05:51:00 +01:00
Frank Morgner
77752f442d
fixed unused value
2015-01-28 05:47:20 +01:00
Frank Morgner
fdd38f6e04
fixed copy into fixed size buffer
2015-01-28 04:30:40 +01:00
Frank Morgner
ea40322a30
added travis-ci configuration
2015-01-27 22:56:11 +01:00
Frank Morgner
b6a935a261
fixed memory leak
2015-01-24 23:12:47 +01:00
Frank Morgner
00330b2c79
fixed resource leak
2015-01-24 22:16:22 +01:00
Frank Morgner
6641cbf455
fixed potential string overflow
2015-01-24 20:17:26 +01:00
Frank Morgner
3f64d3a805
fixed bad memory allocation
2015-01-24 20:11:16 +01:00
Frank Morgner
9a4b58800b
fixed Printf arg type mismatch
2015-01-24 20:00:03 +01:00
Frank Morgner
fca3a37097
fixed truncated stdio return value
2015-01-24 19:47:01 +01:00
Frank Morgner
8df9896204
pass big parameter by reference
...
reported by coverity scan
2015-01-24 19:25:11 +01:00
Frank Morgner
1b53b59ed3
fixed potential use after free
...
reported by coverity scan
2015-01-24 19:22:39 +01:00
Frank Morgner
7a34c204c1
fixed dereference before null check
...
silence warnings reported by coverity-scan
2015-01-22 20:29:33 +01:00
Mathias Brossard
762d466b23
Add display of Elliptic Curve flags
2015-01-20 23:15:41 -08:00
Mathias Brossard
7a455f64c7
Support of additional type, mechanisms and attributes
2015-01-20 23:15:31 -08:00
Mathias Brossard
3dadd3fba1
Add some missing PKCS#11 values
2015-01-20 23:15:22 -08:00
Mathias Brossard
17c1cffb3d
Fix typo on CKF_EC_UNCOMPRESS
2015-01-20 23:14:50 -08:00
Mathias Brossard
c3a0bbc715
Update email and year
2015-01-20 23:14:36 -08:00
Frank Morgner
f143d7b73e
Merge pull request #346 from frankmorgner/pkcs11provider
...
use OpenSC as default PKCS#11 provider
2015-01-20 23:43:48 +01:00
Joachim Bauch
9543cdb121
Handle case where input data is already padded.
2015-01-20 16:52:30 +01:00
Joachim Bauch
87cc05c03f
Receive signature to temporary buffer, will be copied to output buffer later.
2015-01-20 16:49:11 +01:00
Joachim Bauch
19bbfc76f5
Added initial support for STARCOS 3.4 (German D-Trust cards).
...
Code inspired by experimental STARCOS 3 driver by Martin Vogt:
http://article.gmane.org/gmane.comp.encryption.opensc.devel/9846
Supports `opensc-explorer`, `pkcs15-tool` and `pkcs15-crypt` (signing with PKCS#1 padding).
Cards available from `https://www.bundesdruckerei.de/en/768-d-trust-signature-cards `.
2015-01-19 18:04:12 +01:00
Thomas Calderon
91ddcfb514
PKCS15: remove redundant code for access_flags.
...
* With commit facaf59
, access_flags were set for most cards. A closer look
revealed that this is already done in `sc_pkcs15emu_add_rsa_prkey`.
Therefore, this removes the duplicated code for cards calling this function.
2015-01-16 10:03:13 +01:00
Thomas Calderon
ed87ea38b9
PKCS#11: Fetch real value of CKA_LOCAL for pubkey
...
* Fetch value from pub_info structure for CKA_LOCAL attribute.
2015-01-14 17:38:08 +01:00
Thomas Calderon
d727acb47a
PKCS#11: Remove inconsistent attributes
...
* Improve compliance related to PKCS#11 attribute fetching.
2015-01-14 17:22:43 +01:00
Thomas Calderon
4915eaa56b
Improve PKCS#11 compliance. Issue #335
...
* This simple patch allows for values of PKCS#11 attributes to be fetched
from the underlying card.
2015-01-05 14:00:22 +01:00
Thomas Calderon
bbedd4ef00
IAS-ECC: improve PKCS#11 compliance Issue #336
...
* Ensure CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are only set when
generating the key on board, not reason to set them when importing a private
key.
2015-01-05 13:59:37 +01:00
Thomas Calderon
32d8173b4c
IAS-ECC: Improve detection Gemalto cards(Issue #343 )
...
* Improve IAS-ECC card detection using the ATRMask.
Previous commit was revert since work was not done in topic branch.
2014-12-29 16:09:06 +01:00
Philip Wendland
7e7a44acff
sc_asn1_put_tag - support larger tags
...
Enhance sc_asn1_put_tag to support larger tag names and larger tags.
Prior to this, sc_asn1_put_tag did only support tags with a length of at most 127 bytes and tag names of one byte.
2014-12-29 15:37:45 +01:00
Andreas Schwier
3961275d8c
Allow user to overwrite SO-PIN when using PIN-PAD reader
2014-12-29 13:39:37 +01:00
Thomas Calderon
facaf5969b
Improve PKCS#11 compliance. Issue #335
...
* Add default behavior for cards using the PKCS#15 emulation layer.
Hence, this patch provide a default value for access_flags compatible with
current OpenSC's behavior while allowing compatible cards to fetch the real
value from the card (IAS-ECC and AuthentIC).
2014-12-29 13:11:23 +01:00
Frank Morgner
291e9dab9e
use OpenSC as default PKCS#11 provider
...
closes #229
2014-12-19 22:27:34 +01:00
Philip Wendland
aa7886f36d
pkcs15-init: fix memory corruption
2014-12-19 16:52:14 +01:00
Frank Morgner
4167455362
Merge pull request #321 from resoli/master
...
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
2014-12-19 11:47:26 +01:00
Frank Morgner
a7bf05ecc4
Merge pull request #337 from frankmorgner/7816
...
7816
2014-12-19 11:37:48 +01:00
Frank Morgner
4d5997dfba
fixed selection of muscle applet for some JCREs
...
Previously, partial DF name selection was used, which is not mandatory
to implement for a JCRE. We now use the full DF name which must always
be implemented.
Note that the MUSCLE applet is deprecated and should not be used.
fixes #135
2014-12-12 22:40:20 +01:00
Frank Morgner
45fe96579f
added support for sc_path_t with only aid set
2014-12-12 21:45:53 +01:00
Frank Morgner
73715e37d9
fixed compiler warnings
...
fixed warnings introduced with b18c86e646
fixes memory leaks in pkcs15-init and pkcs15-tool
2014-12-12 21:45:53 +01:00
Frank Morgner
e137396d56
workaround for compiler warnings
2014-12-12 21:45:53 +01:00
Frank Morgner
e1fbdc030b
iso7816: make select agnosting to sc_path_t's aid
2014-12-12 21:45:52 +01:00
Frank Morgner
69b27179eb
use path only if it is actually present
2014-12-12 21:45:52 +01:00
Nguyễn Hồng Quân
c71a453ff1
openpgp-tool: Fix wrong operator
...
Used "!=" instead of "|="
2014-12-11 12:51:15 +08:00
Frank Morgner
238b9e344a
Revert "Added ATR for ItalianCNS - Prov. BZ"
2014-12-10 11:07:56 +01:00
Nguyễn Hồng Quân
99b5cb53e1
OpenPGP: Remove unused variables and fix type cast.
2014-12-10 04:01:06 +08:00
Nguyễn Hồng Quân
7f08983240
Merge branch 'master' into gnuk
...
Conflicts:
src/tools/openpgp-tool.c
2014-12-09 02:40:33 +08:00
Frank Morgner
ec2eb86bec
don't reimplement output of status words
...
Closes #326
2014-12-07 23:54:32 +01:00
Etienne Cordonnier
9cbec38cfa
Fix bug in verbose flag handling.
...
Using the verbose flag was causing cardos-tool to return as if an error
had occured.
2014-12-07 23:54:09 +01:00
germanblanco
1408e25e4b
Removal of cache, fixing a compiler warning and removing recursive functions.
2014-12-07 23:34:15 +01:00
Frank Morgner
fce847bf25
Merge pull request #318 from sschutte/master
...
Added ATR for ItalianCNS - Prov. BZ
2014-12-06 23:32:31 +01:00
Frank Morgner
a2ba4d3bae
Merge pull request #319 from CardContact/add-sec-k-curves
...
sc-hsm: Add support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
2014-12-06 23:22:43 +01:00
Frank Morgner
b18c86e646
Merge pull request #320 from frankmorgner/tools-pin
...
Optimize util_get_pin from #289
2014-12-06 23:21:39 +01:00
Frank Morgner
8188b8acac
Merge pull request #322 from frankmorgner/iso-ext
...
adjust send/receive size accoriding to card capabilities
2014-12-06 23:16:21 +01:00
Doug Engert
cd01a73caf
C_Digest does not check if buffer too small before update. Issue #327
...
C_Digest will now query for the buffer size using sc_pkcs15_md_final
before calling sc_pkcs15_md_update. This avoids doing a double update
when the user passes in a buffer to small, then gets the buffer and calls
C_Digest again.
2014-12-02 11:15:24 +01:00
Etienne Cordonnier
0c0b2145ac
Translate French to English.
2014-11-26 19:00:38 +01:00
Frank Morgner
3f442c5608
adjust send/receive size accoriding to card capabilities
2014-11-17 21:16:13 +01:00
george
8d21cea7fc
hardcode->defines for DO's
2014-11-11 16:16:15 +01:00
Nguyễn Hồng Quân
901c7952c1
Replace hardcode.
2014-11-09 15:58:40 +07:00
Doug Engert
4dbfba3102
Use correct bit when writing PIV certificate object with gzipped certificate
...
NIST 800-73 clarified the CertInfo flag for gzipped certificate is 0x01
piv-tool was writting 0x80.
OpenSC card-piv.c continues to accept both.
2014-11-07 19:49:36 -06:00
resoli
867176b0f7
itacns_get_serialnr(): check sc_read_binary() returned data length (only).
2014-11-07 12:49:44 +01:00
resoli
7fea6eb8ba
itacns_get_serialnr(): check sc_read_binary() returned data length.
2014-11-07 12:48:43 +01:00
resoli
56684d857c
itacns_get_serialnr(): check sc_read_binary() returned data length.
2014-11-07 12:35:21 +01:00
resoli
f83f8d28df
itacns_get_serialnr(): relaxed checking on sc_select_file returned length, added debug log.
2014-11-07 11:42:16 +01:00
emRoberto Resoli/em
255c0335a1
Indenting fix and stronger limit on serial number length.
2014-11-06 16:17:51 +01:00
resoli
0e06427754
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
...
Implementation of card_ctl function with SC_CARDCTL_GET_SERIALNR
2014-11-05 22:57:25 +01:00
Frank Morgner
d00d7b3498
Merge pull request #276 from asmw/fix_return
...
openpgp-tool: Return EXIT_SUCCESS if no error occurs
2014-11-05 10:57:26 +01:00