Commit Graph

151 Commits

Author SHA1 Message Date
Raul Metsma 8e13acf51e Restore pkcs11 onepin module for Firefox usage 2014-05-31 21:15:19 +02:00
Viktor Tarasov 7b1e2e5dd3 build: uninstall-hook for opensc.conf 2014-05-11 17:44:34 +02:00
Nikos Mavrogiannopoulos 7796d2c95c Mention that create_slots_for_pins can be used to get opensc-onepin behavior. 2014-04-21 13:40:26 +02:00
Viktor Tarasov 3f023d3342 pkcs15: PIN value not validated in pkcs15-verify
In pkcs15-verify the value of PIN is not more validated for conformity with PIN policy,
value is only checked for maximal allowed length.

So that, no more need of 'ignore-pin-length' configuration option - now it's default behavior of common framework.
2014-01-19 19:19:17 +01:00
Viktor Tarasov 15f694f85d pkcs11: introduce 'ignore-pin-length' config option
When doing C_Login default behavior is to ignore the applied PINs with lengths less
then value of PKCS#15 PIN attribure 'min-length'. Such a PINs are not
really verified by card.

With 'ignore-pin-length' option in 'true' all applied PINs are verified by card.
2013-12-29 22:00:28 +01:00
Viktor Tarasov 1a972920f0 By default 'default' card driver is disabled ...
'Default' card driver is explicitely enabled for 'opensc-explorer' and 'opensc-tool' tools.
https://github.com/OpenSC/OpenSC/pull/175
2013-08-02 22:01:51 +02:00
Viktor Tarasov 961059a052 build: include to 'dist' the files used by Windows build 2012-09-12 10:50:51 +02:00
Viktor Tarasov ed18b789d7 win32: add windows version of opensc.conf.in
it do not contains macros that have to be resolved by 'configure'.
2012-09-01 19:51:43 +02:00
Doug Engert a3b516a1e1 Add pin_cache_ignore_user_consent parameter to opensc.conf
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.

OpenSC will not cache a PIN that protects a user_consent
object as one would expect.

This mods allows PINs to be cached even if protecting a
user_consent object by adding
 pin_cache_ignore_user_consent = true;
option in opensc.conf.

Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
2012-08-12 00:11:03 +02:00
Diego Elio Pettenò 1d6fae2241 build: use autoconf's MKDIR_P not automake's (deprecated) mkdir_p. 2012-07-01 17:03:27 +02:00
Viktor Tarasov 0410a0c9e8 build: 'auto-config' parameters
In configuration file replace the 'auto-config' parameters with the windows specific values.
2012-06-08 20:17:36 +02:00
Viktor Tarasov 78fe16654e pkcs15init: iasecc: create objects for minidriver support
- Create/delete the PKCS#15 'DATA' objects destinated to supply support of minidriver. For a while only 'Gemalto' style of such support is implemented.
- Declare epass2003 pkcs15init operations.
- include into OpenSC configuration the SM related sections
2012-06-08 20:17:36 +02:00
Viktor Tarasov cfd5aaba7d SM: initial implementation of secure messaging framework 2012-06-08 20:17:35 +02:00
Viktor Tarasov d1cf65754b pkcs11: no more 'hacked' mode and 'onepin' module version
'OnePIN' version of opensc-pkcs11 module is not installed.
Instead, in the 'pkcs11' section of OpenSC configuration,
there is a possibility to define in a different manner
how to create slots for the present PINs and applications.
2012-05-21 19:19:38 +02:00
Diego Elio Pettenò 3c324b8b73 build: fix parallel install by creating directory in the rule
Relying on the rule that creates the directory is a bad idea to be
parallel safe.
2012-05-16 17:18:38 +02:00
Stef Walter 00e02359a3 libopensc: Add 'paranoid-memory' setting for behavior when mlock() fails
* Setting paranoid-memory to true, and mlock() fails, then
   allocations which require non-pageable memory will return NULL
2012-02-17 10:02:55 +01:00
martin 44cf3d06ae MiniDriver: rename cardmod to minidriver in source.
Also change some grammar, whitespace (reported by git) and wording (Opensc->OpenSC) issues.
Add some comments here and there.

See http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016261.html

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5329 c6295689-39f2-0310-b995-f0e70906c6a9
2011-04-12 07:40:12 +00:00
andre 69c846f904 libopensc: Re-defines SC_CARD_FLAG_ONBOARD_KEY_GEN to be local to the file card-flex.c, because that flag is used nowhere else. In principle, this patch only reverts some changes made by r2192.
Relates to #296.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5312 c6295689-39f2-0310-b995-f0e70906c6a9
2011-04-08 13:30:32 +00:00
vtarasov 33f44f8dc1 pkcs15: pin references are always positive integers ...
In the OpenSC versions previous to 0.11.5 the references greater then
127 were erroneously encoded by one byte (negative value ecording to the
ASN.1 rules).
Actually some other proprietary PKCS#15 cards have also this infirmity.

Actual commit makes general the application of the hack used for 'starcos' card.

http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016062.html


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5220 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-06 12:35:35 +00:00
martin d59197748c EstonianEid: Force T=0 for the newest ATR as well.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5216 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-01 11:19:45 +00:00
vtarasov 16ca4b05f8 opensc.conf: by default comment out all IAS/ECC specific configuration lines ...
http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016013.html


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5205 c6295689-39f2-0310-b995-f0e70906c6a9
2011-02-17 09:36:36 +00:00
vtarasov e02becc6e2 IAS/ECC: for the IAS/ECC cards include into the OpenSC configuration the 'card_atr' sections
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5199 c6295689-39f2-0310-b995-f0e70906c6a9
2011-02-16 11:01:46 +00:00
andre 5405d74d19 opensc.conf.in: clean up white spaces
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5105 c6295689-39f2-0310-b995-f0e70906c6a9
2011-01-18 04:43:32 +00:00
andre 83f393ff0d opensc.conf: Better wording of comments on max_x_size.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4950 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-14 03:16:37 +00:00
andre eeee3f926f opensc.conf: Lower the level of emphasise on the max_x_size options. Users with USB devices really shouldn't care about them.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4947 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-14 01:30:03 +00:00
vtarasov c8c291ea07 win32: build of MSI on checkouted trunk ...
is possible after 'bootstrap' and 'configure'


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4942 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-12 13:17:17 +00:00
martin 113dfda494 EstEID: add support for v 3.0 cards with 2048b keys
* Detect different cards based on ATR-s and on card objects
 * Set the card name from the ATR table
 * Conditionally add support for 2048b keys
 * Add workarounds for broken MULTOS and JavaCard cards.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 14:22:01 +00:00
martin c1c3aa1d55 PC/SC: make (dis)connect actions configurable, SCardDisconnect, SCardEndTransaction and SCardReconnect
actions can now be configured via opensc.conf in better detail.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4891 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 13:56:19 +00:00
martin 6fc7e62f20 conf: correct comments about OpenSC.tokend score meaning and default value.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4889 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 13:34:54 +00:00
martin df639efd89 EstonianEid: revert to old behavior and have the T=0 forcing.
Some cards have incorrect ATR-s and can cause troubles if pcsc-lite by default tries to set T=1 by default.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4834 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-28 13:11:13 +00:00
martin 31b0a05aaf EstonianEid: document more ATR-s in opensc.conf
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4832 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-28 05:30:09 +00:00
martin 6648255cb0 EstonianEid: add a broken EstEID ATR to the Micardo driver. Don't force a protocol for EstEID cards
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4825 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-22 15:48:04 +00:00
flc 3076fe265c Fix patch [4709] for cardmod until build in one static dll
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4808 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-15 08:07:34 +00:00
martin 72d961beb2 Fix #216: initial go with multiple reader subsystem removal.
* One sc_context has only a single reader driver.
 * remove dynamic reader driver loading capabilities
 * remove opensc-tool -R command
 * change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
 * check in ./configure for only a single enabled reader driver

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
2010-09-11 13:00:47 +00:00
martin 59a389757e opensc.conf: Better comment for max_send/recv_size meaning and default values.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4669 c6295689-39f2-0310-b995-f0e70906c6a9
2010-09-01 11:50:35 +00:00
martin 5f518a96be Update OpenSC.tokend related default config file entries.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4649 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-25 08:40:54 +00:00
martin 9a63e03e9a pkcs11/pkcs15-init: remove automagic software key generation. Remove software based secret key handling from PKCS#11.
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.

http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-23 14:47:07 +00:00
martin b1ff1abb1b Fix and change ignored readers feature introducsed in r4626 for Windows. strcasestr is GNU specific extension.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4630 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-16 08:59:14 +00:00
ep 71cdef0ed2 New card driver: Italian CNS/CIE (eID)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4627 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-16 00:56:27 +00:00
martin a938d3b67f Implement simple reader ignoring, to exclude readers from OpenSC PKCS#11 module.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4624 c6295689-39f2-0310-b995-f0e70906c6a9
2010-08-15 09:33:18 +00:00
viktor.tarasov ffc9f8efc6 pkcs11: by default do not lock login
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4359 c6295689-39f2-0310-b995-f0e70906c6a9
2010-05-19 08:17:53 +00:00
aj 02768fb5dc remove "split-key" option and emulat sign for sign,decrypt keys with padding
and decrypt() for cardos.


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4113 c6295689-39f2-0310-b995-f0e70906c6a9
2010-03-13 22:52:51 +00:00
viktor.tarasov 6cb0c93ee3 pkcs11: configuration option to report as zero the CKA_ID of CA certificates
In fact, the middleware of the manufacturer of the gemalto (axalto, gemplus) cards
reports the CKA_ID of CA certificates as '0'.

But it's not true for the others middlewares (Oberthur), NSS (afais) and PKCS#11 standard.



git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4097 c6295689-39f2-0310-b995-f0e70906c6a9
2010-03-09 16:57:39 +00:00
flc 3d23ea782b cardmod updates:
- Add comment to opensc.conf
- Use opensc log in cardmod
- Minor corrections on cardmod pcsc driver


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4036 c6295689-39f2-0310-b995-f0e70906c6a9
2010-02-17 07:51:52 +00:00
flc 0e03c6d5cf add cardmod a minidrivers for windows
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4001 c6295689-39f2-0310-b995-f0e70906c6a9
2010-02-05 13:05:25 +00:00
aj 32f7a4eed3 fix text a bit.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3959 c6295689-39f2-0310-b995-f0e70906c6a9
2010-01-28 14:53:36 +00:00
viktor.tarasov 9eebe0e1a5 pkcs11: by default do not create slot for the User PUK (thanks to Andreas)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3957 c6295689-39f2-0310-b995-f0e70906c6a9
2010-01-28 14:15:13 +00:00
viktor.tarasov 67b1ba0562 opensc.conf: in pkcs11 section a new option to disable slot for User PUK
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3954 c6295689-39f2-0310-b995-f0e70906c6a9
2010-01-28 12:17:05 +00:00
viktor.tarasov e2dae6b97b Unlock User PIN with PKCS#11:
One of the three unblock methods can be activated from the 'opensc-pkcs11' section of opensc.conf:
- C_SetPin() in the unlogged sesssion;
- C_SetPin() in the CKU_SPECIFIC_CONTEXT session;
- C_InitPin() in CKU_SO session (inspired by Pierre Ossman).
-- This last one works, for a while, only for the pkcs15 cards without SOPIN auth object.
   For the pkcs15 cards with SOPIN, this method will be useful for the cards 
   that do not have then modes '00' and '01' of ISO command 'RESET RETRY COUNTER'.

Test commands:
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin -l --login-type context-specific --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999"



git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3901 c6295689-39f2-0310-b995-f0e70906c6a9
2010-01-08 15:41:07 +00:00
aj f0484968a9 merge changes 0.11.11 -> 0.11.12
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3899 c6295689-39f2-0310-b995-f0e70906c6a9
2009-12-18 13:33:03 +00:00