Compare commits
798 Commits
0.20.0-rc4
...
golem/tess
Author | SHA1 | Date |
---|---|---|
giomba | 932bd27549 | |
giomba | b965e20bfd | |
giomba | 060d8ddb19 | |
giomba | 5167b30043 | |
giomba | 606edadb13 | |
Jakub Jelen | c902e19921 | |
Vesa Jääskeläinen | e97fec4d91 | |
Vesa Jääskeläinen | cababca4d5 | |
Vesa Jääskeläinen | 63a5a493a6 | |
Vesa Jääskeläinen | 1b344a4847 | |
Vesa Jääskeläinen | 7007eda0ba | |
Vesa Jääskeläinen | 1991fa24ae | |
Vesa Jääskeläinen | 6431f69dcc | |
Frank Morgner | 7d315b5546 | |
Doug Engert | 4c923c637c | |
Jakub Jelen | b67261ab27 | |
Jakub Jelen | 68b7efb591 | |
Jakub Jelen | 3048156db0 | |
Jakub Jelen | 1e43a6a1af | |
Doug Engert | c6a9b5699a | |
Doug Engert | 445a6324de | |
Doug Engert | 456ac56693 | |
Jakub Jelen | 8453c0d99a | |
Jakub Jelen | d47f42b12a | |
Jakub Jelen | 01cf556ba2 | |
Jakub Jelen | f43d3f8042 | |
Jakub Jelen | 5d338739ac | |
Jakub Jelen | e683c531f6 | |
Jakub Jelen | 1b329093f7 | |
Jakub Jelen | bc9b9df869 | |
Frank Morgner | 99656deaf4 | |
Jakub Jelen | 9a5a008093 | |
Jakub Jelen | d34e84c78d | |
Frank Morgner | d90048e5bb | |
Jakub Jelen | aa6574b60e | |
Jakub Jelen | fd6b64b91b | |
Alessio Di Mauro | 2f94a6b155 | |
Doug Engert | aebebac432 | |
Frank Morgner | c42792c216 | |
Stephan Mühlstrasser | 151583ce26 | |
Jakub Jelen | 9be6dc6606 | |
Jakub Jelen | 9d1a214340 | |
Jakub Jelen | fc2fecc80e | |
Jakub Jelen | ffd6e2a576 | |
Jaime Hablutzel | 465375bda2 | |
Jakub Jelen | 33426df3ff | |
Jakub Jelen | 8e4134841d | |
Jakub Jelen | a8a4bddfad | |
Jakub Jelen | a69ab7c70c | |
Jakub Jelen | fd96d2c960 | |
Jakub Jelen | 1b92501ef9 | |
Jakub Jelen | 07f5e63abf | |
Jakub Jelen | 12be677cb8 | |
Jakub Jelen | e4cf0e7b39 | |
Jakub Jelen | 0b45e78e4f | |
Yaroslav Isakov | fc08818f6f | |
Yaroslav Isakov | 23dc52c903 | |
Yaroslav Isakov | 29410c170e | |
Yaroslav Isakov | f356d301b9 | |
Doug Engert | 48a11c0634 | |
Doug Engert | f1bc07dec1 | |
Doug Engert | 8dfafe4fc2 | |
Vincent JARDIN | 5256bc3d3d | |
Vincent JARDIN | 180737d1b6 | |
Vincent JARDIN | f0c059ede8 | |
Vincent JARDIN | 46c50dc51d | |
Georgi Kirichkov | ca01d2c5e2 | |
Georgi Kirichkov | 5ae0ef4f41 | |
Georgi Kirichkov | 072c64aaed | |
Alon Bar-Lev | 35a8a1d7e1 | |
Ludovic Rousseau | 2ea5ed8ddd | |
Jakub Jelen | 2f145f5804 | |
Jakub Jelen | 613b56ee55 | |
Jakub Jelen | d0b847c6cf | |
Jakub Jelen | 835cee2e5a | |
Jakub Jelen | 06ac408bb4 | |
divinehawk | 98663528cf | |
ihsinme | 50eaa6bf57 | |
Frank Morgner | 32004e74ce | |
Anton Logachev | 570fc56c47 | |
Doug Engert | 19611682bd | |
Vincent JARDIN | a21bcf4b41 | |
Vincent JARDIN | e93bd3983c | |
Frank Morgner | 3f19991556 | |
Frank Morgner | 4ecb4b39ac | |
Frank Morgner | 75f24d2af7 | |
Frank Morgner | 2063a1d334 | |
Vincent JARDIN | e3a3722ad1 | |
Vincent JARDIN | fcd2e665fe | |
Vincent JARDIN | 405ecfc402 | |
Vincent JARDIN | 544aa4cc6b | |
Vincent JARDIN | 137286858f | |
Vincent JARDIN | 39b4472f38 | |
Vincent JARDIN | 396cbc46cf | |
Frank Morgner | 4912f05701 | |
Peter Marschall | 344ac0abe6 | |
Jakub Jelen | d6ec00c870 | |
Peter Popovec | dd48facd38 | |
Peter Popovec | 7d274a0d72 | |
Jakub Jelen | ef17b3fb89 | |
Jakub Jelen | cae5c71f90 | |
Jakub Jelen | 4b3c6dec07 | |
Frank Morgner | 991bb8a141 | |
Frank Morgner | a83069b89f | |
Carsten Blüggel | edb7ed25e4 | |
Frank Morgner | 545e47b29e | |
Vincent JARDIN | 1a3666364d | |
Vincent JARDIN | 0df0f80b55 | |
Philip Prindeville | b9c0addf88 | |
yehj | c3c5f2d518 | |
Frank Morgner | 83162c5c87 | |
Frank Morgner | ce0d409205 | |
Jakub Jelen | 7114fb71b5 | |
Jakub Jelen | 9cc942fd47 | |
Jakub Jelen | 7d0abdc192 | |
Jakub Jelen | 370eda4bd8 | |
Frank Morgner | 5f9085fedb | |
Marco Trevisan (Treviño) | 845eac4250 | |
Vincent JARDIN | 40e9a9c830 | |
Vincent JARDIN | b18234a7d9 | |
Jakub Jelen | 5d4daf6c92 | |
Jakub Jelen | 715c17c469 | |
Jakub Jelen | d5dea2dd1b | |
Jakub Jelen | 16b7c60fd3 | |
Frank Morgner | 05648b0604 | |
Vincent JARDIN | fc0df4e5d5 | |
Vincent JARDIN | 76507508d7 | |
Vincent JARDIN | 4119b2c3e7 | |
Vincent JARDIN | b508349010 | |
Vincent JARDIN | 20f359ea04 | |
Vincent JARDIN | c581d1b26f | |
Vincent JARDIN | fd83e885f7 | |
Vincent JARDIN | 6efd7b3029 | |
Vincent JARDIN | 41edcaa413 | |
Vincent JARDIN | 7cd713d15d | |
Vincent JARDIN | fd97f49a84 | |
Vincent JARDIN | 560692221b | |
Vincent JARDIN | acb8822444 | |
Jakub Jelen | 40c50a3a42 | |
Frank Morgner | 4512676795 | |
Frank Morgner | 26fac9592d | |
Raul Metsma | b9080c16d6 | |
Frank Morgner | aae9254018 | |
Raul Metsma | 578128e464 | |
Frank Morgner | 1325d5c333 | |
Raul Metsma | 85c5610d39 | |
Frank Morgner | 63e6683384 | |
Peter Popovec | f46b617397 | |
Frank Morgner | 8e614bfe6e | |
Jakub Jelen | 8d61d0d20d | |
Jakub Jelen | 1ef79e99f7 | |
Jakub Jelen | 60632100a0 | |
Jakub Jelen | 63031b2193 | |
Jakub Jelen | 544dcc6827 | |
Jakub Jelen | 2fa6700599 | |
Jakub Jelen | 45e262f537 | |
Jakub Jelen | b5f26051bb | |
Jakub Jelen | b8266a4c86 | |
Jakub Jelen | 0ce245a411 | |
Jakub Jelen | 56af7de137 | |
Jakub Jelen | c39e31b274 | |
Jakub Jelen | ae771a135f | |
Jakub Jelen | cb8c7647ca | |
Jakub Jelen | a020b85d94 | |
Jakub Jelen | 73e283b4b1 | |
Jakub Jelen | 64b61a7556 | |
Jakub Jelen | 9bd139d1e4 | |
Jakub Jelen | 8c4d325576 | |
Doug Engert | 0380142482 | |
Jakub Jelen | 091b7670eb | |
Jakub Jelen | 35cfc291ce | |
Jakub Jelen | 485b6cff44 | |
Jakub Jelen | 32ec1f92b9 | |
Jakub Jelen | e7d390f9dd | |
Jakub Jelen | a965829f52 | |
Jakub Jelen | 5d5c391793 | |
Jakub Jelen | 5178e74e1b | |
Jakub Jelen | 2fb688683e | |
Jakub Jelen | b351bf5ea4 | |
Jakub Jelen | caae75758c | |
Jakub Jelen | 80f80317d1 | |
Jakub Jelen | 095c28e372 | |
Jakub Jelen | 0455a5665e | |
Jakub Jelen | c78fa164c9 | |
Jakub Jelen | a30bf95eed | |
Jakub Jelen | a5a6757d10 | |
Jakub Jelen | e82f875047 | |
Jakub Jelen | 86e01d7c47 | |
Jakub Jelen | f726d4f201 | |
Frank Morgner | 5b42a62ec0 | |
Frank Morgner | fe6864c5f3 | |
Frank Morgner | c2670b0787 | |
Frank Morgner | 881dca94ef | |
Frank Morgner | d353a46d04 | |
Peter Popovec | 6738d456ac | |
Frank Morgner | 999874fb1c | |
Luka Logar | c80375eb4c | |
Frank Morgner | a322c95d35 | |
Jakub Jelen | 5f7c91e54f | |
Jakub Jelen | 46cfe89b3c | |
Jakub Jelen | a567ab9dca | |
Jakub Jelen | cee431a3ce | |
Jakub Jelen | ffed34663d | |
Jakub Jelen | 3b556ef618 | |
Jakub Jelen | 1dbe4b5a5b | |
Jakub Jelen | 2f232f217b | |
Jakub Jelen | ae1cf0be90 | |
Jakub Jelen | 1252aca9f1 | |
Jakub Jelen | 17d8980cde | |
Jakub Jelen | 9c91a4327e | |
Jakub Jelen | 7ba89daae6 | |
Jakub Jelen | 251c4f6b76 | |
alt3r 3go | 3044557299 | |
ihsinme | 6372adeb20 | |
ihsinme | 0a3d7a28a7 | |
Zhang Xiaohui | 49788678fe | |
Zhang Xiaohui | 1c4a01d766 | |
Vincent JARDIN | 66e5600b27 | |
Jakub Jelen | 8a6026abf5 | |
Jakub Jelen | da247384e7 | |
Jakub Jelen | 176b20f339 | |
Jakub Jelen | cb074c5fa0 | |
Jakub Jelen | 5633129bd8 | |
Jakub Jelen | 0d693f63cb | |
Doug Engert | b5ddaf6e02 | |
Doug Engert | f704e4f23e | |
Doug Engert | 1b4e9f1d4a | |
Doug Engert | d369965a7f | |
Jakub Jelen | e1c8361ff3 | |
Jakub Jelen | 44d429c3ad | |
Jakub Jelen | edaf921eb6 | |
Jakub Jelen | ac81764308 | |
Jakub Jelen | a6ed34bbb5 | |
Peter Popovec | 26adaf519c | |
Peter Popovec | a3ca7613cd | |
Doug Engert | 0b0deae4be | |
Doug Engert | 521d420c42 | |
Doug Engert | 285db1ef29 | |
Peter Popovec | 6049cb926c | |
Jakub Jelen | 5f16ffae84 | |
Jakub Jelen | 03cbf91be5 | |
Jakub Jelen | b820bdf5b3 | |
Jakub Jelen | 1db88374bb | |
Peter Popovec | ba85ae75e3 | |
Peter Popovec | ce7fa42958 | |
Frank Morgner | 7a090b994e | |
Jakub Jelen | 219c6cc494 | |
Jakub Jelen | 96ae693d5a | |
Jakub Jelen | db18a72c64 | |
Jakub Jelen | 7f9e8ba85c | |
Jakub Jelen | d224b2612d | |
Jakub Jelen | 03079a9413 | |
Jakub Jelen | 6e25924eb0 | |
Jakub Jelen | 224e265266 | |
Jakub Jelen | 8e71118cd4 | |
Jakub Jelen | 7f0166ab12 | |
Jakub Jelen | 95122abe2e | |
Jakub Jelen | 47151e9335 | |
Jakub Jelen | e58e7e1428 | |
Jakub Jelen | 23eb606d86 | |
Jakub Jelen | c7c689c74d | |
Jakub Jelen | 910020aeec | |
Jakub Jelen | 9cda87e200 | |
Jakub Jelen | d25009cde6 | |
Jakub Jelen | 3135fccdca | |
Jakub Jelen | 049b2a8754 | |
Jakub Jelen | 66f274dcaf | |
Jakub Jelen | b48696539d | |
Jakub Jelen | 88543529a2 | |
Jakub Jelen | f7b0ce3dac | |
Doug Engert | f443c391b0 | |
Carsten Blüggel | f8af905574 | |
Jakub Jelen | 1ae8b60425 | |
Jakub Jelen | 5df913b7f5 | |
Jakub Jelen | 69544553c3 | |
Jakub Jelen | 196bf9e574 | |
Peter Popovec | a089353e1f | |
Jakub Jelen | f015746d22 | |
Jakub Jelen | 78cdab949f | |
Jakub Jelen | 3ffe24cfb6 | |
Jakub Jelen | fb83cd0439 | |
Jakub Jelen | 61eb4e487e | |
Frank Morgner | 175c357c37 | |
Jakub Jelen | 85e08ae675 | |
rickyepoderi | 3ce249f365 | |
Frank Morgner | 98beb86a38 | |
Frank Morgner | 480da424a5 | |
Jakub Jelen | 0365c3ce6c | |
Jakub Jelen | 3d257410b2 | |
Jakub Jelen | 63bb85b050 | |
Jakub Jelen | 871e4f2ac6 | |
Jakub Jelen | 55a5556949 | |
Jakub Jelen | af2fb6938c | |
Jakub Jelen | 8a6708c163 | |
Jakub Jelen | d0e5d62bf5 | |
Jakub Jelen | 3eae6a031c | |
Jakub Jelen | 00ad8644e6 | |
Doug Engert | 483e153182 | |
Frank Morgner | 30180986a0 | |
Frank Morgner | e13294b085 | |
Frank Morgner | 0e55a3497c | |
Frank Morgner | 96a9fcd628 | |
Jakub Jelen | 412372b024 | |
Jakub Jelen | 65461e4eb5 | |
Jakub Jelen | 445c651549 | |
Jakub Jelen | c8b2e82713 | |
Jakub Jelen | 5eccebb4ee | |
Jakub Jelen | b5b1afe401 | |
Jakub Jelen | d3451faa21 | |
Frank Morgner | 4554d69119 | |
Frank Morgner | c4a75eb1c2 | |
Frank Morgner | 3bad4089fd | |
Frank Morgner | b145c2c30e | |
Frank Morgner | e05574d942 | |
Frank Morgner | 4d6ed77a4a | |
Zhang Xiaohui | c5508c5eae | |
Zhang Xiaohui | e8f27abd02 | |
Arya Senna | 4cc0d0c7c9 | |
Arya Senna | 64de4a5001 | |
Carsten Blüggel | 8098b7de61 | |
Frank Morgner | c621f39034 | |
Jakub Jelen | 704afd0e2d | |
Jakub Jelen | 42254ae792 | |
Jakub Jelen | 88f3d19479 | |
Doug Engert | ce28ea8162 | |
w00475903 | 26a404d6a5 | |
Zhang Xiaohui | 0dc3dcbc00 | |
w00475903 | 7551e14c58 | |
Frank Morgner | d0c44b9ddc | |
Frank Morgner | fca2ba9474 | |
Frank Morgner | 2f6ab4c1a2 | |
Jakub Jelen | b3501ff669 | |
Frank Morgner | 0b40d3b999 | |
Frank Morgner | 3ff059a74b | |
Jakub Jelen | 732ed77ad6 | |
Anton Logachev | 03396707f0 | |
Frank Morgner | 3ebfb01a3c | |
Alexander | 7296210224 | |
Alexander | d85610b29b | |
Conrado P. L. Gouvea | 40da5cace2 | |
rickyepoderi | 57a391f16c | |
Jakub Jelen | b577531720 | |
Jakub Jelen | 595926471b | |
Doug Engert | 6545cd26f4 | |
Taylor R Campbell | 5a369a8f31 | |
Jakub Jelen | 56acf7b445 | |
Jakub Jelen | 101e9c720d | |
Hans-Christoph Steiner | 410012f100 | |
Hans-Christoph Steiner | 644eae691d | |
glvnst | 16a0aeaa9a | |
Jakub Jelen | 8dd136ac24 | |
Jakub Jelen | 752c088e10 | |
Jakub Jelen | cf66cf1416 | |
Jakub Jelen | a626c63d91 | |
Jakub Jelen | c07d9ec103 | |
Jakub Jelen | 460a862ee0 | |
Jakub Jelen | 777a9e0386 | |
Jakub Jelen | 209d28a63f | |
Jakub Jelen | 238b783a0e | |
Jakub Jelen | 94d67bed81 | |
Jakub Jelen | d743a347d7 | |
Jakub Jelen | dce4ad1aa2 | |
Jakub Jelen | 71876042bd | |
Jakub Jelen | a1d35518dd | |
Jakub Jelen | 34a5a80870 | |
Zoltan Kelemen | 7c8c77cf1f | |
Raul Metsma | 57f37ffd8d | |
Ludovic Rousseau | 4e0fef0e27 | |
Peter Marschall | 16c889cf7d | |
Ludovic Rousseau | 8ada99b4d3 | |
Ludovic Rousseau | 17005c9f14 | |
Ludovic Rousseau | 3168f48503 | |
Ludovic Rousseau | e1353c0488 | |
Ludovic Rousseau | 7fc00a1178 | |
Ludovic Rousseau | a70b082a09 | |
Peter Marschall | 4dbfc77eba | |
Peter Marschall | 45e7039940 | |
Peter Marschall | d345c65a5d | |
Zoltan Kelemen | f0b157b8e7 | |
Zoltan Kelemen | 11adcfca99 | |
Zoltan Kelemen | 6e3e81a9f4 | |
Zoltan Kelemen | 48d939b057 | |
Zoltan Kelemen | aca0d08e29 | |
Peter Marschall | 376cc2d910 | |
Jakub Jelen | ad81126c07 | |
Jakub Jelen | cdbcb5b7db | |
Peter Marschall | 8963c35189 | |
Peter Marschall | 07e98b5193 | |
Frank Morgner | 978c912c70 | |
Frank Morgner | 6903aebfdd | |
Julian Strobl | 9ffb9bae63 | |
Zoltan Kelemen | 2b78374e37 | |
Zoltan Kelemen | 6f1df6454a | |
Zoltan Kelemen | 555cb73615 | |
Zoltan Kelemen | e80906d973 | |
Zoltan Kelemen | bad74e1ed6 | |
Zoltan Kelemen | 998284dd1c | |
Zoltan Kelemen | ba76bc0239 | |
Zoltan Kelemen | c903ddfce1 | |
Zoltan Kelemen | 163b69e6a7 | |
Zoltan Kelemen | 3331a7f134 | |
Zoltan Kelemen | 471468260e | |
Zoltan Kelemen | 79e81eeef0 | |
Zoltan Kelemen | 5ae488c1b9 | |
Zoltan Kelemen | d0b3e90431 | |
Zoltan Kelemen | 8c2d629f94 | |
Zoltan Kelemen | ca911e342c | |
Zoltan Kelemen | 19063932f0 | |
Zoltan Kelemen | 741ee73ec9 | |
Zoltan Kelemen | 7ed876c816 | |
Zoltan Kelemen | eb3e00a385 | |
Zoltan Kelemen | 80853bda31 | |
Zoltan Kelemen | afffeccc29 | |
Zoltan Kelemen | 1dc359cb61 | |
Jakub Jelen | b16a5cbee0 | |
Jakub Jelen | c82aa92687 | |
Jakub Jelen | 2d6de2510c | |
Jakub Jelen | 4c473fba29 | |
Jakub Jelen | 05dcde508b | |
Jakub Jelen | 5098cfdb40 | |
Jakub Jelen | 7cf8087351 | |
Jakub Jelen | c4d7bb1a7b | |
Jakub Jelen | 43379b3b22 | |
Jakub Jelen | 0cda376dba | |
Jakub Jelen | e759b17b66 | |
Jakub Jelen | 56f4c6c34a | |
Jakub Jelen | 3696331d5c | |
Jakub Jelen | fea08d749d | |
Jakub Jelen | 054cb08c90 | |
Jakub Jelen | 0defebfe05 | |
Jakub Jelen | 97ec23a2d9 | |
Raul Metsma | 7a29e6c047 | |
Jakub Jelen | c458d81723 | |
Zoltan Kelemen | 929717b505 | |
Zoltan Kelemen | bf30d64cf9 | |
René Liebscher | 223a0949e8 | |
René Liebscher | 4d96fbfed4 | |
Jakub Jelen | e63f054af9 | |
Jakub Jelen | 7ae74c524f | |
Jakub Jelen | 5e7d4fb8ba | |
Jakub Jelen | 0a34d11cb7 | |
Jakub Jelen | c3b9152a99 | |
Jakub Jelen | 57c895165f | |
Jakub Jelen | 62403eec34 | |
Jakub Jelen | 9dd3370673 | |
Jakub Jelen | a5f04188bc | |
Jakub Jelen | f49162af04 | |
Jakub Jelen | 71d1f69a3a | |
Jakub Jelen | e6848b6d88 | |
Jakub Jelen | fa719b301f | |
Jakub Jelen | d141b35596 | |
Jakub Jelen | 1819ca33d6 | |
Jakub Jelen | 53395f4075 | |
Jakub Jelen | 8940ed5d85 | |
Jakub Jelen | b418601942 | |
Frank Morgner | 36247d85b0 | |
Frank Morgner | 1c7b311289 | |
Frank Morgner | 8f6e5dc2b0 | |
Frank Morgner | 1bb2547abc | |
Luka Logar | fc296b5488 | |
Frank Morgner | 6a6b3e4b62 | |
Frank Morgner | 58b03b68dd | |
Luka Logar | a10b661f99 | |
Peter Marschall | ca5f5c8844 | |
Peter Marschall | 5714dbfa08 | |
Peter Marschall | f55c4e5c93 | |
Frank Morgner | 180c57fd15 | |
Frank Morgner | 0f0e0b2e30 | |
Frank Morgner | 9d294de90d | |
Frank Morgner | 55fd3db2b5 | |
Frank Morgner | 4bc03cb55d | |
Frank Morgner | 1125e37738 | |
Feitian Technologies | f334f3eabe | |
Frank Morgner | e98f6733d9 | |
Frank Morgner | 141a83029f | |
Frank Morgner | d756be1f48 | |
Frank Morgner | 2a1a952fe7 | |
Frank Morgner | ceb3448e06 | |
Jakub Jelen | 16456922e2 | |
Jakub Jelen | e8a2644435 | |
Jakub Jelen | 38474739b3 | |
Jakub Jelen | b02da8348b | |
Jakub Jelen | 741091b3c6 | |
Frank Morgner | 0a17188710 | |
Piotr Majkrzak | d4a9405bf4 | |
Frank Morgner | ed55fcd299 | |
Frank Morgner | 96a7eca99a | |
Frank Morgner | 4cb9788b99 | |
Frank Morgner | 7e1679b2db | |
Torin Carey | 93bed892a8 | |
Jakub Jelen | 57f538810e | |
Jakub Jelen | 8175df0e47 | |
Jakub Jelen | e1830ea6d2 | |
Jakub Jelen | 47a36efa7c | |
Jakub Jelen | 66bcce8a8d | |
Jakub Jelen | 687f52233e | |
Jakub Jelen | 3b3aecbf8c | |
Jakub Jelen | 27a819baa7 | |
Jakub Jelen | 19791f63d5 | |
Jakub Jelen | 787c32d195 | |
Frank Morgner | d8734baf83 | |
Doug Engert | 4ebb29ce4d | |
Frank Morgner | 4e9cec1a64 | |
Frank Morgner | a7d563b657 | |
Frank Morgner | 2495bbecf7 | |
Frank Morgner | e864aa6d76 | |
Frank Morgner | b08d33ceb6 | |
Frank Morgner | 0dcb910289 | |
Frank Morgner | 178c4a9eaa | |
Frank Morgner | e71b85867f | |
Jakub Jelen | 3af52cd1c6 | |
Frank Morgner | c1eda42099 | |
Frank Morgner | 7add7e9ded | |
Michael Weiser | a49a64ec79 | |
Doug Engert | db41cd9ab1 | |
Doug Engert | 8a5a1435f1 | |
Doug Engert | c03efeee40 | |
Doug Engert | 3f21dc57b7 | |
Doug Engert | f5fe292ae1 | |
Doug Engert | 52d5370c1e | |
Jakub Jelen | 797414be05 | |
Jakub Jelen | b091165595 | |
Jakub Jelen | 0a057a976d | |
Jakub Jelen | a1d53aa217 | |
Jakub Jelen | 3c7823d1f0 | |
Jakub Jelen | ddc049e37b | |
Jakub Jelen | ce659b2f7a | |
Jakub Jelen | d1457e9fa3 | |
Jakub Jelen | 295f399304 | |
Jakub Jelen | 71998501f2 | |
Jakub Jelen | 4c4237f8a3 | |
Jakub Jelen | 508f8a9fce | |
Jakub Jelen | 84ee2be122 | |
Jakub Jelen | 75be610ea0 | |
Jakub Jelen | 127c8d911f | |
Jakub Jelen | b76e08504a | |
Jakub Jelen | ed06787b5e | |
Jakub Jelen | be57a4bf0f | |
Frank Morgner | 1202eceeef | |
Frank Morgner | 7936bdef15 | |
Vladimir Panteleev | bb47c1a5d0 | |
James Bromwell | 0234e1bc14 | |
Frank Morgner | 3124d9f6fb | |
Frank Morgner | 843779fe6e | |
Frank Morgner | 5e79a2a4ab | |
alex-nitrokey | 27ea7cc6ac | |
Raul Metsma | 78a7c11d0d | |
Lars Silvén | 8257e0186d | |
Lars Silvén | a771450ab2 | |
Frank Morgner | f9b31e50dd | |
Frank Morgner | 2c26b7392d | |
Jakub Jelen | 7893d2860c | |
Jakub Jelen | 1ddef2cd15 | |
Raul Metsma | 5eff42e39e | |
Marcin Cieślak | 591ffad5dc | |
Marcin Cieślak | 768bd1dde7 | |
alex-nitrokey | 7ba89620bf | |
alex-nitrokey | 396aabcb7b | |
Frank Morgner | 7840804762 | |
Frank Morgner | d5ecafc334 | |
alex-nitrokey | f4d28a18b9 | |
alex-nitrokey | b2d082f4aa | |
alex-nitrokey | 1e7e6e11a4 | |
alex-nitrokey | 0ba44cbec6 | |
Alexander Paetzelt | e45712bd29 | |
Frank Morgner | dc29b0fe18 | |
Jakub Jelen | 6ed3939ae5 | |
Frank Morgner | b91cfa8cd7 | |
Frank Morgner | f1bcadfbe9 | |
Peter Marschall | d628022673 | |
Frank Morgner | 501311c4e3 | |
Frank Morgner | 267aea759c | |
Frank Morgner | d06f23e89b | |
Frank Morgner | 9681193ad5 | |
Frank Morgner | fe24707c00 | |
Frank Morgner | 2f5514a2d1 | |
Frank Morgner | 1e05e9aff0 | |
Frank Morgner | b89fbce9f2 | |
Raul Metsma | 7fb0696a29 | |
Frank Morgner | 8551e84d74 | |
Peter Marschall | 44c22b7820 | |
Peter Marschall | b2f86b3997 | |
Peter Marschall | 9b0983e96d | |
Peter Marschall | b9d4f0c7d8 | |
Peter Marschall | be152f78b4 | |
Peter Marschall | c2a8102615 | |
Peter Marschall | b77e0faadb | |
Peter Marschall | f1d46401cb | |
Peter Marschall | 968815e6ef | |
Peter Marschall | f556c275f7 | |
Peter Marschall | b6febc0c7a | |
Peter Marschall | 4abacbf5c1 | |
Peter Marschall | f20b646a97 | |
Peter Marschall | 78c79c0efb | |
Jakub Jelen | 88dce12181 | |
Jakub Jelen | e429fe03c5 | |
Jakub Jelen | 15b1e93b51 | |
Jakub Jelen | 5721961be2 | |
Jakub Jelen | 6638949513 | |
Jakub Jelen | 0a610319bd | |
Jakub Jelen | f301ec98b6 | |
Jakub Jelen | b8d9b840ee | |
Jakub Jelen | aeef29238e | |
Jakub Jelen | c3924859a9 | |
Jakub Jelen | 44bc324864 | |
Jakub Jelen | e3e461aad9 | |
Jakub Jelen | 2a88d82cad | |
Jakub Jelen | 7bfca52bab | |
Jakub Jelen | 677710c72b | |
Jakub Jelen | 7d3b82c204 | |
Jakub Jelen | a623226a87 | |
Jakub Jelen | 9c0a7adbfc | |
Jakub Jelen | d31ebe2fec | |
Jakub Jelen | c69add3b64 | |
Frank Morgner | dba0f56722 | |
Frank Morgner | 2a6bf1e577 | |
Frank Morgner | 7e7458edce | |
Doug Engert | 8d519ed3c4 | |
Doug Engert | 2e89f1634f | |
Frank Morgner | 649ee272ec | |
Frank Morgner | 14e396273c | |
Frank Morgner | 5b9af96851 | |
Frank Morgner | ce704f5eb1 | |
Frank Morgner | d54f346937 | |
Doug Engert | af40303fe8 | |
Frank Morgner | ad7eb834cf | |
Frank Morgner | c212776f45 | |
Frank Morgner | 906108bb69 | |
Frank Morgner | 261e0b6b0d | |
Frank Morgner | 6b1770e7ad | |
Frank Morgner | dca02dd9a0 | |
Peter Marschall | 21ee26b070 | |
Peter Marschall | 81ace3689d | |
Peter Marschall | 95cae64f83 | |
Frank Morgner | 70716be815 | |
Frank Morgner | 6a9241b532 | |
Frank Morgner | 8f4a6c703b | |
Frank Morgner | 31d8c2dfd1 | |
Peter Marschall | cd5c91b8ef | |
Frank Morgner | e0b27af205 | |
Frank Morgner | 6c855c561c | |
Frank Morgner | 0d82c95a02 | |
Jakub Jelen | 5450f61681 | |
Frank Morgner | 1fb1341389 | |
Frank Morgner | a0e1bf7ae5 | |
Frank Morgner | ea2991ea69 | |
Frank Morgner | 2493c5de07 | |
Frank Morgner | d7e02d3bf5 | |
Peter Marschall | 8e466ad568 | |
Charlène | 2f7d0cf20f | |
Jakub Jelen | 34dad7f543 | |
Jakub Jelen | 63435adc68 | |
Jakub Jelen | 2a0f53dd4f | |
Jakub Jelen | 09531d720a | |
Frank Morgner | e9308a2011 | |
Frank Morgner | f1044f3645 | |
Frank Morgner | c339136c73 | |
Frank Morgner | 723176d62f | |
Frank Morgner | 3687f71bf7 | |
Frank Morgner | 5475dbcb3c | |
Frank Morgner | 3dede423e6 | |
Frank Morgner | 8db1cbe35f | |
Frank Morgner | 40b3aeb626 | |
Frank Morgner | d138522e33 | |
Frank Morgner | 094aa68632 | |
Frank Morgner | 72836fa3cb | |
Doug Engert | 0fd77d642c | |
Doug Engert | 111246f1d2 | |
Doug Engert | 348551c920 | |
Frank Morgner | 0cd19b59e1 | |
Frank Morgner | 7e0465370f | |
Frank Morgner | 8d4af9eb0b | |
Lewis Porter | 723129bc12 | |
Frank Morgner | 45a77ab88d | |
Frank Morgner | 70baccbe95 | |
Frank Morgner | ad8b9f5034 | |
Frank Morgner | 167c03fde4 | |
Frank Morgner | 1f9b3f3538 | |
Frank Morgner | 91af2c7513 | |
Frank Morgner | 230e2f9a60 | |
Frank Morgner | 14aaa64d3e | |
Frank Morgner | a501c0d185 | |
Frank Morgner | b119781b02 | |
Raul Metsma | 092370f8a5 | |
Peter Marschall | 5d576f4b31 | |
Peter Marschall | 471df32faa | |
Peter Marschall | 7d3e4b0878 | |
Peter Marschall | cd4dc5a9e7 | |
Peter Marschall | 7ef40cdc17 | |
Peter Marschall | a9873b87dd | |
Liam Dawson | 713396116d | |
Frank Morgner | 0ae3441949 | |
Frank Morgner | 61c20cf83d | |
Jakub Jelen | 4ef7ed9ffd | |
Jakub Jelen | a487e9595e | |
Jakub Jelen | 889815629b | |
Frank Morgner | b7690a45d7 | |
Frank Morgner | ee1c8073c2 | |
Frank Morgner | 5c55546685 | |
Peter Marschall | 6b295e4207 | |
Peter Marschall | a0adbc9ef2 | |
Peter Marschall | 58ecb4aba2 | |
Peter Marschall | 04f4f589a1 | |
Peter Marschall | 5514a0529f | |
Peter Marschall | a10368769c | |
Peter Marschall | 30fdc7de4a | |
Peter Marschall | 94288b438e | |
Peter Marschall | 5da40bf027 | |
Peter Marschall | a40cde2d04 | |
Jakub Jelen | a46b24bacd | |
Jakub Jelen | 1ed9c7483d | |
Jakub Jelen | c8e40a19db | |
Jakub Jelen | 3b40018f4d | |
Jakub Jelen | 60e7b49027 | |
Jakub Jelen | b52e6db353 | |
Jakub Jelen | 0fe341c34e | |
Jakub Jelen | 23fcccecf4 | |
Jakub Jelen | 1742dfc045 | |
Jakub Jelen | d1db793211 | |
Jakub Jelen | a1b5feea96 | |
Jakub Jelen | 82ba7f311f | |
Jakub Jelen | 900cf7aca9 | |
Jakub Jelen | cae3b71d75 | |
Jakub Jelen | 4fd34e28ea | |
Jakub Jelen | 8fd5ffd54e | |
Jakub Jelen | b0d3a70b91 | |
Jakub Jelen | a4cd265e7c | |
Jakub Jelen | 90aaa9e083 | |
Jakub Jelen | 586f0a3e42 | |
Jakub Jelen | 9a6cf6af3e | |
Jakub Jelen | e8af4fc167 | |
Jakub Jelen | 8ddfafe057 | |
Jakub Jelen | 3af6d7999e | |
Jakub Jelen | 2c913155a2 | |
Jakub Jelen | 37c8c46623 | |
Jakub Jelen | 1e2b0fe45f | |
Jakub Jelen | 71e45bb5a7 | |
Jakub Jelen | aaa302ca35 | |
Jakub Jelen | fefff2e462 | |
Jakub Jelen | 4569009418 | |
Jakub Jelen | 89ed273e81 | |
Jakub Jelen | 4faf517af4 | |
Jakub Jelen | c449aa4430 | |
Jakub Jelen | d3e9b55223 | |
Jakub Jelen | 1271299955 | |
Jakub Jelen | 611d1cea4c | |
Jakub Jelen | c1814571bd | |
Jakub Jelen | 8d49e4a305 | |
Jakub Jelen | 61af2c1d0a | |
Jakub Jelen | 7971bfded3 | |
Jakub Jelen | 19501715d7 | |
Jakub Jelen | b6b9a886f9 | |
Jakub Jelen | 8e6d2e251d | |
Jakub Jelen | 8e8c3735bc | |
Jakub Jelen | bebb5be6e0 | |
Jakub Jelen | 3537cbbc78 | |
Jakub Jelen | fe8f6297f0 | |
Jakub Jelen | 5017768e5b | |
Jakub Jelen | 2c9510af1e | |
Jakub Jelen | fdcc843e78 | |
Jakub Jelen | 48e3239857 | |
Jakub Jelen | 9db15089b8 | |
Jakub Jelen | f61d9b3b53 | |
Jakub Jelen | 3a3a465e6b | |
Jakub Jelen | 40c41cee0c | |
Jakub Jelen | 2882c93ec1 | |
Jakub Jelen | 5e1bfe0acc | |
Frank Morgner | fe44567d2b | |
Peter Marschall | 4d2b860c7f | |
Peter Marschall | 31b8c7a404 | |
alex-nitrokey | 3af3d0ecee | |
carblue | f14043aad6 | |
carblue | c1fb5b130e | |
carblue | 5dd9fcb25c | |
carblue | 4ad55997e0 | |
Frank Morgner | cfd5519b98 | |
Frank Morgner | 31169afb72 | |
Priit Laes | 0b4b7fbaf0 | |
Priit Laes | 295cf100a8 | |
Julian Strobl | 6b84407c3d | |
Frank Morgner | 45e29056cc | |
Frank Morgner | a2b133ef4f | |
Khem Raj | 05e3f7b667 | |
Julian Strobl | e9aa163fe5 | |
Julian Strobl | 81940e123b | |
Julian Strobl | 9eed40ea31 | |
Frank Morgner | 1cc6087126 | |
Benjamin DELPY | b59456b6e4 | |
Julian Strobl | 187d908feb | |
Julian Strobl | 55b7a6fefd | |
Frank Morgner | 333c41c5d5 | |
Jakub Jelen | af42a93874 | |
Jakub Jelen | ee78b0b805 | |
Jakub Jelen | 708cedbdad | |
alex-nitrokey | c695a4e35f | |
alex-nitrokey | 606fae5a8e | |
alex-nitrokey | ca5b3977d8 | |
alex-nitrokey | 8eb5673058 |
|
@ -0,0 +1,3 @@
|
|||
BasedOnStyle: Google
|
||||
IndentWidth: 4
|
||||
|
|
@ -1,7 +1,9 @@
|
|||
### Problem Description
|
||||
|
||||
<!--
|
||||
Please read about [reporting bugs](https://github.com/OpenSC/OpenSC/wiki/How-to-report-bugs-so-that-they-can-be-fixed) before opening an issue.
|
||||
Please read about reporting bugs on the wiki before opening an issue:
|
||||
|
||||
https://github.com/OpenSC/OpenSC/wiki/How-to-write-a-good-bug-report
|
||||
-->
|
||||
|
||||
### Proposed Resolution
|
||||
|
@ -21,7 +23,7 @@ Debug output is essential to identify the problem. You can enable debugging by e
|
|||
#debug_file = opensc-debug.log
|
||||
```
|
||||
|
||||
Please use [Gist](https://gist.github.com/) or a similar code paster for longer logs. Before pasting here, remove your sensitive data from your log (e.g. PIN code or certificates).
|
||||
Please use a Gist (https://gist.github.com/) or a similar code paster for longer logs. Before pasting here, remove your sensitive data from your log (e.g. PIN code or certificates).
|
||||
|
||||
```
|
||||
Paste Log output with less than 10 lines here (between the backticks)
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex -o xtrace
|
||||
|
||||
pushd .github/
|
||||
tar xvf secrets.tar
|
||||
KEY_CHAIN=mac-build.keychain
|
||||
|
||||
# Create the keychain with a password
|
||||
security create-keychain -p travis $KEY_CHAIN
|
||||
|
||||
# Make the custom keychain default, so xcodebuild will use it for signing
|
||||
security default-keychain -s $KEY_CHAIN
|
||||
|
||||
# Unlock the keychain for one hour
|
||||
security unlock-keychain -p travis $KEY_CHAIN
|
||||
security set-keychain-settings -t 3600 -u $KEY_CHAIN
|
||||
|
||||
# Add certificates to keychain and allow codesign to access them
|
||||
curl -L https://developer.apple.com/certificationauthority/AppleWWDRCA.cer > AppleWWDRCA.cer
|
||||
security import AppleWWDRCA.cer \
|
||||
-k ~/Library/Keychains/$KEY_CHAIN \
|
||||
-T /usr/bin/codesign -T /usr/bin/productsign
|
||||
security import DeveloperIDApplication.cer \
|
||||
-k ~/Library/Keychains/$KEY_CHAIN \
|
||||
-T /usr/bin/codesign -T /usr/bin/productsign
|
||||
security import DeveloperIDInstaller.cer \
|
||||
-k ~/Library/Keychains/$KEY_CHAIN \
|
||||
-T /usr/bin/codesign -T /usr/bin/productsign
|
||||
security import key.p12 \
|
||||
-k ~/Library/Keychains/$KEY_CHAIN -P $KEY_PASSWORD \
|
||||
-T /usr/bin/codesign -T /usr/bin/productsign
|
||||
security unlock-keychain -p travis $KEY_CHAIN
|
||||
|
||||
# https://docs.travis-ci.com/user/common-build-problems/#mac-macos-sierra-1012-code-signing-errors
|
||||
security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
|
||||
popd
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig;
|
||||
|
||||
if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
|
||||
PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
|
||||
if [ "$GITHUB_BASE_REF" == "master" ]; then
|
||||
./bootstrap.ci -s "-pr$PR_NUMBER"
|
||||
else
|
||||
./bootstrap.ci -s "$GITHUB_BASE_REF-pr$PR_NUMBER"
|
||||
fi
|
||||
else
|
||||
BRANCH=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
|
||||
if [ "$BRANCH" == "master" ]; then
|
||||
./bootstrap
|
||||
else
|
||||
./bootstrap.ci -s "$BRANCH"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$RUNNER_OS" == "macOS" ]; then
|
||||
./MacOSX/build
|
||||
exit $?
|
||||
fi
|
||||
|
||||
if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
|
||||
if [ "$1" == "mingw" ]; then
|
||||
HOST=x86_64-w64-mingw32
|
||||
elif [ "$1" == "mingw32" ]; then
|
||||
HOST=i686-w64-mingw32
|
||||
fi
|
||||
unset CC
|
||||
unset CXX
|
||||
./configure --host=$HOST --with-completiondir=/tmp --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=$PWD/win32/opensc || cat config.log;
|
||||
make -j 2
|
||||
# no point in running tests on mingw
|
||||
else
|
||||
# normal procedure
|
||||
./configure --disable-dependency-tracking
|
||||
make -j 2
|
||||
make check
|
||||
fi
|
||||
|
||||
# this is broken in old ubuntu
|
||||
if [ "$1" == "dist" ]; then
|
||||
make distcheck
|
||||
make dist
|
||||
fi
|
||||
|
||||
sudo make install
|
||||
if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
|
||||
# pack installed files
|
||||
wine "C:/Program Files/Inno Setup 5/ISCC.exe" win32/OpenSC.iss
|
||||
fi
|
|
@ -6,15 +6,22 @@ BUILDPATH=${PWD}
|
|||
BRANCH="`git log --max-count=1 --date=short --abbrev=8 --pretty=format:"%cd_%h"`"
|
||||
|
||||
git clone --single-branch https://${GH_TOKEN}@github.com/OpenSC/Nightly.git > /dev/null 2>&1
|
||||
cd Nightly
|
||||
pushd Nightly
|
||||
git checkout -b "${BRANCH}"
|
||||
|
||||
for file in ${BUILDPATH}/win32/Output/OpenSC*.exe ${BUILDPATH}/opensc*.tar.gz ${BUILDPATH}/OpenSC*.dmg ${BUILDPATH}/OpenSC*.msi ${BUILDPATH}/OpenSC*.zip ${BUILDPATH}/*.pkg
|
||||
for file in ${BUILDPATH}/win32/Output/OpenSC*.exe ${BUILDPATH}/opensc*.tar.gz ${BUILDPATH}/OpenSC*.dmg ${BUILDPATH}/OpenSC*.msi ${BUILDPATH}/OpenSC*.zip
|
||||
do
|
||||
if [ -f ${file} ]
|
||||
then
|
||||
cp ${file} .
|
||||
git add `basename ${file}`
|
||||
# github only allows a maximum file size of 50MB
|
||||
MAX_MB_FILESIZE=50
|
||||
if [ $(du -m "$file" | cut -f 1) -ge $MAX_MB_FILESIZE ]
|
||||
then
|
||||
split -b ${MAX_MB_FILESIZE}m ${file} `basename ${file}`.
|
||||
else
|
||||
cp ${file} .
|
||||
fi
|
||||
git add `basename ${file}`*
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -23,6 +30,7 @@ i=0
|
|||
while [ $i -le 10 ] && ! git push --quiet --set-upstream origin "${BRANCH}"
|
||||
do
|
||||
sleep $[ ( $RANDOM % 32 ) + 1 ]s
|
||||
git pull --rebase origin "${BRANCH}"
|
||||
git pull --rebase origin --strategy-option ours "${BRANCH}"
|
||||
i=$(( $i + 1 ))
|
||||
done
|
||||
popd
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex -o xtrace
|
||||
|
||||
pushd .github/
|
||||
security delete-keychain mac-build.keychain
|
||||
rm -f DeveloperIDApplication.cer DeveloperIDInstaller.cer key.p12
|
||||
popd
|
Binary file not shown.
|
@ -0,0 +1,24 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# Select the right java
|
||||
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
|
||||
sudo update-alternatives --get-selections | grep ^java
|
||||
export PATH="/usr/lib/jvm/java-8-openjdk-amd64/bin/:$PATH"
|
||||
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
|
||||
env | grep -i openjdk
|
||||
|
||||
# VSmartcard
|
||||
./.github/setup-vsmartcard.sh
|
||||
|
||||
# Javacard SDKs
|
||||
git clone https://github.com/martinpaljak/oracle_javacard_sdks.git
|
||||
export JC_HOME=$PWD/oracle_javacard_sdks/jc222_kit
|
||||
export JC_CLASSIC_HOME=$PWD/oracle_javacard_sdks/jc305u3_kit
|
||||
|
||||
# jCardSim
|
||||
git clone https://github.com/arekinath/jcardsim.git
|
||||
pushd jcardsim
|
||||
env | grep -i openjdk
|
||||
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
|
||||
mvn initialize && mvn clean install
|
||||
popd
|
|
@ -0,0 +1,42 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
DEPS="docbook-xsl libpcsclite-dev xsltproc gengetopt libcmocka-dev help2man pcscd check softhsm2 pcsc-tools libtool make autoconf autoconf-archive automake libssl-dev zlib1g-dev pkg-config libreadline-dev openssl git"
|
||||
|
||||
if [ "$1" == "clang-tidy" ]; then
|
||||
DEPS="$DEPS clang-tidy"
|
||||
elif [ "$1" == "cac" ]; then
|
||||
DEPS="$DEPS libglib2.0-dev libnss3-dev gnutls-bin libusb-dev libudev-dev flex libnss3-tools"
|
||||
elif [ "$1" == "oseid" ]; then
|
||||
DEPS="$DEPS socat gawk xxd"
|
||||
elif [ "$1" == "piv" -o "$1" == "isoapplet" -o "$1" == "gidsapplet" -o "$1" == "openpgp" ]; then
|
||||
if [ "$1" == "piv" ]; then
|
||||
DEPS="$DEPS cmake"
|
||||
fi
|
||||
DEPS="$DEPS ant openjdk-8-jdk"
|
||||
elif [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
|
||||
DEPS="$DEPS wine wine32 xvfb wget"
|
||||
sudo dpkg --add-architecture i386
|
||||
if [ "$1" == "mingw" ]; then
|
||||
DEPS="$DEPS binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64 mingw-w64"
|
||||
elif [ "$1" == "mingw32" ]; then
|
||||
DEPS="$DEPS binutils-mingw-w64-i686 gcc-mingw-w64-i686"
|
||||
fi
|
||||
fi
|
||||
|
||||
# make sure we do not get prompts
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential $DEPS
|
||||
|
||||
if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then
|
||||
if [ ! -f "$(winepath 'C:/Program Files/Inno Setup 5/ISCC.exe')" ]; then
|
||||
/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16
|
||||
export DISPLAY=:99.0
|
||||
[ -d isetup ] || mkdir isetup
|
||||
pushd isetup
|
||||
[ -f isetup-5.5.6.exe ] || wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe
|
||||
sleep 5 # make sure the X server is ready ?
|
||||
wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART
|
||||
popd
|
||||
fi
|
||||
fi
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
brew install automake
|
||||
|
||||
# gengetopt
|
||||
curl https://ftp.gnu.org/gnu/gengetopt/gengetopt-2.23.tar.xz -L --output gengetopt-2.23.tar.xz
|
||||
tar xfj gengetopt-2.23.tar.xz
|
||||
pushd gengetopt-2.23
|
||||
./configure && make
|
||||
sudo make install
|
||||
popd
|
||||
|
||||
# help2man
|
||||
curl https://ftp.gnu.org/gnu/help2man/help2man-1.47.16.tar.xz -L --output help2man-1.47.16.tar.xz
|
||||
tar xjf help2man-1.47.16.tar.xz
|
||||
pushd help2man-1.47.16
|
||||
./configure && make
|
||||
sudo make install
|
||||
popd
|
||||
|
||||
# openSCToken
|
||||
export PATH="/usr/local/opt/ccache/libexec:$PATH"
|
||||
git clone https://github.com/frankmorgner/OpenSCToken.git
|
||||
sudo rm -rf /Library/Developer/CommandLineTools;
|
||||
|
||||
# TODO make the encrypted key working in github
|
||||
if [ "$GITHUB_EVENT_NAME" == "pull_request" -a -n "$encrypted_3b9f0b9d36d1_key" ]; then
|
||||
openssl aes-256-cbc -K $encrypted_3b9f0b9d36d1_key -iv $encrypted_3b9f0b9d36d1_iv -in .github/secrets.tar.enc -out .github/secrets.tar -d;
|
||||
.github/add_signing_key.sh;
|
||||
else
|
||||
unset CODE_SIGN_IDENTITY INSTALLER_SIGN_IDENTITY;
|
||||
fi
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ! -d "vsmartcard" ]; then
|
||||
git clone https://github.com/frankmorgner/vsmartcard.git
|
||||
fi
|
||||
pushd vsmartcard/virtualsmartcard
|
||||
autoreconf -vis && ./configure && make -j2 && sudo make install
|
||||
popd
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
# VSmartcard
|
||||
./.github/setup-vsmartcard.sh
|
||||
|
||||
# libcacard
|
||||
if [ ! -d "libcacard" ]; then
|
||||
git clone https://gitlab.freedesktop.org/spice/libcacard.git
|
||||
fi
|
||||
pushd libcacard
|
||||
./autogen.sh --prefix=/usr && make -j2 && sudo make install
|
||||
popd
|
||||
|
||||
# virt_cacard
|
||||
if [ ! -d "virt_cacard" ]; then
|
||||
git clone https://github.com/Jakuje/virt_cacard.git
|
||||
fi
|
||||
pushd virt_cacard
|
||||
./autogen.sh && ./configure && make
|
||||
popd
|
||||
|
||||
sudo /etc/init.d/pcscd restart
|
||||
|
||||
pushd src/tests/p11test/
|
||||
./p11test -s 0 -p 12345678 -i -o virt_cacard.json &
|
||||
sleep 5
|
||||
popd
|
||||
|
||||
# virt_cacard startup
|
||||
pushd virt_cacard
|
||||
./setup-softhsm2.sh
|
||||
export SOFTHSM2_CONF=$PWD/softhsm2.conf
|
||||
./virt_cacard &
|
||||
wait $(ps aux | grep '[p]11test'| awk '{print $2}')
|
||||
kill -9 $(ps aux | grep '[v]irt_cacard'| awk '{print $2}')
|
||||
popd
|
||||
|
||||
# cleanup -- this would break later uses of pcscd
|
||||
pushd vsmartcard/virtualsmartcard
|
||||
sudo make uninstall
|
||||
popd
|
||||
|
||||
diff -u3 src/tests/p11test/virt_cacard{_ref,}.json
|
|
@ -0,0 +1,36 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
# setup java stuff
|
||||
. .github/setup-java.sh
|
||||
|
||||
# GidsApplet
|
||||
git clone https://github.com/vletoux/GidsApplet.git;
|
||||
javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar GidsApplet/src/com/mysmartlogon/gidsApplet/*.java;
|
||||
echo "com.licel.jcardsim.card.applet.0.AID=A000000397425446590201" > gids_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.applet.0.Class=com.mysmartlogon.gidsApplet.GidsApplet" >> gids_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.ATR=3B80800101" >> gids_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> gids_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.port=35963" >> gids_jcardsim.cfg;
|
||||
|
||||
# log errors from pcscd to console
|
||||
sudo systemctl stop pcscd.service pcscd.socket
|
||||
sudo /usr/sbin/pcscd -f &
|
||||
PCSCD_PID=$!
|
||||
|
||||
|
||||
# start the applet and run couple of commands against that
|
||||
java -noverify -cp GidsApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard gids_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b80000190bA0000003974254465902010bA00000039742544659020100;
|
||||
opensc-tool -n;
|
||||
gids-tool --initialize --pin 123456 --admin-key 000000000000000000000000000000000000000000000000 --serial 00000000000000000000000000000000;
|
||||
kill -9 $PID
|
||||
|
||||
|
||||
# cleanup
|
||||
sudo kill -9 $PCSCD_PID
|
|
@ -0,0 +1,41 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
# setup java stuff
|
||||
./.github/setup-java.sh
|
||||
|
||||
# The ISO applet
|
||||
git clone https://github.com/philipWendland/IsoApplet.git;
|
||||
javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar IsoApplet/src/net/pwendland/javacard/pki/isoapplet/*.java;
|
||||
echo "com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001" > isoapplet_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.applet.0.Class=net.pwendland.javacard.pki.isoapplet.IsoApplet" >> isoapplet_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.ATR=3B80800101" >> isoapplet_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> isoapplet_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.port=35963" >> isoapplet_jcardsim.cfg;
|
||||
|
||||
# log errors from pcscd to console
|
||||
sudo systemctl stop pcscd.service pcscd.socket
|
||||
sudo /usr/sbin/pcscd -f &
|
||||
PCSCD_PID=$!
|
||||
|
||||
# start the applet and run couple of commands against that
|
||||
java -noverify -cp IsoApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard isoapplet_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b800001a0cf276a288bcfba69d34f310010cf276a288bcfba69d34f3100100;
|
||||
opensc-tool -n;
|
||||
pkcs15-init --create-pkcs15 --so-pin 123456 --so-puk 0123456789abcdef;
|
||||
pkcs15-tool --change-pin --pin 123456 --new-pin 654321;
|
||||
pkcs15-tool --unblock-pin --puk 0123456789abcdef --new-pin 123456;
|
||||
pkcs15-init --generate-key rsa/2048 --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456;
|
||||
pkcs15-init --generate-key rsa/2048 --id 2 --key-usage decrypt --auth-id FF --pin 123456;
|
||||
pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign --auth-id FF --pin 123456;
|
||||
pkcs15-tool -D;
|
||||
pkcs11-tool -l -t -p 123456;
|
||||
kill -9 $PID;
|
||||
|
||||
# cleanup
|
||||
sudo kill -9 $PCSCD_PID
|
|
@ -0,0 +1,40 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
# setup java stuff
|
||||
. .github/setup-java.sh
|
||||
|
||||
# The OpenPGP applet
|
||||
git clone --recursive https://github.com/Yubico/ykneo-openpgp.git;
|
||||
cd ykneo-openpgp;
|
||||
ant -DJAVACARD_HOME=${JC_HOME};
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
echo "com.licel.jcardsim.card.applet.0.AID=D2760001240102000000000000010000" > openpgp_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.applet.0.Class=openpgpcard.OpenPGPApplet" >> openpgp_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.card.ATR=3B80800101" >> openpgp_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> openpgp_jcardsim.cfg;
|
||||
echo "com.licel.jcardsim.vsmartcard.port=35963" >> openpgp_jcardsim.cfg;
|
||||
|
||||
# log errors from pcscd to console
|
||||
sudo systemctl stop pcscd.service pcscd.socket
|
||||
sudo /usr/sbin/pcscd -f &
|
||||
PCSCD_PID=$!
|
||||
|
||||
|
||||
# start the applet and run couple of commands against that
|
||||
java -noverify -cp ykneo-openpgp/applet/bin:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard openpgp_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b800002210D276000124010200000000000001000010D276000124010200000000000001000000;
|
||||
opensc-tool -n;
|
||||
openpgp-tool --verify CHV3 --pin 12345678 --gen-key 2;
|
||||
pkcs15-init --verify --auth-id 3 --pin 12345678 --delete-objects privkey,pubkey --id 2 --generate-key rsa/2048;
|
||||
pkcs11-tool -l -t -p 123456;
|
||||
kill -9 $PID
|
||||
|
||||
|
||||
# cleanup
|
||||
sudo kill -9 $PCSCD_PID
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
if [ ! -d oseid ]; then
|
||||
git clone https://github.com/popovec/oseid
|
||||
fi
|
||||
pushd oseid/src/
|
||||
make -f Makefile.console
|
||||
if [ ! -d tmp ]; then
|
||||
mkdir tmp
|
||||
fi
|
||||
socat -d -d pty,link=tmp/OsEIDsim.socket,raw,echo=0 "exec:build/console/console ...,pty,raw,echo=0" &
|
||||
PID=$!
|
||||
sleep 1
|
||||
echo "# OsEIDsim" > tmp/reader.conf
|
||||
echo 'FRIENDLYNAME "OsEIDsim"' >> tmp/reader.conf
|
||||
echo "DEVICENAME $PWD/tmp/OsEIDsim.socket" >> tmp/reader.conf
|
||||
echo "LIBPATH $PWD/build/console/libOsEIDsim.so.0.0.1" >> tmp/reader.conf
|
||||
echo "CHANNELID 1" >> tmp/reader.conf
|
||||
sudo mv tmp/reader.conf /etc/reader.conf.d/reader.conf
|
||||
cat /etc/reader.conf.d/reader.conf
|
||||
popd
|
||||
|
||||
sudo /etc/init.d/pcscd restart
|
||||
|
||||
# Needed for tput to not report warnings
|
||||
export TERM=xterm-256color
|
||||
|
||||
pushd oseid/tools
|
||||
echo | ./OsEID-tool INIT
|
||||
./OsEID-tool RSA-CREATE-KEYS
|
||||
./OsEID-tool RSA-UPLOAD-KEYS
|
||||
./OsEID-tool RSA-DECRYPT-TEST
|
||||
./OsEID-tool RSA-SIGN-PKCS11-TEST
|
||||
./OsEID-tool EC-CREATE-KEYS
|
||||
./OsEID-tool EC-UPLOAD-KEYS
|
||||
./OsEID-tool EC-SIGN-TEST
|
||||
./OsEID-tool EC-SIGN-PKCS11-TEST
|
||||
./OsEID-tool EC-ECDH-TEST
|
||||
popd
|
||||
|
||||
# this does not work as we have random key IDs in here
|
||||
#pushd src/tests/p11test/
|
||||
#./p11test -s 0 -p 11111111 -o oseid.json || true
|
||||
#diff -u3 oseid_ref.json oseid.json
|
||||
#popd
|
||||
|
||||
# cleanup -- this would break later uses of pcscd
|
||||
kill -9 $PID
|
||||
rm oseid/src/card_mem
|
||||
sudo rm /etc/reader.conf.d/reader.conf
|
|
@ -0,0 +1,45 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# install the opensc
|
||||
sudo make install
|
||||
export LD_LIBRARY_PATH=/usr/local/lib
|
||||
|
||||
# setup java stuff
|
||||
. .github/setup-java.sh
|
||||
|
||||
# The PIV Applet
|
||||
git clone --recursive https://github.com/arekinath/PivApplet.git
|
||||
pushd PivApplet
|
||||
JC_HOME=${JC_CLASSIC_HOME} ant dist
|
||||
popd
|
||||
|
||||
# yubico-piv-tool is needed for PIV Applet management
|
||||
git clone https://github.com/Yubico/yubico-piv-tool.git
|
||||
pushd yubico-piv-tool
|
||||
mkdir build
|
||||
pushd build
|
||||
cmake .. && make && sudo make install
|
||||
popd
|
||||
popd
|
||||
|
||||
|
||||
# log errors from pcscd to console
|
||||
sudo systemctl stop pcscd.service pcscd.socket
|
||||
sudo /usr/sbin/pcscd -f &
|
||||
PCSCD_PID=$!
|
||||
|
||||
|
||||
# start the applet and run couple of commands against that
|
||||
java -noverify -cp PivApplet/bin/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard PivApplet/test/jcardsim.cfg >/dev/null &
|
||||
PID=$!
|
||||
sleep 5
|
||||
opensc-tool --card-driver default --send-apdu 80b80000120ba000000308000010000100050000020F0F7f
|
||||
opensc-tool -n
|
||||
yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048
|
||||
yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256
|
||||
pkcs11-tool -l -t -p 123456
|
||||
kill -9 $PID
|
||||
|
||||
|
||||
# cleanup
|
||||
sudo kill -9 $PCSCD_PID
|
|
@ -0,0 +1,28 @@
|
|||
name: CIFuzz
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.c'
|
||||
- '**.h'
|
||||
jobs:
|
||||
Fuzzing:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Build Fuzzers
|
||||
id: build
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'opensc'
|
||||
dry-run: false
|
||||
- name: Run Fuzzers
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'opensc'
|
||||
fuzz-seconds: 600
|
||||
dry-run: false
|
||||
- name: Upload Crash
|
||||
uses: actions/upload-artifact@v1
|
||||
if: failure() && steps.build.outcome == 'success'
|
||||
with:
|
||||
name: artifacts
|
||||
path: ./out/artifacts
|
|
@ -0,0 +1,176 @@
|
|||
name: Linux
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.c'
|
||||
- '**.h'
|
||||
push:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: .github/setup-linux.sh
|
||||
- run: .github/build.sh dist
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-${{ github.sha }}
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: opensc-build
|
||||
path:
|
||||
opensc*.tar.gz
|
||||
|
||||
build-ubuntu-18:
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: .github/setup-linux.sh
|
||||
- run: .github/build.sh
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-18-${{ github.sha }}
|
||||
|
||||
build-mingw:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: .github/setup-linux.sh mingw
|
||||
- run: .github/build.sh mingw
|
||||
- name: Cache build artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: opensc-build-mingw
|
||||
path:
|
||||
win32/Output/OpenSC*.exe
|
||||
|
||||
build-mingw32:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: .github/setup-linux.sh mingw32
|
||||
- run: .github/build.sh mingw32
|
||||
- name: Cache build artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: opensc-build-mingw32
|
||||
path:
|
||||
win32/Output/OpenSC*.exe
|
||||
|
||||
test-piv:
|
||||
runs-on: ubuntu-18.04
|
||||
needs: [build-ubuntu-18]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-18-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh piv
|
||||
- run: .github/test-piv.sh
|
||||
|
||||
test-isoapplet:
|
||||
runs-on: ubuntu-18.04
|
||||
needs: [build-ubuntu-18]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-18-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh isoapplet
|
||||
- run: .github/test-isoapplet.sh
|
||||
|
||||
test-gidsapplet:
|
||||
runs-on: ubuntu-18.04
|
||||
needs: [build-ubuntu-18]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-18-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh gidsapplet
|
||||
- run: .github/test-gidsapplet.sh
|
||||
|
||||
test-openpgp:
|
||||
runs-on: ubuntu-18.04
|
||||
needs: [build-ubuntu-18]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-18-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh openpgp
|
||||
# the openpgp sometimes fails
|
||||
- run: .github/test-openpgp.sh || true
|
||||
|
||||
build-clang-tidy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh clang-tidy
|
||||
- run: .github/build.sh
|
||||
|
||||
test-cac:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh cac
|
||||
- run: .github/test-cac.sh
|
||||
|
||||
test-oseid:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-${{ github.sha }}
|
||||
- run: .github/setup-linux.sh oseid
|
||||
- run: .github/test-oseid.sh
|
||||
|
||||
push-artifacts:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build, build-mingw]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
id: cache-build
|
||||
with:
|
||||
path: ./*
|
||||
key: ${{ runner.os }}-${{ github.sha }}
|
||||
- name: Pull mingw build artifacts
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: opensc-build-mingw
|
||||
- run: git config --global user.email "builds@github.com"
|
||||
- run: git config --global user.name "Github Actions";
|
||||
- run: .github/push_artifacts.sh "Github Actions ${GITHUB_REF}"
|
||||
if: ${{ github.event_name != 'pull_request' && github.repository == 'OpenSC/OpenSC' }}
|
|
@ -0,0 +1,39 @@
|
|||
name: OSX
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.c'
|
||||
- '**.h'
|
||||
push:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: .github/setup-macos.sh
|
||||
- run: .github/build.sh
|
||||
- name: Cache build artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: opensc-build-macos
|
||||
path:
|
||||
OpenSC*.dmg
|
||||
|
||||
push-artifacts:
|
||||
runs-on: macos-latest
|
||||
needs: [build]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Pull build artifacts
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: opensc-build-macos
|
||||
- run: git config --global user.email "builds@github.com"
|
||||
- run: git config --global user.name "Github Actions";
|
||||
- run: .github/push_artifacts.sh "Github Actions ${GITHUB_REF}"
|
||||
if: ${{ github.event_name != 'pull_request' && github.repository == 'OpenSC/OpenSC' }}
|
||||
# TODO this fails probably because the key is not loaded in keychain before with
|
||||
# security: SecKeychainDelete: The specified keychain could not be found.
|
||||
# - run: .github/remove_signing_key.sh; rm -f .github/secrets.tar
|
|
@ -4,6 +4,7 @@ core
|
|||
archive
|
||||
acinclude.m4
|
||||
aclocal.m4
|
||||
aminclude_static.am
|
||||
autom4te.cache
|
||||
compile
|
||||
confdefs.h
|
||||
|
@ -22,6 +23,7 @@ mkinstalldirs
|
|||
so_locations
|
||||
stamp-h*
|
||||
tags
|
||||
test-driver
|
||||
.deps
|
||||
.libs
|
||||
.#*#
|
||||
|
@ -62,6 +64,7 @@ ChangeLog
|
|||
doc/tools/*-tool
|
||||
doc/tools/eidenv
|
||||
doc/tools/opensc-explorer
|
||||
doc/tools/pkcs11-register
|
||||
doc/tools/pkcs15-crypt
|
||||
doc/tools/pkcs15-init
|
||||
doc/tools/opensc-asn1
|
||||
|
@ -77,6 +80,7 @@ src/tools/pkcs15-init
|
|||
src/tools/eidenv
|
||||
src/tools/opensc-explorer
|
||||
src/tools/cardos-info
|
||||
src/tools/gcns
|
||||
src/tools/sceac-example
|
||||
src/tools/opensc-notify
|
||||
src/tools/opensc-notify.plist
|
||||
|
@ -115,5 +119,10 @@ src/tests/p11test/p11test
|
|||
|
||||
tests/*.log
|
||||
tests/*.trs
|
||||
src/tests/unittests/*.log
|
||||
src/tests/unittests/*.trs
|
||||
src/tests/unittests/asn1
|
||||
src/tests/unittests/compression
|
||||
src/tests/unittests/simpletlv
|
||||
|
||||
version.m4.ci
|
||||
|
|
165
.travis.yml
165
.travis.yml
|
@ -4,20 +4,26 @@ matrix:
|
|||
include:
|
||||
- compiler: clang
|
||||
os: osx
|
||||
osx_image: xcode9.4
|
||||
env: DO_PUSH_ARTIFACT=yes
|
||||
- compiler: gcc
|
||||
- compiler: clang
|
||||
os: osx
|
||||
osx_image: xcode12.2
|
||||
env: DO_PUSH_ARTIFACT=yes
|
||||
- compiler: clang
|
||||
os: linux
|
||||
dist: trusty
|
||||
env:
|
||||
- DO_SIMULATION=javacard
|
||||
- ENABLE_DOC=--enable-doc
|
||||
sudo: true
|
||||
dist: focal
|
||||
- compiler: gcc
|
||||
os: linux
|
||||
dist: bionic
|
||||
env:
|
||||
- DO_SIMULATION=javacard
|
||||
- ENABLE_DOC=--enable-doc
|
||||
- compiler: gcc
|
||||
os: linux
|
||||
dist: focal
|
||||
env:
|
||||
- DO_SIMULATION=oseid
|
||||
sudo: true
|
||||
- env:
|
||||
- HOST=x86_64-w64-mingw32
|
||||
- DO_PUSH_ARTIFACT=yes
|
||||
|
@ -30,11 +36,10 @@ matrix:
|
|||
dist: bionic
|
||||
env:
|
||||
- DO_SIMULATION=cac
|
||||
sudo: true
|
||||
|
||||
env:
|
||||
global:
|
||||
# The next declaration are encrypted envirnmet variables, created via the
|
||||
# The next declaration are encrypted environment variables, created via the
|
||||
# "travis encrypt" command using the project repo's public key
|
||||
# COVERITY_SCAN_TOKEN
|
||||
- secure: "UkHn7wy4im8V1nebCWbAetnDSOLRUbOlF6++ovk/7Bnso1/lnhXHelyzgRxfD/oI68wm9nnRV+RQEZ9+72Ug1CyvHxyyxxkwal/tPeHH4B/L+aGdPi0id+5OZSKIm77VP3m5s102sJMJgH7DFd03+nUd0K26p0tk8ad4j1geV4c="
|
||||
|
@ -46,34 +51,63 @@ env:
|
|||
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
|
||||
- SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
|
||||
|
||||
addons:
|
||||
apt_packages:
|
||||
- binutils-mingw-w64-i686
|
||||
- binutils-mingw-w64-x86-64
|
||||
- docbook-xsl
|
||||
- gcc-mingw-w64-i686
|
||||
- gcc-mingw-w64-x86-64
|
||||
- libpcsclite-dev
|
||||
- mingw-w64
|
||||
- xsltproc
|
||||
- gengetopt
|
||||
- libcmocka-dev
|
||||
- help2man
|
||||
- pcscd
|
||||
- pcsc-tools
|
||||
- check
|
||||
- ant
|
||||
- socat
|
||||
# Commented out because of a bug in travis images for Focal:
|
||||
# https://travis-ci.community/t/clang-10-was-recently-broken-on-linux-unmet-dependencies-for-clang-10-clang-tidy-10-valgrind/11527
|
||||
#addons:
|
||||
# apt_packages:
|
||||
# - binutils-mingw-w64-i686
|
||||
# - binutils-mingw-w64-x86-64
|
||||
# - docbook-xsl
|
||||
# - gcc-mingw-w64-i686
|
||||
# - gcc-mingw-w64-x86-64
|
||||
# - libpcsclite-dev
|
||||
# - mingw-w64
|
||||
# - xsltproc
|
||||
# - gengetopt
|
||||
# - libcmocka-dev
|
||||
# - help2man
|
||||
# - pcscd
|
||||
# - pcsc-tools
|
||||
# - check
|
||||
# - ant
|
||||
# - socat
|
||||
# - cmake
|
||||
# - clang-tidy
|
||||
# - softhsm2
|
||||
|
||||
before_install:
|
||||
# brew install gengetopt help2man cmocka ccache llvm;
|
||||
# export PATH="/usr/local/opt/ccache/libexec:/usr/local/opt/llvm/bin:$PATH";
|
||||
# homebrew is dead slow in older images due to the many updates it would need to download and build.
|
||||
# here, we build the additional dependencies manually to get around this
|
||||
- if [ "$TRAVIS_OS_NAME" = "osx" ]; then
|
||||
brew update;
|
||||
brew uninstall libtool;
|
||||
brew install libtool;
|
||||
brew install gengetopt help2man cmocka ccache;
|
||||
curl https://ftp.gnu.org/gnu/gengetopt/gengetopt-2.23.tar.xz -L --output gengetopt-2.23.tar.xz;
|
||||
tar xfj gengetopt-2.23.tar.xz;
|
||||
pushd gengetopt-2.23;
|
||||
./configure && make;
|
||||
sudo make install;
|
||||
popd;
|
||||
curl https://ftp.gnu.org/gnu/help2man/help2man-1.47.16.tar.xz -L --output help2man-1.47.16.tar.xz;
|
||||
tar xjf help2man-1.47.16.tar.xz;
|
||||
pushd help2man-1.47.16;
|
||||
./configure && make;
|
||||
sudo make install;
|
||||
popd;
|
||||
export PATH="/usr/local/opt/ccache/libexec:$PATH";
|
||||
git clone https://github.com/frankmorgner/OpenSCToken.git;
|
||||
sudo rm -rf /Library/Developer/CommandLineTools;
|
||||
fi
|
||||
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$TRAVIS_PULL_REQUEST" = "false" -a -n "$encrypted_3b9f0b9d36d1_key" ]; then
|
||||
openssl aes-256-cbc -K $encrypted_3b9f0b9d36d1_key -iv $encrypted_3b9f0b9d36d1_iv -in .github/secrets.tar.enc -out .github/secrets.tar -d;
|
||||
.github/add_signing_key.sh;
|
||||
else
|
||||
unset CODE_SIGN_IDENTITY INSTALLER_SIGN_IDENTITY;
|
||||
fi
|
||||
- if [ "${DO_SIMULATION}" = "javacard" ]; then
|
||||
sudo apt-get install -y openjdk-8-jdk;
|
||||
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64;
|
||||
sudo update-alternatives --get-selections | grep ^java;
|
||||
export PATH="/usr/lib/jvm/java-8-openjdk-amd64/bin/:$PATH";
|
||||
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/;
|
||||
env | grep -i openjdk;
|
||||
fi
|
||||
- if [ "${DO_SIMULATION}" = "cac" ]; then
|
||||
sudo apt-get install -y libglib2.0-dev libnss3-dev pkgconf libtool make autoconf autoconf-archive automake libsofthsm2-dev softhsm2 softhsm2-common help2man gnutls-bin libcmocka-dev libusb-dev libudev-dev flex libnss3-tools libssl-dev libpcsclite1;
|
||||
|
@ -82,6 +116,12 @@ before_install:
|
|||
- if [ -n "${HOST}" ]; then
|
||||
sudo apt-get install -y wine;
|
||||
fi
|
||||
- if [ "$TRAVIS_DIST" == "focal" ]; then
|
||||
sudo apt-get install -yq --allow-downgrades libc6=2.31-0ubuntu9.2 libc6-dev=2.31-0ubuntu9.2;
|
||||
fi
|
||||
- if [ "$TRAVIS_OS_NAME" == "linux" ]; then
|
||||
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --allow-downgrades --allow-remove-essential --allow-change-held-packages install binutils-mingw-w64-i686 binutils-mingw-w64-x86-64 docbook-xsl gcc-mingw-w64-i686 gcc-mingw-w64-x86-64 libpcsclite-dev mingw-w64 xsltproc gengetopt libcmocka-dev help2man pcscd pcsc-tools check ant socat cmake clang-tidy softhsm2;
|
||||
fi
|
||||
|
||||
before_script:
|
||||
- if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
|
||||
|
@ -102,23 +142,27 @@ before_script:
|
|||
if [ ! -f "$(winepath 'C:/Program Files (x86)/Inno Setup 5/ISCC.exe')" ]; then
|
||||
/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16;
|
||||
export DISPLAY=:99.0;
|
||||
[ -d isetup ] || mkdir isetup;
|
||||
pushd isetup;
|
||||
[ -f isetup-5.5.6.exe ] || wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe;
|
||||
wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART;
|
||||
popd;
|
||||
fi;
|
||||
unset CC;
|
||||
unset CXX;
|
||||
./configure --host=$HOST --with-completiondir=/tmp --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=${TRAVIS_BUILD_DIR}/win32/opensc || cat config.log;
|
||||
fi
|
||||
# Optionally try to upload to Coverity Scan
|
||||
# On error (propably quota is exhausted), just continue
|
||||
# On error (probably quota is exhausted), just continue
|
||||
- if [ "${DO_COVERITY_SCAN}" = "yes" ]; then curl -s 'https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh' | bash || true; fi
|
||||
|
||||
- if [ "${DO_SIMULATION}" = "javacard" ]; then
|
||||
set -ex;
|
||||
git clone https://github.com/frankmorgner/vsmartcard.git;
|
||||
cd vsmartcard/virtualsmartcard;
|
||||
autoreconf -vis && ./configure && sudo make install;
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
sudo /etc/init.d/pcscd restart;
|
||||
sudo systemctl stop pcscd.service pcscd.socket;
|
||||
|
||||
git clone https://github.com/martinpaljak/oracle_javacard_sdks.git;
|
||||
export JC_HOME=$PWD/oracle_javacard_sdks/jc222_kit;
|
||||
|
@ -126,6 +170,8 @@ before_script:
|
|||
|
||||
git clone https://github.com/arekinath/jcardsim.git;
|
||||
cd jcardsim;
|
||||
env | grep -i openjdk;
|
||||
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/;
|
||||
mvn initialize && mvn clean install;
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
|
||||
|
@ -157,13 +203,15 @@ before_script:
|
|||
|
||||
git clone --recursive https://github.com/arekinath/PivApplet.git;
|
||||
cd PivApplet;
|
||||
ant dist;
|
||||
JC_HOME=${JC_CLASSIC_HOME} ant dist;
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
|
||||
git clone https://github.com/Yubico/yubico-piv-tool.git;
|
||||
cd yubico-piv-tool;
|
||||
autoreconf -vis && ./configure && sudo make install;
|
||||
mkdir build; cd build;
|
||||
cmake .. && make && sudo make install;
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
set +ex;
|
||||
fi
|
||||
|
||||
- if [ "${DO_SIMULATION}" = "oseid" ]; then
|
||||
|
@ -172,6 +220,7 @@ before_script:
|
|||
make -f Makefile.console;
|
||||
mkdir tmp;
|
||||
socat -d -d pty,link=tmp/OsEIDsim.socket,raw,echo=0 "exec:build/console/console ...,pty,raw,echo=0" &
|
||||
PID=$!;
|
||||
sleep 1;
|
||||
echo "# OsEIDsim" > tmp/reader.conf;
|
||||
echo 'FRIENDLYNAME "OsEIDsim"' >> tmp/reader.conf;
|
||||
|
@ -211,7 +260,7 @@ script:
|
|||
fi;
|
||||
fi
|
||||
- if [ -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" -a -z "$DO_SIMULATION" ]; then
|
||||
make check && make dist;
|
||||
make check && make distcheck || (cat tests/*log src/tests/unittests/*log && exit 1);
|
||||
fi
|
||||
- if [ ! -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" ]; then
|
||||
make install;
|
||||
|
@ -223,42 +272,53 @@ script:
|
|||
sudo make install;
|
||||
export LD_LIBRARY_PATH=/usr/local/lib;
|
||||
|
||||
sudo /usr/sbin/pcscd -f &
|
||||
PCSCD_PID=$!;
|
||||
|
||||
java -noverify -cp IsoApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard isoapplet_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b800001a0cf276a288bcfba69d34f310010cf276a288bcfba69d34f3100100;
|
||||
opensc-tool -n;
|
||||
pkcs15-init --create-pkcs15 --so-pin 123456 --so-puk 0123456789abcdef;
|
||||
pkcs15-tool --change-pin --pin 123456 --new-pin 654321;
|
||||
pkcs15-tool --unblock-pin --puk 0123456789abcdef --new-pin 123456;
|
||||
pkcs15-init --generate-key rsa/2048 --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456;
|
||||
pkcs15-init --generate-key rsa/2048 --id 2 --key-usage decrypt --auth-id FF --pin 123456;
|
||||
pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign --auth-id FF --pin 123456;
|
||||
pkcs15-tool -D;
|
||||
pkcs11-tool -l -t -p 123456;
|
||||
killall java;
|
||||
kill -9 $PID;
|
||||
|
||||
java -noverify -cp GidsApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard gids_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b80000190bA0000003974254465902010bA00000039742544659020100;
|
||||
opensc-tool -n;
|
||||
gids-tool --initialize --pin 123456 --admin-key 000000000000000000000000000000000000000000000000 --serial 00000000000000000000000000000000;
|
||||
killall java;
|
||||
kill -9 $PID;
|
||||
|
||||
java -noverify -cp ykneo-openpgp/applet/bin:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard openpgp_jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b800002210D276000124010200000000000001000010D276000124010200000000000001000000;
|
||||
opensc-tool -n;
|
||||
openpgp-tool --verify CHV3 --pin 12345678 --gen-key 2;
|
||||
pkcs15-init --verify --auth-id 3 --pin 12345678 --delete-objects privkey,pubkey --id 2 --generate-key rsa/2048;
|
||||
pkcs11-tool -l -t -p 123456;
|
||||
killall java;
|
||||
kill -9 $PID;
|
||||
|
||||
java -noverify -cp PivApplet/bin/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard PivApplet/test/jcardsim.cfg >/dev/null &
|
||||
PID=$!;
|
||||
sleep 5;
|
||||
opensc-tool --card-driver default --send-apdu 80b80000120ba000000308000010000100050000020F0F7f;
|
||||
opensc-tool -n;
|
||||
yubico-piv-tool -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256;
|
||||
yubico-piv-tool -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048;
|
||||
yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048;
|
||||
yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256;
|
||||
pkcs11-tool -l -t -p 123456;
|
||||
killall java;
|
||||
kill -9 $PID;
|
||||
|
||||
sudo kill -9 $PCSCD_PID;
|
||||
|
||||
set +ex;
|
||||
fi
|
||||
|
@ -273,17 +333,19 @@ script:
|
|||
./OsEID-tool RSA-CREATE-KEYS;
|
||||
./OsEID-tool RSA-UPLOAD-KEYS;
|
||||
./OsEID-tool RSA-DECRYPT-TEST;
|
||||
./OsEID-tool RSA-SIGN-PKCS11-TEST;
|
||||
./OsEID-tool EC-CREATE-KEYS;
|
||||
./OsEID-tool EC-UPLOAD-KEYS;
|
||||
./OsEID-tool EC-SIGN-TEST;
|
||||
./OsEID-tool EC-SIGN-PKCS11-TEST;
|
||||
./OsEID-tool EC-ECDH-TEST;
|
||||
killall socat;
|
||||
kill -9 $PID;
|
||||
|
||||
set +ex;
|
||||
fi
|
||||
- if [ "${DO_SIMULATION}" = "cac" ]; then
|
||||
cd $TRAVIS_BUILD_DIR;
|
||||
make check && sudo make install;
|
||||
make check && sudo make install || (cat tests/*log src/tests/unittests/*log && exit 1);
|
||||
export LD_LIBRARY_PATH=/usr/local/lib;
|
||||
cd src/tests/p11test/;
|
||||
./p11test -s 0 -p 12345678 -i &
|
||||
|
@ -309,17 +371,16 @@ after_script:
|
|||
git config --global user.name "Travis CI";
|
||||
.github/push_artifacts.sh "Travis CI build ${TRAVIS_JOB_NUMBER}";
|
||||
fi
|
||||
|
||||
before_cache:
|
||||
- brew cleanup
|
||||
- if [ "$TRAVIS_OS_NAME" = "osx" ]; then
|
||||
.github/remove_signing_key.sh;
|
||||
rm -f .github/secrets.tar;
|
||||
fi
|
||||
|
||||
cache:
|
||||
apt: true
|
||||
ccache: true
|
||||
directories:
|
||||
- $HOME/.m2/
|
||||
- $HOME/Library/Caches/Homebrew
|
||||
- openssl_bin
|
||||
- openpace_bin
|
||||
files:
|
||||
- isetup-5.5.6.exe
|
||||
- isetup
|
||||
|
|
37
COPYING
37
COPYING
|
@ -1,8 +1,8 @@
|
|||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 2.1, February 1999
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
Version 2.1, February 1999
|
||||
|
||||
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
|
||||
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
|||
as the successor of the GNU Library Public License, version 2, hence
|
||||
the version number 2.1.]
|
||||
|
||||
Preamble
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
|
@ -55,7 +55,7 @@ modified by someone else and passed on, the recipients should know
|
|||
that what they have is not the original version, so that the original
|
||||
author's reputation will not be affected by problems that might be
|
||||
introduced by others.
|
||||
|
||||
|
||||
Finally, software patents pose a constant threat to the existence of
|
||||
any free program. We wish to make sure that a company cannot
|
||||
effectively restrict the users of a free program by obtaining a
|
||||
|
@ -111,8 +111,8 @@ modification follow. Pay close attention to the difference between a
|
|||
"work based on the library" and a "work that uses the library". The
|
||||
former contains code derived from the library, whereas the latter must
|
||||
be combined with the library in order to run.
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
|
||||
GNU LESSER GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License Agreement applies to any software library or other
|
||||
|
@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
|
|||
on the Library (independent of the use of the Library in a tool for
|
||||
writing it). Whether that is true depends on what the Library does
|
||||
and what the program that uses the Library does.
|
||||
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Library's
|
||||
complete source code as you receive it, in any medium, provided that
|
||||
you conspicuously and appropriately publish on each copy an
|
||||
|
@ -158,7 +158,7 @@ Library.
|
|||
You may charge a fee for the physical act of transferring a copy,
|
||||
and you may at your option offer warranty protection in exchange for a
|
||||
fee.
|
||||
|
||||
|
||||
2. You may modify your copy or copies of the Library or any portion
|
||||
of it, thus forming a work based on the Library, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
|
@ -216,7 +216,7 @@ instead of to this License. (If a newer version than version 2 of the
|
|||
ordinary GNU General Public License has appeared, then you can specify
|
||||
that version instead if you wish.) Do not make any other change in
|
||||
these notices.
|
||||
|
||||
|
||||
Once this change is made in a given copy, it is irreversible for
|
||||
that copy, so the ordinary GNU General Public License applies to all
|
||||
subsequent copies and derivative works made from that copy.
|
||||
|
@ -267,7 +267,7 @@ Library will still fall under Section 6.)
|
|||
distribute the object code for the work under the terms of Section 6.
|
||||
Any executables containing that work also fall under Section 6,
|
||||
whether or not they are linked directly with the Library itself.
|
||||
|
||||
|
||||
6. As an exception to the Sections above, you may also combine or
|
||||
link a "work that uses the Library" with the Library to produce a
|
||||
work containing portions of the Library, and distribute that work
|
||||
|
@ -329,7 +329,7 @@ restrictions of other proprietary libraries that do not normally
|
|||
accompany the operating system. Such a contradiction means you cannot
|
||||
use both them and the Library together in an executable that you
|
||||
distribute.
|
||||
|
||||
|
||||
7. You may place library facilities that are a work based on the
|
||||
Library side-by-side in a single library together with other library
|
||||
facilities not covered by this License, and distribute such a combined
|
||||
|
@ -370,7 +370,7 @@ subject to these terms and conditions. You may not impose any further
|
|||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties with
|
||||
this License.
|
||||
|
||||
|
||||
11. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
|
@ -422,7 +422,7 @@ conditions either of that version or of any later version published by
|
|||
the Free Software Foundation. If the Library does not specify a
|
||||
license version number, you may choose any version ever published by
|
||||
the Free Software Foundation.
|
||||
|
||||
|
||||
14. If you wish to incorporate parts of the Library into other free
|
||||
programs whose distribution conditions are incompatible with these,
|
||||
write to the author to ask for permission. For software which is
|
||||
|
@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
|
|||
of all derivatives of our free software and of promoting the sharing
|
||||
and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
NO WARRANTY
|
||||
|
||||
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
|
||||
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
|
||||
|
@ -455,8 +455,8 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
|
|||
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
|
||||
DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Libraries
|
||||
|
||||
If you develop a new library, and you want it to be of the greatest
|
||||
|
@ -485,7 +485,7 @@ convey the exclusion of warranty; and each file should have at least the
|
|||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
|
@ -501,4 +501,3 @@ necessary. Here is a sample; alter the names:
|
|||
|
||||
That's all there is to it!
|
||||
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
|
||||
EXTRA_DIST = build build-package.in build-package-from-ci.in Distribution.xml.in libtool-bundle opensc-uninstall \
|
||||
EXTRA_DIST = build build-package.in Distribution.xml.in libtool-bundle opensc-uninstall \
|
||||
resources \
|
||||
resources/background.jpg \
|
||||
resources/Welcome.html.in \
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<false/>
|
||||
<key>com.apple.security.automation.apple-events</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<false/>
|
||||
<key>com.apple.security.cs.disable-library-validation</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
|
@ -1,80 +0,0 @@
|
|||
#!/bin/bash
|
||||
# temporary build script until we've fixed the CI to include CTK
|
||||
|
||||
# You need to install the following packages from homebrew or macports or fink:
|
||||
# autoconf automake libtool pkg-config help2man gengetopt
|
||||
|
||||
export MACOSX_DEPLOYMENT_TARGET="10.10"
|
||||
|
||||
set -ex
|
||||
test -x ./configure || ./bootstrap
|
||||
BUILDPATH=${PWD}
|
||||
|
||||
# Locate the latest OSX SDK
|
||||
SDK_PATH=$(xcrun --sdk macosx --show-sdk-path)
|
||||
|
||||
# Set SDK path
|
||||
export CFLAGS="$CFLAGS -isysroot $SDK_PATH -arch x86_64"
|
||||
|
||||
# Build OpenSCToken
|
||||
if ! test -e OpenSCToken; then
|
||||
git clone --depth=1 https://github.com/frankmorgner/OpenSCToken.git
|
||||
fi
|
||||
cd OpenSCToken
|
||||
# make sure OpenSCToken builds with the same dependencies as before
|
||||
if ! test -e OpenSC; then
|
||||
git clone --depth=1 ../../OpenSC
|
||||
else
|
||||
cd OpenSC && git pull && cd ..
|
||||
fi
|
||||
if ! test -e openssl; then
|
||||
git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_0_2-stable
|
||||
else
|
||||
cd openssl && git pull && cd ..
|
||||
fi
|
||||
if ! test -e openpace; then
|
||||
git clone --depth=1 https://github.com/frankmorgner/openpace.git -b 1.1.0
|
||||
else
|
||||
cd openpace && git pull && cd ..
|
||||
fi
|
||||
BP=${BUILDPATH}
|
||||
. ./bootstrap
|
||||
BUILDPATH=${BP}
|
||||
xcodebuild -target OpenSCTokenApp -configuration Debug -project OpenSCTokenApp.xcodeproj install DSTROOT=${BUILDPATH}/target_token
|
||||
cd ..
|
||||
|
||||
imagedir=$(mktemp -d)
|
||||
|
||||
# Get name of branch in Nightly which corresponds to the latest commit in OpenSC
|
||||
BRANCH=`git log --max-count=1 --date=short --abbrev=8 --pretty=format:"%cd_%h"`
|
||||
if ! test -e Nightly-${BRANCH}; then
|
||||
# Download the build
|
||||
curl -L https://github.com/OpenSC/Nightly/archive/${BRANCH}.zip > ${BRANCH}.zip
|
||||
# Unpack the build
|
||||
unzip ${BRANCH}.zip
|
||||
fi
|
||||
cp Nightly-${BRANCH}/OpenSC-startup.pkg .
|
||||
cp Nightly-${BRANCH}/OpenSC-tokend.pkg .
|
||||
cp Nightly-${BRANCH}/OpenSC.pkg .
|
||||
|
||||
# Build package
|
||||
pkgbuild --root ${BUILDPATH}/target_token --identifier org.opensc-project.mac.opensctoken --version @PACKAGE_VERSION@ --install-location / OpenSCToken.pkg
|
||||
|
||||
# Build product
|
||||
productbuild --distribution MacOSX/Distribution.xml --package-path . --resources MacOSX/resources "${imagedir}/OpenSC @PACKAGE_VERSION@.pkg"
|
||||
|
||||
# Build "Uninstaller"
|
||||
osacompile -o "${imagedir}/OpenSC Uninstaller.app" "MacOSX/OpenSC_Uninstaller.applescript"
|
||||
|
||||
# Create .dmg
|
||||
rm -f OpenSC-@PACKAGE_VERSION@.dmg
|
||||
i=0
|
||||
while ! hdiutil create -srcfolder "${imagedir}" -volname "@PACKAGE_NAME@" -fs JHFS+ OpenSC-@PACKAGE_VERSION@.dmg
|
||||
do
|
||||
i=$[$i+1]
|
||||
if [ $i -gt 2 ]
|
||||
then
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
rm -rf ${imagedir}
|
|
@ -13,11 +13,11 @@ set -ex
|
|||
test -x ./configure || ./bootstrap
|
||||
BUILDPATH=${PWD}
|
||||
|
||||
# Locate the latest OSX SDK
|
||||
SDK_PATH=$(xcrun --sdk macosx --show-sdk-path)
|
||||
|
||||
# Set SDK path
|
||||
export CFLAGS="$CFLAGS -isysroot $SDK_PATH -arch x86_64"
|
||||
xcode_ver=$(xcodebuild -version | sed -En 's/Xcode[[:space:]](.*)/\1/p')
|
||||
base_ver="12.2"
|
||||
if [ $(echo -e $base_ver"\n"$xcode_ver | sort -V | head -1) == "$base_ver" ]; then
|
||||
export BUILD_ARM="true"
|
||||
fi
|
||||
|
||||
export SED=/usr/bin/sed
|
||||
PREFIX=/Library/OpenSC
|
||||
|
@ -28,28 +28,47 @@ if ! pkg-config libcrypto --atleast-version=1.0.1; then
|
|||
if ! test -e $BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig; then
|
||||
# Build OpenSSL manually, because Apple's binaries are deprecated
|
||||
if ! test -e openssl; then
|
||||
git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_0_2-stable
|
||||
git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_1_1-stable
|
||||
fi
|
||||
cd openssl
|
||||
KERNEL_BITS=64 ./config --prefix=$PREFIX
|
||||
MACHINE=x86_64 ./config no-shared --prefix=$PREFIX
|
||||
make clean
|
||||
make update
|
||||
make depend
|
||||
make -j 4
|
||||
make INSTALL_PREFIX=$BUILDPATH/openssl_bin install_sw
|
||||
make DESTDIR=$BUILDPATH/openssl_bin install_sw
|
||||
if test -n "${BUILD_ARM}"; then
|
||||
make clean
|
||||
MACHINE=arm64 KERNEL_BITS=64 ./config no-shared --prefix=$PREFIX
|
||||
make -j 4
|
||||
make DESTDIR=$BUILDPATH/openssl_arm64 install_sw
|
||||
lipo -create $BUILDPATH/openssl_arm64/$PREFIX/lib/libcrypto.a $BUILDPATH/openssl_bin/$PREFIX/lib/libcrypto.a -output libcrypto.a
|
||||
lipo -create $BUILDPATH/openssl_arm64/$PREFIX/lib/libssl.a $BUILDPATH/openssl_bin/$PREFIX/lib/libssl.a -output libssl.a
|
||||
mv libcrypto.a $BUILDPATH/openssl_bin/$PREFIX/lib/libcrypto.a
|
||||
mv libssl.a $BUILDPATH/openssl_bin/$PREFIX/lib/libssl.a
|
||||
fi
|
||||
cd ..
|
||||
fi
|
||||
export OPENSSL_CFLAGS="`env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl_bin pkg-config --static --cflags libcrypto`"
|
||||
export OPENSSL_LIBS="` env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl_bin pkg-config --static --libs libcrypto`"
|
||||
fi
|
||||
|
||||
# Locate the latest OSX SDK
|
||||
SDK_PATH=$(xcrun --sdk macosx --show-sdk-path)
|
||||
export CFLAGS="$CFLAGS -isysroot $SDK_PATH"
|
||||
|
||||
if test -n "${BUILD_ARM}"; then
|
||||
export CFLAGS="$CFLAGS -arch x86_64 -arch arm64"
|
||||
export LDFLAGS="$LDFLAGS -arch x86_64 -arch arm64"
|
||||
fi
|
||||
export OBJCFLAGS=$CFLAGS
|
||||
|
||||
if ! test -e $BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig; then
|
||||
if ! test -e openpace; then
|
||||
git clone --depth=1 https://github.com/frankmorgner/openpace.git -b 1.1.0
|
||||
git clone --depth=1 https://github.com/frankmorgner/openpace.git -b 1.1.1
|
||||
fi
|
||||
cd openpace
|
||||
autoreconf -vis
|
||||
./configure --disable-shared --prefix=$PREFIX CRYPTO_CFLAGS="$OPENSSL_CFLAGS" CRYPTO_LIBS="$OPENSSL_LIBS"
|
||||
./configure --disable-shared --prefix=$PREFIX CRYPTO_CFLAGS="$OPENSSL_CFLAGS" CRYPTO_LIBS="$OPENSSL_LIBS" HELP2MAN=/usr/bin/true
|
||||
touch src/cvc-create.1 src/cvc-print.1
|
||||
make DESTDIR=$BUILDPATH/openpace_bin install
|
||||
cd ..
|
||||
fi
|
||||
|
@ -91,25 +110,42 @@ fi
|
|||
if ! test -e NotificationProxy; then
|
||||
git clone http://github.com/frankmorgner/NotificationProxy.git
|
||||
fi
|
||||
xcodebuild -target NotificationProxy -configuration Release -project NotificationProxy/NotificationProxy.xcodeproj install DSTROOT=$BUILDPATH/target/Library/OpenSC/
|
||||
mkdir -p "$BUILDPATH/target/Applications"
|
||||
osacompile -o "$BUILDPATH/target/Applications/OpenSC Notify.app" "MacOSX/OpenSC_Notify.applescript"
|
||||
|
||||
|
||||
# Check out OpenSC.tokend, if not already fetched.
|
||||
if ! test -e OpenSC.tokend; then
|
||||
git clone http://github.com/OpenSC/OpenSC.tokend.git
|
||||
if test -n "${CODE_SIGN_IDENTITY}" -a -n "${DEVELOPMENT_TEAM}"; then
|
||||
xcodebuild -target NotificationProxy -configuration Release -project NotificationProxy/NotificationProxy.xcodeproj install DSTROOT=$BUILDPATH/target/Library/OpenSC/ \
|
||||
CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" DEVELOPMENT_TEAM="${DEVELOPMENT_TEAM}" OTHER_CODE_SIGN_FLAGS="--timestamp --options=runtime" CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO CODE_SIGN_STYLE=Manual
|
||||
else
|
||||
xcodebuild -target NotificationProxy -configuration Release -project NotificationProxy/NotificationProxy.xcodeproj install DSTROOT=$BUILDPATH/target/Library/OpenSC/
|
||||
fi
|
||||
mkdir -p "$BUILDPATH/target/Applications/Utilities"
|
||||
osacompile -o "$BUILDPATH/target/Applications/Utilities/OpenSC Notify.app" "MacOSX/OpenSC_Notify.applescript"
|
||||
if test -n "${CODE_SIGN_IDENTITY}"; then
|
||||
codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_applescripts.entitlements --deep --timestamp --options runtime "$BUILDPATH/target/Applications/Utilities/OpenSC Notify.app"
|
||||
fi
|
||||
|
||||
# Create the symlink to OpenSC sources
|
||||
test -L OpenSC.tokend/build/opensc-src || ln -sf ${BUILDPATH}/src OpenSC.tokend/build/opensc-src
|
||||
|
||||
if (( xcodebuild -version | sed -En 's/Xcode[[:space:]]+([0-9]+)\.[0-9]*/\1/p' < 10 )); then
|
||||
# Build OpenSC.tokend when XCode version < 10
|
||||
if (( $(xcodebuild -version | sed -En 's/Xcode[[:space:]]+([0-9]+)(\.[0-9]*)*/\1/p') < 10 )); then
|
||||
# Check out OpenSC.tokend, if not already fetched.
|
||||
if ! test -e OpenSC.tokend; then
|
||||
git clone http://github.com/OpenSC/OpenSC.tokend.git
|
||||
fi
|
||||
|
||||
# Create the symlink to OpenSC sources
|
||||
test -L OpenSC.tokend/build/opensc-src || ln -sf ${BUILDPATH}/src OpenSC.tokend/build/opensc-src
|
||||
|
||||
# Build and copy OpenSC.tokend
|
||||
xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj install DSTROOT=${BUILDPATH}/target_tokend
|
||||
if test -n "${CODE_SIGN_IDENTITY}" -a -n "${DEVELOPMENT_TEAM}"; then
|
||||
xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj install DSTROOT=${BUILDPATH}/target_tokend \
|
||||
CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" DEVELOPMENT_TEAM="${DEVELOPMENT_TEAM}" OTHER_CODE_SIGN_FLAGS="--timestamp --options=runtime" CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO CODE_SIGN_STYLE=Manual
|
||||
else
|
||||
xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj install DSTROOT=${BUILDPATH}/target_tokend
|
||||
fi
|
||||
|
||||
TOKEND="-tokend"
|
||||
else
|
||||
# https://github.com/OpenSC/OpenSC.tokend/issues/33
|
||||
mkdir -p ${BUILDPATH}/target_tokend
|
||||
TOKEND=""
|
||||
fi
|
||||
|
||||
#if ! test -e $BUILDPATH/target/Library/Security/tokend/OpenSC.tokend/Contents/Resources/Applications/terminal-notifier.app; then
|
||||
|
@ -131,54 +167,77 @@ cp MacOSX/opensc-uninstall ${BUILDPATH}/target/usr/local/bin
|
|||
|
||||
# Prepare startup root
|
||||
mkdir -p ${BUILDPATH}/target_startup/Library/LaunchAgents
|
||||
cp src/tools/pkcs11-register.plist ${BUILDPATH}/target_startup/Library/LaunchAgents
|
||||
cp src/tools/opensc-notify.plist ${BUILDPATH}/target_startup/Library/LaunchAgents
|
||||
cp src/tools/org.opensc-project.mac.pkcs11-register.plist ${BUILDPATH}/target_startup/Library/LaunchAgents
|
||||
cp src/tools/org.opensc-project.mac.opensc-notify.plist ${BUILDPATH}/target_startup/Library/LaunchAgents
|
||||
|
||||
# Build OpenSCToken if possible
|
||||
if test -e OpenSCToken; then
|
||||
if test -e OpenSCToken -a -n "${CODE_SIGN_IDENTITY}" -a -n "${DEVELOPMENT_TEAM}"; then
|
||||
cd OpenSCToken
|
||||
# make sure OpenSCToken builds with the same dependencies as before
|
||||
if ! test -e OpenSC; then
|
||||
git clone --depth=1 ../../OpenSC
|
||||
git clone --depth=1 file://$PWD/../../OpenSC
|
||||
else
|
||||
cd OpenSC && git pull && cd ..
|
||||
fi
|
||||
if ! test -e openssl; then
|
||||
git clone --depth=1 ../openssl
|
||||
else
|
||||
cd openssl && git pull && cd ..
|
||||
mkdir -p build
|
||||
if ! test -e build/openssl; then
|
||||
# build/openssl/lib/libcrypto.a is hardcoded in OpenSCToken
|
||||
ln -sf $BUILDPATH/openssl_bin/$PREFIX build/openssl
|
||||
# in OpenSCToken's variant of OpenSC we still use OpenSSL flags from above
|
||||
fi
|
||||
if ! test -e openpace; then
|
||||
git clone --depth=1 ../openpace
|
||||
else
|
||||
cd openpace && git pull && cd ..
|
||||
if ! test -e build/openpace; then
|
||||
# build/openpace/lib/libeac.a is hardcoded in OpenSCToken
|
||||
ln -sf $BUILDPATH/openpace_bin/$PREFIX build/openpace
|
||||
# in OpenSCToken's variant of OpenSC we still use OpenPACE flags from above
|
||||
fi
|
||||
BP=${BUILDPATH}
|
||||
. ./bootstrap
|
||||
BUILDPATH=${BP}
|
||||
xcodebuild -target OpenSCTokenApp -configuration Debug -project OpenSCTokenApp.xcodeproj install DSTROOT=${BUILDPATH}/target_token
|
||||
xcodebuild -target OpenSCTokenApp -configuration Debug -project OpenSCTokenApp.xcodeproj install DSTROOT=${BUILDPATH}/target_token \
|
||||
CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" DEVELOPMENT_TEAM="${DEVELOPMENT_TEAM}" OTHER_CODE_SIGN_FLAGS="--timestamp --options=runtime" CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO CODE_SIGN_STYLE=Manual
|
||||
cd ..
|
||||
|
||||
COMPONENT_TOKEN="--component-plist MacOSX/target_token.plist"
|
||||
else
|
||||
# if no OpenSCToken is checked out, then we create a dummy package
|
||||
mkdir -p ${BUILDPATH}/target_token
|
||||
fi
|
||||
|
||||
if test -n "${CODE_SIGN_IDENTITY}"; then
|
||||
for d in ${BUILDPATH}/target/Library/OpenSC/bin ${BUILDPATH}/target/Library/OpenSC/lib
|
||||
do
|
||||
# find executable files and run codesign on them
|
||||
find ${d} -type f -perm +111 -print -exec \
|
||||
codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_binaries.entitlements --deep --timestamp --options runtime {} \;
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
# Build package
|
||||
pkgbuild --root ${BUILDPATH}/target --scripts MacOSX/scripts --identifier org.opensc-project.mac --version @PACKAGE_VERSION@ --install-location / OpenSC.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_tokend --identifier org.opensc-project.tokend --version @PACKAGE_VERSION@ --install-location / OpenSC-tokend.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_token --identifier org.opensc-project.mac.opensctoken --version @PACKAGE_VERSION@ --install-location / OpenSCToken.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_startup --identifier org.opensc-project.startup --version @PACKAGE_VERSION@ --install-location / OpenSC-startup.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target --component-plist MacOSX/target.plist --scripts MacOSX/scripts --identifier org.opensc-project.mac --version @PACKAGE_VERSION@ --install-location / OpenSC.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_tokend --component-plist MacOSX/target_tokend.plist --identifier org.opensc-project.tokend --version @PACKAGE_VERSION@ --install-location / OpenSC-tokend.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_token $COMPONENT_TOKEN --identifier org.opensc-project.mac.opensctoken --version @PACKAGE_VERSION@ --install-location / OpenSCToken.pkg
|
||||
pkgbuild --root ${BUILDPATH}/target_startup --component-plist MacOSX/target_startup.plist --identifier org.opensc-project.startup --version @PACKAGE_VERSION@ --install-location / OpenSC-startup.pkg
|
||||
|
||||
# Build product
|
||||
productbuild --distribution MacOSX/Distribution.xml --package-path . --resources MacOSX/resources "${imagedir}/OpenSC @PACKAGE_VERSION@.pkg"
|
||||
|
||||
# Sign installer
|
||||
if test -n "${INSTALLER_SIGN_IDENTITY}"; then
|
||||
productsign --sign "${INSTALLER_SIGN_IDENTITY}" "${imagedir}/OpenSC @PACKAGE_VERSION@.pkg" "${BUILDPATH}/OpenSC @PACKAGE_VERSION@.pkg"
|
||||
mv "${BUILDPATH}/OpenSC @PACKAGE_VERSION@.pkg" "${imagedir}/OpenSC @PACKAGE_VERSION@.pkg"
|
||||
fi
|
||||
|
||||
# Build "Uninstaller"
|
||||
osacompile -o "${imagedir}/OpenSC Uninstaller.app" "MacOSX/OpenSC_Uninstaller.applescript"
|
||||
if test -n "${CODE_SIGN_IDENTITY}"; then
|
||||
codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_applescripts.entitlements --deep --timestamp --options runtime "${imagedir}/OpenSC Uninstaller.app"
|
||||
fi
|
||||
|
||||
# Create .dmg
|
||||
rm -f OpenSC-@PACKAGE_VERSION@.dmg
|
||||
rm -f OpenSC-@PACKAGE_VERSION@$TOKEND.dmg
|
||||
i=0
|
||||
while ! hdiutil create -srcfolder "${imagedir}" -volname "@PACKAGE_NAME@" -fs JHFS+ OpenSC-@PACKAGE_VERSION@.dmg
|
||||
while ! hdiutil create -srcfolder "${imagedir}" -volname "@PACKAGE_NAME@" -fs JHFS+ OpenSC-@PACKAGE_VERSION@$TOKEND.dmg
|
||||
do
|
||||
i=$[$i+1]
|
||||
if [ $i -gt 2 ]
|
||||
|
@ -187,3 +246,6 @@ do
|
|||
fi
|
||||
done
|
||||
rm -rf ${imagedir}
|
||||
|
||||
#if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then xcrun altool --notarize-app --file $(pwd)/vorteil_darwin-x86.dmg --username $OSX_NOTARIZE_USERNAME --primary-bundle-id com.vorteil.cli -p $OSX_NOTARIZE_PW -- >> /dev/null; fi;
|
||||
#if [ "$TRAVIS_EVENT_TYPE" != "pull_request" ]; then for ((i=1;i<=30;i+=1)); do xcrun stapler staple $(pwd)/vorteil_darwin-x86.dmg >> /dev/null; if [ $? = 65 ]; then echo "Waiting for notarization to complete..." && sleep 10; fi; done; fi;
|
||||
|
|
|
@ -6,6 +6,8 @@ if [ "$(id -u)" != "0" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
pluginkit -r -i org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken
|
||||
|
||||
for f in \
|
||||
/Library/OpenSC/bin/* \
|
||||
/Library/OpenSC/etc/bash_completion.d/* \
|
||||
|
@ -26,16 +28,23 @@ rm -f /usr/local/lib/onepin-opensc-pkcs11.so
|
|||
# Remove installed files
|
||||
rm -rf /Applications/OpenSCTokenApp.app
|
||||
rm -rf "/Applications/OpenSC Notify.app"
|
||||
rm -rf /Applications/Utilities/OpenSCTokenApp.app
|
||||
rm -rf "/Applications/Utilities/OpenSC Notify.app"
|
||||
rm -rf /Library/OpenSC
|
||||
rm -rf /Library/Security/tokend/OpenSC.tokend
|
||||
rm -f /Library/LaunchAgents/pkcs11-register.plist
|
||||
rm -f /Library/LaunchAgents/opensc-notify.plist
|
||||
rm -rf /System/Library/Security/tokend/OpenSC.tokend
|
||||
|
||||
# Unload launchagents
|
||||
launchctl remove pkcs11-register
|
||||
launchctl remove opensc-notify
|
||||
|
||||
# delete receipts on 10.6+
|
||||
pkgutil --forget org.opensc-project.mac > /dev/null
|
||||
pkgutil --forget org.opensc-project.tokend > /dev/null
|
||||
pkgutil --forget org.opensc-project.mac > /dev/null 2>/dev/null
|
||||
pkgutil --forget org.opensc-project.tokend > /dev/null 2>/dev/null
|
||||
pkgutil --forget org.opensc-project.mac.opensctoken > /dev/null 2>/dev/null
|
||||
pkgutil --forget org.opensc-project.startup > /dev/null 2>/dev/null
|
||||
|
||||
# remove this script
|
||||
rm -f /usr/local/bin/opensc-uninstall
|
||||
|
|
|
@ -1,43 +1,63 @@
|
|||
#!/bin/bash
|
||||
|
||||
cp /Library/OpenSC/lib/opensc-pkcs11.so /usr/local/lib/opensc-pkcs11.so
|
||||
cp /Library/OpenSC/lib/onepin-opensc-pkcs11.so /usr/local/lib/onepin-opensc-pkcs11.so
|
||||
if [ -e "/Library/OpenSC/etc/opensc.conf.md5" ]
|
||||
then
|
||||
read cs_fromfile file < "/Library/OpenSC/etc/opensc.conf.md5"
|
||||
cs_calculated=$( md5 -q "/Library/OpenSC/etc/opensc.conf")
|
||||
if [ "$cs_fromfile" = "$cs_calculated" ]
|
||||
then
|
||||
mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf
|
||||
md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5
|
||||
fi
|
||||
else
|
||||
mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf
|
||||
md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5
|
||||
fi
|
||||
# copy libs to /usr/local/lib
|
||||
cp /Library/OpenSC/lib/opensc-pkcs11.so \
|
||||
/Library/OpenSC/lib/onepin-opensc-pkcs11.so \
|
||||
/usr/local/lib/
|
||||
|
||||
for f in \
|
||||
/Library/OpenSC/bin/* \
|
||||
/Library/OpenSC/etc/bash_completion.d/* \
|
||||
/Library/OpenSC/share/doc/opensc \
|
||||
/Library/OpenSC/share/man/man1/* \
|
||||
/Library/OpenSC/share/man/man5/*
|
||||
do
|
||||
a=/Library/OpenSC
|
||||
b=/usr/local
|
||||
l="$(dirname ${f/$a/$b})"
|
||||
mkdir -p $l
|
||||
ln -sf $f $l
|
||||
# install opensc.conf if it hasn't been locally modified
|
||||
# shellcheck disable=SC2043
|
||||
for f in /Library/OpenSC/etc/opensc.conf; do
|
||||
if [ -e "${f}.md5" ]; then
|
||||
read -r cs_fromfile _ < "${f}.md5"
|
||||
cs_calculated="$(md5 -q "${f}")"
|
||||
if [ "$cs_fromfile" != "$cs_calculated" ]; then
|
||||
echo "config ${f} was locally modified since last install, skipping" 2>&1
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
cp "${f}.orig" "$f"
|
||||
md5 -r "$f" >"${f}.md5"
|
||||
done
|
||||
|
||||
# symlink other files to /usr/local
|
||||
for f in \
|
||||
/Library/LaunchAgents/pkcs11-register.plist \
|
||||
/Library/LaunchAgents/opensc-notify.plist
|
||||
/Library/OpenSC/bin/* \
|
||||
/Library/OpenSC/etc/bash_completion.d/* \
|
||||
/Library/OpenSC/share/doc/*
|
||||
do
|
||||
if [ -e "$f" ]
|
||||
then
|
||||
/bin/launchctl asuser $(id -u "${USER}") /bin/launchctl load "$f"
|
||||
fi
|
||||
[ -e "$f" ] || continue # keep this or set "shopt -s nullglob"
|
||||
a=/Library/OpenSC
|
||||
b=/usr/local
|
||||
l="${f/$a/$b}" # parameter expansion, returns $f where $a is replaced by $b
|
||||
mkdir -p "$(dirname "$l")"
|
||||
ln -sf "$f" "$l"
|
||||
done
|
||||
|
||||
# correct past issue where a literal shell glob character was symlinked
|
||||
# e.g. /usr/local/share/man/man1/* -> /Library/OpenSC/share/man/man1/*
|
||||
# maybe remove this step post 2022?
|
||||
for f in \
|
||||
'/usr/local/share/man/man1/*' \
|
||||
'/usr/local/share/man/man5/*'
|
||||
do
|
||||
[ -L "$f" ] || continue # skip unless $f is a symlink
|
||||
t="$(readlink "$f")"
|
||||
[ -e "$t" ] && continue # skip if the symlink target actually exists
|
||||
a=/usr/local
|
||||
b=/Library/OpenSC
|
||||
[ "$t" = "${f/$a/$b}" ] || continue # skip unless the target is in the corresponding /Library/OpenSC subdirectory
|
||||
# we can now assume that we originally made $f and can safely remove it
|
||||
unlink "$f"
|
||||
done
|
||||
|
||||
# register the launch agents
|
||||
for f in \
|
||||
/Library/LaunchAgents/org.opensc-project.mac.pkcs11-register.plist \
|
||||
/Library/LaunchAgents/org.opensc-project.mac.opensc-notify.plist
|
||||
do
|
||||
[ -e "$f" ] || continue
|
||||
/bin/launchctl asuser "$(id -u "$USER")" /bin/launchctl load "$f" || true
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<array>
|
||||
<dict>
|
||||
<key>BundleHasStrictIdentifier</key>
|
||||
<true/>
|
||||
<key>BundleIsRelocatable</key>
|
||||
<false/>
|
||||
<key>BundleIsVersionChecked</key>
|
||||
<true/>
|
||||
<key>BundleOverwriteAction</key>
|
||||
<string>upgrade</string>
|
||||
<key>RootRelativeBundlePath</key>
|
||||
<string>Library/OpenSC/Applications/NotificationProxy.app</string>
|
||||
</dict>
|
||||
</array>
|
||||
</plist>
|
|
@ -0,0 +1,5 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<array/>
|
||||
</plist>
|
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<array>
|
||||
<dict>
|
||||
<key>BundleHasStrictIdentifier</key>
|
||||
<true/>
|
||||
<key>BundleIsRelocatable</key>
|
||||
<false/>
|
||||
<key>BundleIsVersionChecked</key>
|
||||
<true/>
|
||||
<key>BundleOverwriteAction</key>
|
||||
<string>upgrade</string>
|
||||
<key>ChildBundles</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>BundleOverwriteAction</key>
|
||||
<string></string>
|
||||
<key>RootRelativeBundlePath</key>
|
||||
<string>Applications/Utilities/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex</string>
|
||||
</dict>
|
||||
</array>
|
||||
<key>RootRelativeBundlePath</key>
|
||||
<string>Applications/Utilities/OpenSCTokenApp.app</string>
|
||||
</dict>
|
||||
</array>
|
||||
</plist>
|
|
@ -0,0 +1,5 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<array/>
|
||||
</plist>
|
|
@ -28,6 +28,10 @@ dist_noinst_DATA = README \
|
|||
packaging/debian.templates/rules
|
||||
dist_doc_DATA = NEWS
|
||||
|
||||
include $(top_srcdir)/aminclude_static.am
|
||||
clean-local: code-coverage-clean
|
||||
distclean-local: code-coverage-dist-clean
|
||||
|
||||
Generate-ChangeLog:
|
||||
rm -f ChangeLog.tmp "$(srcdir)/ChangeLog"
|
||||
test -n "$(GIT)"
|
||||
|
|
212
NEWS
212
NEWS
|
@ -1,5 +1,213 @@
|
|||
NEWS for OpenSC -- History of user visible changes
|
||||
|
||||
# New in 0.22.0; 2021-08-10
|
||||
## General improvements
|
||||
* Use standard paths for file cache on Linux (#2148) and OSX (#2214)
|
||||
* Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
|
||||
* Add threading test to `pkcs11-tool` (#2067)
|
||||
* Add support to generate generic secret keys (#2140)
|
||||
* `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
|
||||
* Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
|
||||
* Support for gcc11 and its new strict aliasing rules (#2241, #2260)
|
||||
* Initial support for building with OpenSSL 3.0 (#2343)
|
||||
* pkcs15-tool: Write data objects in binary mode (#2324)
|
||||
* Avoid limited size of log messages (#2352)
|
||||
## PKCS#11
|
||||
* Support for ECDSA verification (#2211)
|
||||
* Support for ECDSA with different SHA hashes (#2190)
|
||||
* Prevent issues in p11-kit by not returning unexpected return codes (#2207)
|
||||
* Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
|
||||
* Standardize the version 2 on 2.20 in the code (#2096)
|
||||
* Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
|
||||
* Copy arguments of C_Initialize (#2350)
|
||||
## Minidriver
|
||||
* Fix RSA-PSS signing (#2234)
|
||||
## OpenPGP
|
||||
* Fix DO deletion (#2215)
|
||||
* Add support for (X)EdDSA keys (#1960)
|
||||
## IDPrime
|
||||
* Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
|
||||
* Add support for applet version 4 (#2332)
|
||||
## MyEID
|
||||
* New configuration option for opensc.conf to disable pkcs1_padding (#2193)
|
||||
* Add support for ECDSA with different hashes (#2190)
|
||||
* Enable more mechanisms (#2178)
|
||||
* Fixed asking for a user pin when formatting a card (#1737)
|
||||
## IAS/ECC
|
||||
* Added support for French CPx Healthcare cards (#2217)
|
||||
## CardOS
|
||||
* Added ATR for new CardOS 5.4 version (#2296)
|
||||
|
||||
# New in 0.21.0; 2020-11-24
|
||||
## General Improvements
|
||||
* fixed security problems
|
||||
* CVE-2020-26570 (6903aebfddc466d966c7b865fae34572bf3ed23e)
|
||||
* CVE-2020-26571
|
||||
* CVE-2020-26572 (9d294de90d1cc66956389856e60b6944b27b4817)
|
||||
* Bump minimal required OpenSSL version to 1.0.1 (#1658)
|
||||
* Implement basic unit tests for asn1 library, compression and simpletlv parser (#1830)
|
||||
* Allow generating code coverage
|
||||
* Improve fuzzing by providing corpus from real cards (#1830)
|
||||
* Implement support for OAEP encryption
|
||||
* New separate debug level for PIN commands (d06f23e8)
|
||||
* Fix handling of card/reader insertion/removal events in pcscd
|
||||
* Many bugfixes reported by oss-fuzz, coverity and lgtm.com
|
||||
* Fixes of removed readers handling (#1970)
|
||||
* Fix Firefox crash because of invalid pcsc context (#2077)
|
||||
## PKCS#11
|
||||
* Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards (#2030)
|
||||
* Propagate ignore_user_content to PKCS#11 layer not to confuse applications (#2040)
|
||||
## Minidriver
|
||||
* Fix check of ATR length (2-to 33 characters inclusive) (#2146)
|
||||
## MacOS
|
||||
* Add installer signing for PR and master
|
||||
* Avoid app bundle relocations after installation
|
||||
* Move OpenSC to MacOS Utilities folder (#2063)
|
||||
## OpenSC tools
|
||||
### pkcs11-tool
|
||||
* Make SHA256 default for OAEP encryption
|
||||
* pkcs11-tool: allow using SW tokens (#2113)
|
||||
### opensc-explorer
|
||||
* `asn1` accepts offsets and decode records (#2090)
|
||||
* `cat` accepts records (#2090)
|
||||
## OpenPGP
|
||||
* Add new ec curves supported by GNUK (#1853)
|
||||
* First steps supporting OpenPGP 3.4
|
||||
* Add support for EC key import (#1821)
|
||||
## Rutoken
|
||||
* Add ATR for Rutoken ECP SC NFC (#2122)
|
||||
## CardOS
|
||||
* Improve detection of various CardOS 5 configurations (#1987)
|
||||
## DNIe
|
||||
* Add new DNIe CA structure for the secure channel (#2109)
|
||||
## ePass2003
|
||||
* Improve ECC support (#1859)
|
||||
* Fixed erase sequence (#2097)
|
||||
## IAS-ECC (#2070):
|
||||
* Fixed support for Idemia Cosmo cards with AWP middleware interoperability (previously broken).
|
||||
* Added support for Idemia Cosmo v8 cards.
|
||||
* PIN padding settings are now used from PKCS#15 info when available.
|
||||
* Added PIN-pad support for PIN unblock.
|
||||
## IDPrime
|
||||
* New driver for Gemalto IDPrime (only some types) (#1772)
|
||||
## eDo
|
||||
* New driver with initial support for Polish eID card (e-dowód, eDO) (#2023)
|
||||
## MCRD
|
||||
* Remove unused and broken RSA EstEID support (#2095)
|
||||
## TCOS
|
||||
* Add missing encryption certificates (#2083)
|
||||
## PIV
|
||||
* Add ATR of DOD Yubikey (#2115)
|
||||
* fixed PIV global pin bug (#2142)
|
||||
## CAC1
|
||||
* Support changing PIN with CAC Alt tokens (#2129)
|
||||
|
||||
# New in 0.20.0; 2019-12-29
|
||||
## General Improvements
|
||||
* fixed security problems
|
||||
* CVE-2019-6502 (#1586)
|
||||
* CVE-2019-15946 (a3fc769)
|
||||
* CVE-2019-15945 (412a614)
|
||||
* CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7)
|
||||
* CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278)
|
||||
* CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2)
|
||||
* Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
|
||||
* Added memory locking for secrets (#1491)
|
||||
* added support for terminal colors (#1534)
|
||||
* PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
|
||||
* macOS installer
|
||||
* Add installer option to deselect tokend (#1607)
|
||||
* Make OpenSCToken available on 10.12+ and the default on 10.15+ (2017626ed237dbdd4683a4b9410fc610618200c5)
|
||||
* Configuration
|
||||
* rename `md_read_only` to `read_only` and use it for PKCS#11 and Minidriver (#1467)
|
||||
* allow global use of ignore_private_certificate (#1623)
|
||||
* Build Environment
|
||||
* Bump openssl requirement to 0.9.8 (##1459)
|
||||
* Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
|
||||
* Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
|
||||
* Integrate clang-tidy with `make check` (#1673)
|
||||
* Added support for reproducible builds (#1839)
|
||||
## PKCS#11
|
||||
* Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
|
||||
* Added C_WrapKey and C_UnwrapKey implementations (#1393)
|
||||
* Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
|
||||
* Truncate long PKCS#11 labels with ... (#1629)
|
||||
* Fixed recognition of a token when being unplugged and reinserted (#1875)
|
||||
## Minidriver
|
||||
* Register for CardOS5 cards (#1750)
|
||||
* Add support for RSA-PSS (263b945)
|
||||
## OpenSC tools
|
||||
* Harmonize the use of option `-r`/`--reader` (#1548)
|
||||
* `goid-tool`: GoID personalization with fingerprint
|
||||
* `openpgp-tool`
|
||||
* replace the options `-L`/` --key-length` with `-t`/`--key-type` (#1508)
|
||||
* added options `-C`/`--card-info` and `-K`/`--key-info` (#1508)
|
||||
* `opensc-explorer`
|
||||
* add command `pin_info` (#1487)
|
||||
* extend `random` to allow writing to a file (#1487)
|
||||
* `opensc-minidriver-test.exe`: Tests for Microsoft CryptoAPI (#1510)
|
||||
* `opensc-notify`: Autostart on Windows
|
||||
* `pkcs11-register`:
|
||||
* Auto-configuration of applications for use of OpenSC PKCS#11 (#1644)
|
||||
* Autostart on Windows, macOS and Linux (#1644)
|
||||
* `opensc-tool`: Show ATR also for cards not recognized by OpenSC (#1625)
|
||||
* `pkcs11-spy`:
|
||||
* parse CKM_AES_GCM
|
||||
* Add support for CKA_OTP_* and CKM_*_PSS values
|
||||
* parse EC Derive parameters (#1677)
|
||||
* `pkcs11-tool`
|
||||
* Support for signature verification via `--verify` (#1435)
|
||||
* Add object type `secrkey` for `--type` option (#1575)
|
||||
* Implement Secret Key write object (#1648)
|
||||
* Add GOSTR3410-2012 support (#1654)
|
||||
* Add support for testing CKM_RSA_PKCS_OAEP (#1600)
|
||||
* Add extractable option to key import (#1674)
|
||||
* list more key access flags when listing keys (#1653)
|
||||
* Add support for `CKA_ALLOWED_MECHANISMS` when creating new objects and listing keys (#1628)
|
||||
* `pkcs15-crypt`: * Handle keys with user consent (#1529)
|
||||
## CAC1
|
||||
New separate CAC1 driver using the old CAC specification (#1502)
|
||||
## CardOS
|
||||
* Add support for 4K RSA keys in CardOS 5 (#1776)
|
||||
* Fixed decryption with CardOS 5 (#1867)
|
||||
## Coolkey
|
||||
* Enable CoolKey driver to handle 2048-bit keys. (#1532)
|
||||
## EstEID
|
||||
* adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
|
||||
## GIDS
|
||||
* GIDS Decipher fix (#1881)
|
||||
* Allow RSA 4K support (#1891)
|
||||
## MICARDO
|
||||
* Remove long expired EstEID 1.0/1.1 card support (#1470)
|
||||
## MyEID
|
||||
* Add support for unwrapping a secret key with an RSA key or secret key (#1393)
|
||||
* Add support for wrapping a secret key with a secret key (#1393)
|
||||
* Support for MyEID 4K RSA (#1657)
|
||||
* Support for OsEID (#1677).
|
||||
## Gemalto GemSafe
|
||||
* add new PTeID ATRs (#1683)
|
||||
* Add support for 4K RSA keys (#1863, #1872)
|
||||
## OpenPGP
|
||||
* OpenPGP Card v3 ECC support (#1506)
|
||||
## Rutoken
|
||||
* Add Rutoken ECP SC (#1652)
|
||||
* Add Rutoken Lite (#1728)
|
||||
## SC-HSM
|
||||
* Add SmartCard-HSM 4K ATR (#1681)
|
||||
* Add missing secp384r1 curve parameter (#1696)
|
||||
## Starcos
|
||||
* Fixed decipher with 2.3 (#1496)
|
||||
* Added ATR for 2nd gen. eGK (#1668)
|
||||
* Added new ATR for 3.5 (#1882)
|
||||
* Detect and allow Globalplatform PIN encoding (#1882)
|
||||
## TCOS
|
||||
* Fix TCOS IDKey support (#1880)
|
||||
* add encryption certificate for IDKey (#1892)
|
||||
## Infocamere, Postecert, Cnipa
|
||||
* Removed profiles (#1584)
|
||||
## ACS ACOS5
|
||||
* Remove incomplete acos5 driver (#1622).
|
||||
|
||||
# New in 0.19.0; 2018-09-13
|
||||
## General Improvements
|
||||
* fixed multiple security problems (out of bound writes/reads, #1447):
|
||||
|
@ -279,7 +487,7 @@ NEWS for OpenSC -- History of user visible changes
|
|||
* Fixed --id for `C_GenerateKey`, DES and DES3 keygen mechanism (#857)
|
||||
* Added `--derive-pass-der` option
|
||||
* Added `--generate-random` option
|
||||
* Add GOSTR3410 keypair generation
|
||||
* Add GOSTR3410 key pair generation
|
||||
* `npa-tool` (new)
|
||||
* Allows read/write access to EAC tokens
|
||||
* Allows PIN management for EAC tokens
|
||||
|
@ -407,7 +615,7 @@ New in 0.15.0; 2015-05-11
|
|||
allow extended length APDUs
|
||||
accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
|
||||
fixed sc_driver_version check
|
||||
adjusted send/receive size accoriding to card capabilities
|
||||
adjusted send/receive size according to card capabilities
|
||||
in iso7816 make SELECT agnosting to sc_path_t's aid
|
||||
* asn1
|
||||
support multi-bytes tags
|
||||
|
|
24
README.md
24
README.md
|
@ -4,17 +4,23 @@ Wiki is [available online](https://github.com/OpenSC/OpenSC/wiki)
|
|||
|
||||
Please take a look at the documentation before trying to use OpenSC.
|
||||
|
||||
[![Travis CI Build Status](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) [![AppVeyor CI Build Status](https://ci.appveyor.com/api/projects/status/github/OpenSC/OpenSC?branch=master&svg=true)](https://ci.appveyor.com/project/LudovicRousseau/OpenSC/branch/master) [![Coverity Scan Status](https://scan.coverity.com/projects/4026/badge.svg)](https://scan.coverity.com/projects/4026) [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/OpenSC/OpenSC.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/OpenSC/OpenSC/context:cpp) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/opensc.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:opensc)
|
||||
[![Linux build](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml)
|
||||
[![OSX build](https://github.com/OpenSC/OpenSC/actions/workflows/macos.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/macos.yml)
|
||||
[![AppVeyor CI Build Status](https://ci.appveyor.com/api/projects/status/github/OpenSC/OpenSC?branch=master&svg=true)](https://ci.appveyor.com/project/LudovicRousseau/OpenSC/branch/master)
|
||||
[![Coverity Scan Status](https://scan.coverity.com/projects/4026/badge.svg)](https://scan.coverity.com/projects/4026)
|
||||
[![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/OpenSC/OpenSC.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/OpenSC/OpenSC/context:cpp)
|
||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/opensc.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:opensc)
|
||||
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3908/badge)](https://bestpractices.coreinfrastructure.org/projects/3908)
|
||||
|
||||
Build and test status of specific cards:
|
||||
|
||||
| Cards | Status |
|
||||
|---------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
|
||||
| CAC | [![CAC](https://gitlab.com/redhat-crypto/OpenSC/badges/cac/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
|
||||
| [virt_CACard](https://github.com/OpenSC/OpenSC/tree/virt_cacard) | [![virt_CACard](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| [Coolkey](https://github.com/dogtagpki/coolkey/tree/master/applet) | [![Coolkey](https://gitlab.com/redhat-crypto/OpenSC/badges/coolkey/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
|
||||
| [PivApplet](https://github.com/arekinath/PivApplet) | [![PIV](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| [OpenPGP Applet](https://github.com/Yubico/ykneo-openpgp/) | [![OpenPGP](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| [GidsApplet](https://github.com/vletoux/GidsApplet/) | [![GIDS](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| [IsoApplet](https://github.com/philipWendland/IsoApplet/) | [![IsoApplet](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| [OsEID (MyEID)](https://sourceforge.net/projects/oseid/) | [![OsEID (MyEID)](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
|
||||
| CAC | [![CAC](https://gitlab.com/redhat-crypto/OpenSC/badges/cac/pipeline.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
|
||||
| [virt_CACard](https://github.com/Jakuje/virt_cacard) | [![virt_CACard](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
| [Coolkey](https://github.com/dogtagpki/coolkey/tree/master/applet) | [![Coolkey](https://gitlab.com/redhat-crypto/OpenSC/badges/coolkey/pipeline.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
|
||||
| [PivApplet](https://github.com/arekinath/PivApplet) | [![PIV](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
| [OpenPGP Applet](https://github.com/Yubico/ykneo-openpgp/) | [![OpenPGP](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
| [GidsApplet](https://github.com/vletoux/GidsApplet/) | [![GIDS](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
| [IsoApplet](https://github.com/philipWendland/IsoApplet/) | [![IsoApplet](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
| [OsEID (MyEID)](https://sourceforge.net/projects/oseid/) | [![OsEID (MyEID)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml/badge.svg)](https://github.com/OpenSC/OpenSC/actions/workflows/linux.yml) |
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
OpenSC releases are made roughly once a year, unless important security is discovered.
|
||||
|
||||
OpenSC does not release micro updates for previously released versions and does not
|
||||
backport security fixes into them.
|
||||
|
||||
| Version | Supported |
|
||||
| -------- | ------------------ |
|
||||
| 0.20.0 | :white_check_mark: |
|
||||
| < 0.20.0 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discovered security vulnerability in supported version of OpenSC,
|
||||
you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
|
||||
(note, that these issues are public!) or you can send email to any recently active
|
||||
project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
|
||||
jakuje(at)gmail.com .
|
||||
|
||||
You can expect update on the issue no later than in two weeks.
|
59
appveyor.yml
59
appveyor.yml
|
@ -1,4 +1,4 @@
|
|||
version: 0.20.0.{build}
|
||||
version: 0.22.0.{build}
|
||||
|
||||
platform:
|
||||
- x86
|
||||
|
@ -11,10 +11,21 @@ configuration:
|
|||
environment:
|
||||
GH_TOKEN:
|
||||
secure: aLu3tFc7lRJbotnmnHLx/QruIHc5rLaGm1RttoEdy4QILlPXzVkCZ6loYMz0sfrY
|
||||
PATH: C:\cygwin\bin;%PATH%
|
||||
OPENPACE_VER: 1.1.1
|
||||
ZLIB_VER_DOT: 1.2.11
|
||||
matrix:
|
||||
- VSVER: 14
|
||||
- VSVER: 12
|
||||
DO_PUSH_ARTIFACT: yes
|
||||
# not compatible with OpenSSL 1.1.1:
|
||||
# - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2013
|
||||
# VCVARSALL: "%VS120COMNTOOLS%/../../VC/vcvarsall.bat"
|
||||
- APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015
|
||||
VCVARSALL: "%VS140COMNTOOLS%/../../VC/vcvarsall.bat"
|
||||
DO_PUSH_ARTIFACT: yes
|
||||
- APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017
|
||||
VCVARSALL: "%ProgramFiles(x86)%/Microsoft Visual Studio/2017/Community/VC/Auxiliary/Build/vcvarsall.bat"
|
||||
# not compatible with WiX 3.11.2:
|
||||
# - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019
|
||||
# VCVARSALL: "%ProgramFiles(x86)%/Microsoft Visual Studio/2019/Community/VC/Auxiliary/Build/vcvarsall.bat"
|
||||
|
||||
install:
|
||||
- ps: if ($env:APPVEYOR_PULL_REQUEST_NUMBER -and $env:APPVEYOR_BUILD_NUMBER -ne ((Invoke-RestMethod `
|
||||
|
@ -22,26 +33,21 @@ install:
|
|||
Where-Object pullRequestId -eq $env:APPVEYOR_PULL_REQUEST_NUMBER)[0].buildNumber) { `
|
||||
throw "There are newer queued builds for this pull request, failing early." }
|
||||
- date /T & time /T
|
||||
- set PATH=C:\cygwin\bin;%PATH%
|
||||
- set OPENPACE_VER=1.1.0
|
||||
- set ZLIB_VER_DOT=1.2.11
|
||||
- ps: $env:PACKAGE_NAME=(git describe --tags --abbrev=0)
|
||||
- ps: >-
|
||||
If ($env:Platform -Match "x86") {
|
||||
$env:VCVARS_PLATFORM="x86"
|
||||
$env:OPENSSL_PF="Win32"
|
||||
$env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}_win32"
|
||||
} Else {
|
||||
$env:VCVARS_PLATFORM="amd64"
|
||||
$env:OPENSSL_PF="Win64"
|
||||
$env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}_win64"
|
||||
}
|
||||
- ps: >-
|
||||
If ($env:Configuration -Like "*Light*") {
|
||||
$env:ARTIFACT="${env:ARTIFACT}-Light"
|
||||
$env:ARTIFACT+="-Light"
|
||||
} Else {
|
||||
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
|
||||
$env:NMAKE_EXTRA="OPENSSL_EXTRA_CFLAGS=/DOPENSSL_SECURE_MALLOC_SIZE=65536 ${env:NMAKE_EXTRA}"
|
||||
$env:NMAKE_EXTRA+=" OPENSSL_DEF=/DENABLE_OPENSSL OPENSSL_DIR=C:\OpenSSL-v111-${env:OPENSSL_PF}"
|
||||
$env:NMAKE_EXTRA+=" OPENSSL_EXTRA_CFLAGS=/DOPENSSL_SECURE_MALLOC_SIZE=65536"
|
||||
If (!(Test-Path C:\zlib )) {
|
||||
appveyor DownloadFile "https://github.com/madler/zlib/archive/v${env:ZLIB_VER_DOT}.zip" -FileName zlib.zip
|
||||
7z x zlib.zip -oC:\
|
||||
|
@ -53,13 +59,12 @@ install:
|
|||
Rename-Item -path "c:\openpace-${env:OPENPACE_VER}" -newName "openpace"
|
||||
}
|
||||
}
|
||||
If (!(Test-Path cngsdk.msi )) {
|
||||
appveyor DownloadFile "http://download.microsoft.com/download/2/C/9/2C93059C-0532-42DF-8C24-9AEAFF00768E/cngsdk.msi"
|
||||
If (!(Test-Path cpdksetup.exe )) {
|
||||
appveyor DownloadFile "https://download.microsoft.com/download/1/7/6/176909B0-50F2-4DF3-B29B-830A17EA7E38/CPDK_RELEASE_UPDATE/cpdksetup.exe"
|
||||
}
|
||||
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
|
||||
- echo "Using Visual Studio %VSVER%.0 at %VSCOMNTOOLS%"
|
||||
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
|
||||
- cngsdk.msi /quiet
|
||||
- echo "Using %APPVEYOR_BUILD_WORKER_IMAGE% with %VCVARSALL%"
|
||||
- call "%VCVARSALL%" %Platform%
|
||||
- cpdksetup.exe /quiet
|
||||
- uname -a
|
||||
- set
|
||||
|
||||
|
@ -71,21 +76,23 @@ build_script:
|
|||
xcopy C:\zlib C:\zlib-${env:OPENSSL_PF} /e /i /y /s
|
||||
cd C:\zlib-${env:OPENSSL_PF}
|
||||
(Get-Content win32/Makefile.msc).replace('-MD', '-MT') | Set-Content win32/Makefile.msc
|
||||
nmake -f win32/Makefile.msc zlib.lib
|
||||
nmake /nologo -f win32/Makefile.msc zlib.lib
|
||||
}
|
||||
$env:NMAKE_EXTRA="ZLIBSTATIC_DEF=/DENABLE_ZLIB_STATIC ZLIB_INCL_DIR=/IC:\zlib-${env:OPENSSL_PF} ZLIB_LIB=C:\zlib-${env:OPENSSL_PF}\zlib.lib ${env:NMAKE_EXTRA}"
|
||||
$env:NMAKE_EXTRA+=" ZLIBSTATIC_DEF=/DENABLE_ZLIB_STATIC ZLIB_INCL_DIR=/IC:\zlib-${env:OPENSSL_PF} ZLIB_LIB=C:\zlib-${env:OPENSSL_PF}\zlib.lib"
|
||||
If (!(Test-Path -Path "C:\openpace-${env:OPENSSL_PF}" )) {
|
||||
# build libeac.lib as a static library
|
||||
xcopy C:\openpace C:\openpace-${env:OPENSSL_PF} /e /i /y /s
|
||||
cd C:\openpace-${env:OPENSSL_PF}\src
|
||||
# OpenSSL 1.1.0
|
||||
#cl /IC:\OpenSSL-${env:OPENSSL_PF}\include /I. /DX509DIR=\`"/\`" /DCVCDIR=\`"/\`" /W3 /D_CRT_SECURE_NO_DEPRECATE /DWIN32_LEAN_AND_MEAN /GS /MT /DHAVE_ASN1_STRING_GET0_DATA=1 /DHAVE_DECL_OPENSSL_ZALLOC=1 /DHAVE_DH_GET0_KEY=1 /DHAVE_DH_GET0_PQG=1 /DHAVE_DH_SET0_KEY=1 /DHAVE_DH_SET0_PQG=1 /DHAVE_ECDSA_SIG_GET0=1 /DHAVE_ECDSA_SIG_SET0=1 /DHAVE_EC_KEY_METHOD=1 /DHAVE_RSA_GET0_KEY=1 /DHAVE_RSA_SET0_KEY=1 /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
|
||||
#cl /nologo /IC:\OpenSSL-v110-${env:OPENSSL_PF}\include /I. /DX509DIR=\`"/\`" /DCVCDIR=\`"/\`" /W3 /D_CRT_SECURE_NO_DEPRECATE /DWIN32_LEAN_AND_MEAN /GS /MT /DHAVE_ASN1_STRING_GET0_DATA=1 /DHAVE_DECL_OPENSSL_ZALLOC=1 /DHAVE_DH_GET0_KEY=1 /DHAVE_DH_GET0_PQG=1 /DHAVE_DH_SET0_KEY=1 /DHAVE_DH_SET0_PQG=1 /DHAVE_ECDSA_SIG_GET0=1 /DHAVE_ECDSA_SIG_SET0=1 /DHAVE_EC_KEY_METHOD=1 /DHAVE_RSA_GET0_KEY=1 /DHAVE_RSA_SET0_KEY=1 /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
|
||||
# OpenSSL 1.1.1
|
||||
cl /nologo /IC:\OpenSSL-v111-${env:OPENSSL_PF}\include /I. /DX509DIR=\`"/\`" /DCVCDIR=\`"/\`" /W3 /D_CRT_SECURE_NO_DEPRECATE /DWIN32_LEAN_AND_MEAN /GS /MT /DHAVE_ASN1_STRING_GET0_DATA=1 /DHAVE_DECL_OPENSSL_ZALLOC=1 /DHAVE_DH_GET0_KEY=1 /DHAVE_DH_GET0_PQG=1 /DHAVE_DH_SET0_KEY=1 /DHAVE_DH_SET0_PQG=1 /DHAVE_ECDSA_SIG_GET0=1 /DHAVE_ECDSA_SIG_SET0=1 /DHAVE_EC_KEY_METHOD=1 /DHAVE_RSA_GET0_KEY=1 /DHAVE_RSA_SET0_KEY=1 /DHAVE_EC_POINT_GET_AFFINE_COORDINATES=1 /DHAVE_EC_POINT_SET_AFFINE_COORDINATES=1 /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
|
||||
# OpenSSL 1.0.2
|
||||
cl /IC:\OpenSSL-${env:OPENSSL_PF}\include /I. /DX509DIR=\`"/\`" /DCVCDIR=\`"/\`" /W3 /D_CRT_SECURE_NO_DEPRECATE /DWIN32_LEAN_AND_MEAN /GS /MT /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
|
||||
lib /out:libeac.lib ca_lib.obj cv_cert.obj cvc_lookup.obj x509_lookup.obj eac_asn1.obj eac.obj eac_ca.obj eac_dh.obj eac_ecdh.obj eac_kdf.obj eac_lib.obj eac_print.obj eac_util.obj misc.obj pace.obj pace_lib.obj pace_mappings.obj ri.obj ri_lib.obj ta.obj ta_lib.obj objects.obj ssl_compat.obj
|
||||
#cl /nologo /IC:\OpenSSL-${env:OPENSSL_PF}\include /I. /DX509DIR=\`"/\`" /DCVCDIR=\`"/\`" /W3 /D_CRT_SECURE_NO_DEPRECATE /DWIN32_LEAN_AND_MEAN /GS /MT /c ca_lib.c cv_cert.c cvc_lookup.c x509_lookup.c eac_asn1.c eac.c eac_ca.c eac_dh.c eac_ecdh.c eac_kdf.c eac_lib.c eac_print.c eac_util.c misc.c pace.c pace_lib.c pace_mappings.c ri.c ri_lib.c ta.c ta_lib.c objects.c ssl_compat.c
|
||||
lib /nologo /out:libeac.lib ca_lib.obj cv_cert.obj cvc_lookup.obj x509_lookup.obj eac_asn1.obj eac.obj eac_ca.obj eac_dh.obj eac_ecdh.obj eac_kdf.obj eac_lib.obj eac_print.obj eac_util.obj misc.obj pace.obj pace_lib.obj pace_mappings.obj ri.obj ri_lib.obj ta.obj ta_lib.obj objects.obj ssl_compat.obj
|
||||
cd C:\projects\OpenSC
|
||||
}
|
||||
$env:NMAKE_EXTRA="OPENPACE_DEF=/DENABLE_OPENPACE OPENPACE_DIR=C:\openpace-${env:OPENSSL_PF} ${env:NMAKE_EXTRA}"
|
||||
$env:NMAKE_EXTRA+=" OPENPACE_DEF=/DENABLE_OPENPACE OPENPACE_DIR=C:\openpace-${env:OPENSSL_PF}"
|
||||
}
|
||||
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" == \"master\" -a -z \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap; fi"
|
||||
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" == \"master\" -a -n \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap.ci -s \"-pr$APPVEYOR_PULL_REQUEST_NUMBER\"; fi"
|
||||
|
@ -95,7 +102,7 @@ build_script:
|
|||
- bash -c "exec 0</dev/null && ./configure --with-cygwin-native --disable-openssl --disable-readline --disable-zlib || cat config.log"
|
||||
- bash -c "exec 0</dev/null && rm src/getopt.h"
|
||||
- nmake /f Makefile.mak %NMAKE_EXTRA%
|
||||
- cd win32 && nmake /f Makefile.mak %NMAKE_EXTRA% VSVER=%VSVER% OpenSC.msi && cd ..
|
||||
- cd win32 && nmake /nologo /f Makefile.mak %NMAKE_EXTRA% OpenSC.msi && cd ..
|
||||
- move win32\OpenSC.msi %ARTIFACT%.msi
|
||||
# put all pdb files for dump analysis, but this consumes approx 100 MB per build
|
||||
- md %ARTIFACT%-Debug
|
||||
|
@ -119,4 +126,4 @@ cache:
|
|||
- C:\openpace -> appveyor.yml
|
||||
- C:\openpace-Win32 -> appveyor.yml
|
||||
- C:\openpace-Win64 -> appveyor.yml
|
||||
- cngsdk.msi -> appveyor.yml
|
||||
- cpdksetup.exe -> appveyor.yml
|
||||
|
|
61
configure.ac
61
configure.ac
|
@ -1,13 +1,13 @@
|
|||
dnl -*- mode: m4; -*-
|
||||
|
||||
AC_PREREQ(2.60)
|
||||
AC_PREREQ(2.68)
|
||||
|
||||
define([PRODUCT_NAME], [OpenSC])
|
||||
define([PRODUCT_TARNAME], [opensc])
|
||||
define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
|
||||
define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
|
||||
define([PACKAGE_VERSION_MAJOR], [0])
|
||||
define([PACKAGE_VERSION_MINOR], [20])
|
||||
define([PACKAGE_VERSION_MINOR], [22])
|
||||
define([PACKAGE_VERSION_FIX], [0])
|
||||
define([PACKAGE_SUFFIX], [])
|
||||
|
||||
|
@ -21,11 +21,13 @@ define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
|
|||
|
||||
m4_sinclude(version.m4.ci)
|
||||
|
||||
m4_define([openssl_minimum_version], [1.0.1])
|
||||
|
||||
AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL])
|
||||
AC_CONFIG_AUX_DIR([.])
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AM_INIT_AUTOMAKE(foreign 1.10)
|
||||
AM_INIT_AUTOMAKE(foreign 1.10 [subdir-objects])
|
||||
|
||||
OPENSC_VERSION_MAJOR="PACKAGE_VERSION_MAJOR"
|
||||
OPENSC_VERSION_MINOR="PACKAGE_VERSION_MINOR"
|
||||
|
@ -41,10 +43,10 @@ OPENSC_VS_FF_PRODUCT_URL="VS_FF_PRODUCT_URL"
|
|||
|
||||
# LT Version numbers, remember to change them just *before* a release.
|
||||
# (Code changed: REVISION++)
|
||||
# (Oldest interface removed: OLDEST++)
|
||||
# (Oldest interface changed/removed: OLDEST++)
|
||||
# (Interfaces added: CURRENT++, REVISION=0)
|
||||
OPENSC_LT_CURRENT="6"
|
||||
OPENSC_LT_OLDEST="6"
|
||||
OPENSC_LT_CURRENT="8"
|
||||
OPENSC_LT_OLDEST="8"
|
||||
OPENSC_LT_REVISION="0"
|
||||
OPENSC_LT_AGE="0"
|
||||
OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
|
||||
|
@ -77,7 +79,7 @@ AC_ARG_WITH(
|
|||
)
|
||||
|
||||
if test "${enable_optimization}" = "no"; then
|
||||
CFLAGS="-O0 -g"
|
||||
CFLAGS="${CFLAGS} -O0 -g"
|
||||
fi
|
||||
|
||||
dnl Check for some target-specific stuff
|
||||
|
@ -129,12 +131,14 @@ case "${host}" in
|
|||
;;
|
||||
esac
|
||||
|
||||
AX_CHECK_COMPILE_FLAG([-Wunknown-warning-option], [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"], [-Werror])
|
||||
AX_CODE_COVERAGE()
|
||||
|
||||
AX_CHECK_COMPILE_FLAG([-Wunknown-warning-option], [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"])
|
||||
AM_CONDITIONAL([HAVE_UNKNOWN_WARNING_OPTION], [test "${have_unknown_warning_option}" = "yes"])
|
||||
|
||||
AC_ARG_ENABLE(
|
||||
[fuzzing],
|
||||
[AS_HELP_STRING([--enable-fuzzing],[enable compile of fuzzing tests @<:@disabled@:>@, note that CFLAGS and FUZZING_LIBS should be set accoringly, e.g. to something like CFLAGS="-fsanitize=address,fuzzer" FUZZING_LIBS="-fsanitize=fuzzer"])],
|
||||
[AS_HELP_STRING([--enable-fuzzing],[enable compile of fuzzing tests @<:@disabled@:>@, note that CFLAGS and FUZZING_LIBS should be set accordingly, e.g. to something like CFLAGS="-fsanitize=address,fuzzer" FUZZING_LIBS="-fsanitize=fuzzer"])],
|
||||
,
|
||||
[enable_fuzzing="no"]
|
||||
)
|
||||
|
@ -184,7 +188,7 @@ AC_ARG_ENABLE(
|
|||
)
|
||||
|
||||
AC_ARG_ENABLE([openssl-secure-malloc],
|
||||
[AC_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
|
||||
[AS_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
|
||||
[Enable OpenSSL secure memory by specifying its size in bytes, must be a power of 2 @<:@disabled@:>@])],
|
||||
[], [enable_openssl_secure_malloc=no])
|
||||
AS_IF([test $enable_openssl_secure_malloc != no],
|
||||
|
@ -390,20 +394,19 @@ dnl C Compiler features
|
|||
AC_C_INLINE
|
||||
|
||||
dnl Checks for header files.
|
||||
AC_HEADER_STDC
|
||||
AC_HEADER_SYS_WAIT
|
||||
AC_HEADER_ASSERT
|
||||
AC_CHECK_HEADERS([ \
|
||||
errno.h fcntl.h stdlib.h \
|
||||
inttypes.h string.h strings.h \
|
||||
sys/time.h unistd.h sys/mman.h
|
||||
sys/time.h unistd.h sys/mman.h \
|
||||
sys/endian.h endian.h
|
||||
])
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
AC_TYPE_UID_T
|
||||
AC_TYPE_SIZE_T
|
||||
AC_HEADER_TIME
|
||||
|
||||
dnl Checks for library functions.
|
||||
AC_FUNC_ERROR_AT_LINE
|
||||
|
@ -411,9 +414,22 @@ AC_FUNC_STAT
|
|||
AC_FUNC_VPRINTF
|
||||
AC_CHECK_FUNCS([ \
|
||||
getpass gettimeofday getline memset mkdir \
|
||||
strdup strerror \
|
||||
strlcpy strlcat strnlen sigaction
|
||||
strdup strerror memset_s explicit_bzero \
|
||||
strnlen sigaction
|
||||
])
|
||||
|
||||
# Do not check for strlcpy and strlcat in Linux because it is not implemented
|
||||
# and autotools can not detect it in AC_CHECK_DECLS because build does not fail
|
||||
# in this test.
|
||||
# https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22192
|
||||
case "${host_os}" in
|
||||
linux*)
|
||||
;;
|
||||
*)
|
||||
AC_CHECK_DECLS([strlcpy, strlcat], [], [], [[#include <string.h>]])
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_CHECK_SIZEOF(void *)
|
||||
if test "${ac_cv_sizeof_void_p}" = 8; then
|
||||
LIBRARY_BITNESS="64"
|
||||
|
@ -632,7 +648,7 @@ fi
|
|||
|
||||
PKG_CHECK_MODULES(
|
||||
[OPENSSL],
|
||||
[libcrypto >= 0.9.8],
|
||||
[libcrypto >= openssl_minimum_version],
|
||||
[have_openssl="yes"],
|
||||
[AC_CHECK_LIB(
|
||||
[crypto],
|
||||
|
@ -711,7 +727,7 @@ LIBS="$saved_LIBS"
|
|||
|
||||
|
||||
AC_ARG_ENABLE(cvcdir,
|
||||
AC_HELP_STRING([--enable-cvcdir=DIR],
|
||||
AS_HELP_STRING([--enable-cvcdir=DIR],
|
||||
[directory containing CV certificates (default is determined by libeac)]),
|
||||
[cvcdir="${enableval}"],
|
||||
[cvcdir=false])
|
||||
|
@ -733,7 +749,7 @@ AC_SUBST(CVCDIR)
|
|||
AC_DEFINE_UNQUOTED([CVCDIR], ["${CVCDIR}"], [CVC directory])
|
||||
|
||||
AC_ARG_ENABLE(x509dir,
|
||||
AC_HELP_STRING([--enable-x509dir=DIR],
|
||||
AS_HELP_STRING([--enable-x509dir=DIR],
|
||||
[directory containing X.509 certificates (default is determined by libeac)]),
|
||||
[x509dir="${enableval}"],
|
||||
[x509dir=false])
|
||||
|
@ -935,6 +951,7 @@ AC_PATH_PROG(GENGETOPT, gengetopt, not found)
|
|||
AC_ARG_VAR([CLANGTIDY],
|
||||
[absolute path to clang-tidy used for static code analysis])
|
||||
AC_PATH_PROG(CLANGTIDY, clang-tidy, not found)
|
||||
TIDY_CHECKS="-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling"
|
||||
|
||||
AX_FUNC_GETOPT_LONG
|
||||
#AH_BOTTOM([#include "common/compat_getopt.h"])
|
||||
|
@ -1042,6 +1059,7 @@ AC_SUBST([PROFILE_DIR])
|
|||
AC_SUBST([PROFILE_DIR_DEFAULT])
|
||||
AC_SUBST([OPTIONAL_NOTIFY_CFLAGS])
|
||||
AC_SUBST([OPTIONAL_NOTIFY_LIBS])
|
||||
AC_SUBST([TIDY_CHECKS])
|
||||
|
||||
AM_CONDITIONAL([ENABLE_MAN], [test "${enable_man}" = "yes"])
|
||||
AM_CONDITIONAL([ENABLE_THREAD_LOCKING], [test "${enable_thread_locking}" = "yes"])
|
||||
|
@ -1068,10 +1086,10 @@ AS_IF([test "${enable_shared}" = "yes"], [AC_DEFINE([ENABLE_SHARED], [1], [Enabl
|
|||
|
||||
if test "${enable_pedantic}" = "yes"; then
|
||||
enable_strict="yes";
|
||||
CFLAGS="${CFLAGS} -pedantic"
|
||||
CFLAGS="-pedantic ${CFLAGS}"
|
||||
fi
|
||||
if test "${enable_strict}" = "yes"; then
|
||||
CFLAGS="${CFLAGS} -Wall -Wextra -Wno-unused-parameter -Werror"
|
||||
CFLAGS="-Wall -Wextra -Wno-unused-parameter -Werror -Wstrict-aliasing=2 ${CFLAGS}"
|
||||
fi
|
||||
|
||||
AC_CONFIG_FILES([
|
||||
|
@ -1096,6 +1114,7 @@ AC_CONFIG_FILES([
|
|||
src/tests/regression/Makefile
|
||||
src/tests/p11test/Makefile
|
||||
src/tests/fuzzing/Makefile
|
||||
src/tests/unittests/Makefile
|
||||
src/tools/Makefile
|
||||
src/tools/versioninfo-tools.rc
|
||||
src/tools/versioninfo-opensc-notify.rc
|
||||
|
@ -1111,7 +1130,6 @@ AC_CONFIG_FILES([
|
|||
win32/OpenSC.wxs
|
||||
MacOSX/Makefile
|
||||
MacOSX/build-package
|
||||
MacOSX/build-package-from-ci
|
||||
MacOSX/Distribution.xml
|
||||
MacOSX/resources/Welcome.html
|
||||
])
|
||||
|
@ -1158,6 +1176,7 @@ SM default module: ${DEFAULT_SM_MODULE}
|
|||
SM default path: $(eval eval eval echo "${DEFAULT_SM_MODULE_PATH}")
|
||||
DNIe UI support: ${enable_dnie_ui}
|
||||
Notification support: ${enable_notify}
|
||||
Code coverage: ${enable_code_coverage}
|
||||
|
||||
PC/SC default provider: ${DEFAULT_PCSC_PROVIDER}
|
||||
PKCS11 default provider: $(eval eval eval echo "${DEFAULT_PKCS11_PROVIDER}")
|
||||
|
|
|
@ -10,7 +10,7 @@ man5_MANS = pkcs15-profile.5 opensc.conf.5
|
|||
endif
|
||||
|
||||
opensc.conf.5.xml opensc.conf.5: $(srcdir)/opensc.conf.5.xml.in
|
||||
sed \
|
||||
@sed \
|
||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
|
||||
-e 's|@docdir[@]|$(docdir)|g' \
|
||||
-e 's|@libdir[@]|$(libdir)|g' \
|
||||
|
@ -19,14 +19,14 @@ opensc.conf.5.xml opensc.conf.5: $(srcdir)/opensc.conf.5.xml.in
|
|||
-e 's|@PROFILE_DIR_DEFAULT[@]|$(PROFILE_DIR_DEFAULT)|g' \
|
||||
-e 's|@DEFAULT_SM_MODULE[@]|$(DEFAULT_SM_MODULE)|g' \
|
||||
< $< > opensc.conf.5.xml
|
||||
$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl opensc.conf.5.xml
|
||||
$(AM_V_GEN)$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl opensc.conf.5.xml 2>/dev/null
|
||||
|
||||
files.html: $(srcdir)/files.xml $(wildcard $(srcdir)/*.5.xml) opensc.conf.5.xml
|
||||
$(XSLTPROC) --nonet --path "$(builddir):$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $<
|
||||
$(AM_V_GEN)$(XSLTPROC) --nonet --path "$(builddir):$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $< 2>/dev/null
|
||||
|
||||
%.5: $(srcdir)/%.5.xml
|
||||
sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \
|
||||
| $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $<
|
||||
$(AM_V_GEN)sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \
|
||||
| $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< 2>/dev/null
|
||||
|
||||
clean-local:
|
||||
-rm -rf $(html_DATA) $(man5_MANS) opensc.conf.5.xml
|
||||
|
|
|
@ -43,7 +43,7 @@ span.errortext {
|
|||
font-style: italic;
|
||||
}
|
||||
|
||||
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="idm1"></a>OpenSC Manual Pages: Section 5</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#opensc.conf">opensc.conf</a></span><span class="refpurpose"> — configuration file for OpenSC</span></dt><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="opensc.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc.conf — configuration file for OpenSC</p></div><div class="refsect1"><a name="idm13"></a><h2>Description</h2><p>
|
||||
--></style></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="id-1"></a>OpenSC Manual Pages: Section 5</h1></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="refentrytitle"><a href="#opensc.conf">opensc.conf</a></span><span class="refpurpose"> — configuration file for OpenSC</span></dt><dt><span class="refentrytitle"><a href="#pkcs15-profile">pkcs15-profile</a></span><span class="refpurpose"> — format of profile for <span class="command"><strong>pkcs15-init</strong></span></span></dt></dl></div><div class="refentry"><a name="opensc.conf"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>opensc.conf — configuration file for OpenSC</p></div><div class="refsect1"><a name="id-1.2.3"></a><h2>Description</h2><p>
|
||||
OpenSC obtains configuration data from the following sources in the following order
|
||||
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><p>
|
||||
command-line options
|
||||
|
@ -122,7 +122,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="literal">westcos-tool</code>:
|
||||
Configuration block for OpenSC tools
|
||||
</p></li></ul></div><p>
|
||||
</p></div><div class="refsect1"><a name="idm103"></a><h2>Configuration Options</h2><div class="variablelist"><dl class="variablelist"><dt><a name="debug"></a><span class="term">
|
||||
</p></div><div class="refsect1"><a name="id-1.2.4"></a><h2>Configuration Options</h2><div class="variablelist"><dl class="variablelist"><dt><a name="debug"></a><span class="term">
|
||||
<code class="option">debug = <em class="replaceable"><code>num</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
Amount of debug info to print (Default:
|
||||
|
@ -153,6 +153,12 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="filename">Software\OpenSC
|
||||
Project\OpenSC\ProfileDir</code> is
|
||||
checked.
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">disable_colors = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
Disable colors of log messages (Default:
|
||||
<code class="literal">false</code> if attached to a console,
|
||||
<code class="literal">true</code> otherwise).
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">disable_popups = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
|
@ -176,7 +182,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
default) will load all statically linked drivers.
|
||||
</p><p>
|
||||
If an unknown (i.e. not internal or old) driver is
|
||||
supplied, a separate configuration configuration
|
||||
supplied, a separate configuration
|
||||
block has to be written for the driver. A special
|
||||
value <code class="literal">old</code> will load all
|
||||
statically linked drivers that may be removed in
|
||||
|
@ -227,6 +233,10 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="literal">npa</code>: See <a class="xref" href="#npa" title="Configuration Options for German ID Card">the section called “Configuration Options for German ID Card”</a>
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="literal">dnie</code>: See <a class="xref" href="#dnie" title="Configuration Options for DNIe">the section called “Configuration Options for DNIe”</a>
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="literal">edo</code>: See <a class="xref" href="#edo" title="Configuration Options for Polish eID Card">the section called “Configuration Options for Polish eID Card”</a>
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="literal">myeid</code>: See <a class="xref" href="#myeid" title="Configuration Options for MyEID Card">the section called “Configuration Options for MyEID Card”</a>
|
||||
</p></li><li class="listitem"><p>
|
||||
Any other value: Configuration block for an externally loaded card driver
|
||||
</p></li></ul></div><p>
|
||||
|
@ -332,7 +342,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
Parameters for the OpenSC PKCS11 module.
|
||||
</p><p>
|
||||
For details see <a class="xref" href="#pkcs11" title="Configuration of PKCS#11">the section called “Configuration of PKCS#11”</a>.
|
||||
</p></dd></dl></div><div class="refsect2"><a name="reader_driver"></a><h3>Configuration of Smart Card Reader Driver</h3><div class="refsect3"><a name="idm330"></a><h4>Configuration Options for all Reader Drivers</h4><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
</p></dd></dl></div><div class="refsect2"><a name="reader_driver"></a><h3>Configuration of Smart Card Reader Driver</h3><div class="refsect3"><a name="id-1.2.4.3.2"></a><h4>Configuration Options for all Reader Drivers</h4><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">max_send_size = <em class="replaceable"><code>num</code></em>;</code>
|
||||
<code class="option">max_recv_size = <em class="replaceable"><code>num</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
|
@ -429,7 +439,27 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="option">readers = <em class="replaceable"><code>num</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
Virtual readers to allocate (Default: <code class="literal">2</code>).
|
||||
</p></dd></dl></div></div></div><div class="refsect2"><a name="npa"></a><h3>Configuration Options for German ID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
</p></dd></dl></div></div></div><div class="refsect2"><a name="myeid"></a><h3>Configuration Options for MyEID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">disable_hw_pkcs1_padding = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
The MyEID card can internally
|
||||
encapsulate the data (hash code)
|
||||
into a DigestInfo ASN.1 structure
|
||||
according to the selected hash
|
||||
algorithm (currently only for SHA1).
|
||||
DigestInfo is padded to RSA key
|
||||
modulus length according to PKCS#1
|
||||
v1.5, block type 01h. Size of the
|
||||
DigestInfo must not exceed 40%
|
||||
of the RSA key modulus length. If
|
||||
this limit is unsatisfactory (for
|
||||
example someone needs RSA 1024
|
||||
with SHA512), the user can disable
|
||||
this feature. In this case, the
|
||||
card driver will do everything
|
||||
necessary before sending the data
|
||||
(hash code) to the card.
|
||||
</p></dd></dl></div></div><div class="refsect2"><a name="npa"></a><h3>Configuration Options for German ID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">can = <em class="replaceable"><code>value</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
German ID card requires the CAN to
|
||||
|
@ -453,7 +483,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
itself as signature terminal (ST).
|
||||
We usually will use the reader's
|
||||
capability to sign the data.
|
||||
However, during developement you
|
||||
However, during development you
|
||||
may specify soft certificates and
|
||||
keys for a ST.
|
||||
</p><p>
|
||||
|
@ -478,6 +508,16 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="literal">/usr/bin/pinentry</code>).
|
||||
Only used if compiled with
|
||||
<code class="option">--enable-dnie-ui</code>
|
||||
</p></dd></dl></div></div><div class="refsect2"><a name="edo"></a><h3>Configuration Options for Polish eID Card</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">can = <em class="replaceable"><code>value</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
CAN (Card Access Number – 6 digit number
|
||||
printed on the right bottom corner of the
|
||||
front side of the document) is required
|
||||
to establish connection with the card.
|
||||
It might be overwritten by <code class="literal">EDO_CAN</code>
|
||||
environment variable. Currently, it is not
|
||||
possible to set it in any other way.
|
||||
</p></dd></dl></div></div><div class="refsect2"><a name="card_atr"></a><h3>Configuration based on ATR</h3><p>
|
||||
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">atrmask = <em class="replaceable"><code>hexstring</code></em>;</code>
|
||||
|
@ -554,10 +594,10 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="literal">raw</code>
|
||||
</p></li></ul></div><p>
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">md_read_only = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
<code class="option">read_only = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
Mark card as read/only card in
|
||||
Minidriver/BaseCSP interface
|
||||
PKCS#11/Minidriver/BaseCSP interface
|
||||
(Default: <code class="literal">false</code>).
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">md_supports_X509_enrollment = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
|
@ -724,9 +764,11 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
</span></dt><dd><p>
|
||||
Where to cache the card's files. The default values are:
|
||||
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
|
||||
<code class="filename"><code class="envar">HOME</code>/.eid/cache/</code> (Unix)
|
||||
<code class="filename"><code class="envar">$XDG_CACHE_HOME</code>/opensc/</code> (If <code class="envar">$XDG_CACHE_HOME</code> is defined)
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="filename"><code class="envar">USERPROFILE</code>\.eid-cache\</code> (Windows)
|
||||
<code class="filename"><code class="envar">$HOME</code>/.cache/opensc/</code> (Unix)
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="filename"><code class="envar">$USERPROFILE</code>\.eid-cache\</code> (Windows)
|
||||
</p></li></ul></div><p>
|
||||
</p><p>
|
||||
If caching is done by a system process, the
|
||||
|
@ -753,6 +795,26 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="literal">CKA_ALWAYS_AUTHENTICATE</code> may
|
||||
need to set this to get signatures to work with
|
||||
some cards (Default: <code class="literal">false</code>).
|
||||
</p><p>
|
||||
It is recommended to enable also PIN caching using
|
||||
<code class="literal">use_pin_caching</code> option for OpenSC
|
||||
to be able to provide PIN for the card when needed.
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">private_certificate = <em class="replaceable"><code>value</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
How to handle a PIN-protected certificate. Known
|
||||
parameters:
|
||||
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
|
||||
<code class="literal">protect</code>: The certificate stays PIN-protected.
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="literal">declassify</code>: Allow
|
||||
reading the certificate without
|
||||
enforcing verification of the PIN.
|
||||
</p></li><li class="listitem"><p>
|
||||
<code class="literal">ignore</code>: Ignore PIN-protected certificates.
|
||||
</p></li></ul></div><p>
|
||||
(Default: <code class="literal">ignore</code> in Tokend,
|
||||
<code class="literal">protect</code> otherwise).
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">enable_pkcs15_emulation = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
|
@ -775,7 +837,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="option">builtin_emulators = <em class="replaceable"><code>emulators</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
List of the builtin pkcs15 emulators to test
|
||||
(Default: <code class="literal">westcos, openpgp,
|
||||
(Default: <code class="literal">westcos, openpgp,
|
||||
starcert, tcos, esteid, itacns,
|
||||
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
|
||||
atrust-acos, tccardos, entersafe, pteid,
|
||||
|
@ -854,13 +916,6 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
Score for <span class="application">OpenSC.tokend</span>
|
||||
(Default: <code class="literal">300</code>). The tokend with
|
||||
the highest score shall be used.
|
||||
</p></dd><dt><span class="term">
|
||||
<code class="option">ignore_private_certificate = <em class="replaceable"><code>bool</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
Tokend ignore to read PIN protected certificate
|
||||
that is set
|
||||
<code class="literal">SC_PKCS15_CO_FLAG_PRIVATE</code> flag
|
||||
(Default: <code class="literal">true</code>).
|
||||
</p></dd></dl></div></div><div class="refsect2"><a name="pkcs11"></a><h3>Configuration of PKCS#11</h3><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="option">max_virtual_slots = <em class="replaceable"><code>num</code></em>;</code>
|
||||
</span></dt><dd><p>
|
||||
|
@ -1020,7 +1075,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
For the module to simulate the opensc-onepin module
|
||||
behavior the following option
|
||||
<code class="option">create_slots_for_pins = "user";</code>
|
||||
</p></dd></dl></div></div></div><div class="refsect1"><a name="idm971"></a><h2>Environment</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
</p></dd></dl></div></div></div><div class="refsect1"><a name="id-1.2.5"></a><h2>Environment</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="envar">OPENSC_CONF</code>
|
||||
</span></dt><dd><p>
|
||||
Filename for a user defined configuration file
|
||||
|
@ -1063,7 +1118,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
</span></dt><dd><p>
|
||||
PIV configuration during initialization with
|
||||
<span class="application">piv-tool</span>.
|
||||
</p></dd></dl></div></div><div class="refsect1"><a name="idm1012"></a><h2>Files</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
</p></dd></dl></div></div><div class="refsect1"><a name="id-1.2.6"></a><h2>Files</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">
|
||||
<code class="filename">/usr/etc/opensc.conf</code>
|
||||
</span></dt><dd><p>
|
||||
System-wide configuration file
|
||||
|
@ -1071,7 +1126,7 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
<code class="filename">/usr/share/doc/opensc/opensc.conf</code>
|
||||
</span></dt><dd><p>
|
||||
Extended example configuration file
|
||||
</p></dd></dl></div></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="idm1036"></a><h2>Description</h2><p>
|
||||
</p></dd></dl></div></div></div><div class="refentry"><div class="refentry.separator"><hr></div><a name="pkcs15-profile"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pkcs15-profile — format of profile for <span class="command"><strong>pkcs15-init</strong></span></p></div><div class="refsect1"><a name="id-1.3.3"></a><h2>Description</h2><p>
|
||||
The <span class="command"><strong>pkcs15-init</strong></span> utility for PKCS #15 smart card
|
||||
personalization is controlled via profiles. When starting, it will read two
|
||||
such profiles at the moment, a generic application profile, and a card
|
||||
|
@ -1087,10 +1142,10 @@ app <em class="replaceable"><code>application</code></em> {
|
|||
The card specific profile contains additional information required during
|
||||
card initialization, such as location of PIN files, key references etc.
|
||||
Profiles currently reside in <code class="filename">@pkgdatadir@</code>
|
||||
</p></div><div class="refsect1"><a name="idm1044"></a><h2>Syntax</h2><p>
|
||||
</p></div><div class="refsect1"><a name="id-1.3.4"></a><h2>Syntax</h2><p>
|
||||
This section should contain information about the profile syntax. Will add
|
||||
this soonishly.
|
||||
</p></div><div class="refsect1"><a name="idm1047"></a><h2>See also</h2><p>
|
||||
</p></div><div class="refsect1"><a name="id-1.3.5"></a><h2>See also</h2><p>
|
||||
<span class="citerefentry"><span class="refentrytitle">pkcs15-init</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">pkcs15-crypt</span>(1)</span>
|
||||
</p></div></div></div></body></html>
|
||||
|
|
|
@ -293,6 +293,12 @@ app <replaceable>application</replaceable> {
|
|||
<listitem><para>
|
||||
<literal>dnie</literal>: See <xref linkend="dnie"/>
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>edo</literal>: See <xref linkend="edo"/>
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>myeid</literal>: See <xref linkend="myeid"/>
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
Any other value: Configuration block for an externally loaded card driver
|
||||
</para></listitem>
|
||||
|
@ -636,6 +642,37 @@ app <replaceable>application</replaceable> {
|
|||
|
||||
</refsect2>
|
||||
|
||||
<refsect2 id="myeid">
|
||||
<title>Configuration Options for MyEID Card</title>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>disable_hw_pkcs1_padding = <replaceable>bool</replaceable>;</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
The MyEID card can internally
|
||||
encapsulate the data (hash code)
|
||||
into a DigestInfo ASN.1 structure
|
||||
according to the selected hash
|
||||
algorithm (currently only for SHA1).
|
||||
DigestInfo is padded to RSA key
|
||||
modulus length according to PKCS#1
|
||||
v1.5, block type 01h. Size of the
|
||||
DigestInfo must not exceed 40%
|
||||
of the RSA key modulus length. If
|
||||
this limit is unsatisfactory (for
|
||||
example someone needs RSA 1024
|
||||
with SHA512), the user can disable
|
||||
this feature. In this case, the
|
||||
card driver will do everything
|
||||
necessary before sending the data
|
||||
(hash code) to the card.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
<refsect2 id="npa">
|
||||
<title>Configuration Options for German ID Card</title>
|
||||
<variablelist>
|
||||
|
@ -669,7 +706,7 @@ app <replaceable>application</replaceable> {
|
|||
itself as signature terminal (ST).
|
||||
We usually will use the reader's
|
||||
capability to sign the data.
|
||||
However, during developement you
|
||||
However, during development you
|
||||
may specify soft certificates and
|
||||
keys for a ST.
|
||||
</para>
|
||||
|
@ -715,6 +752,26 @@ app <replaceable>application</replaceable> {
|
|||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
<refsect2 id="edo">
|
||||
<title>Configuration Options for Polish eID Card</title>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>can = <replaceable>value</replaceable>;</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
CAN (Card Access Number – 6 digit number
|
||||
printed on the right bottom corner of the
|
||||
front side of the document) is required
|
||||
to establish connection with the card.
|
||||
It might be overwritten by <literal>EDO_CAN</literal>
|
||||
environment variable. Currently, it is not
|
||||
possible to set it in any other way.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
|
||||
<refsect2 id="card_atr">
|
||||
<title>Configuration based on ATR</title>
|
||||
<para>
|
||||
|
@ -1093,12 +1150,17 @@ app <replaceable>application</replaceable> {
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<filename><envar>HOME</envar>/.eid/cache/</filename> (Unix)
|
||||
<filename><envar>$XDG_CACHE_HOME</envar>/opensc/</filename> (If <envar>$XDG_CACHE_HOME</envar> is defined)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<filename><envar>USERPROFILE</envar>\.eid-cache\</filename> (Windows)
|
||||
<filename><envar>$HOME</envar>/.cache/opensc/</filename> (Unix)
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<filename><envar>$USERPROFILE</envar>\.eid-cache\</filename> (Windows)
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
@ -1140,6 +1202,11 @@ app <replaceable>application</replaceable> {
|
|||
<literal>CKA_ALWAYS_AUTHENTICATE</literal> may
|
||||
need to set this to get signatures to work with
|
||||
some cards (Default: <literal>false</literal>).
|
||||
</para>
|
||||
<para>
|
||||
It is recommended to enable also PIN caching using
|
||||
<literal>use_pin_caching</literal> option for OpenSC
|
||||
to be able to provide PIN for the card when needed.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
|
|
@ -14,15 +14,14 @@ endif
|
|||
completion_DATA = $(patsubst $(srcdir)/%.1.xml, %, $(wildcard $(srcdir)/*.1.xml))
|
||||
|
||||
tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml)
|
||||
$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $<
|
||||
$(AM_V_GEN)$(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/html" --xinclude -o $@ html.xsl $< 2>/dev/null
|
||||
|
||||
%.1: $(srcdir)/%.1.xml
|
||||
sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \
|
||||
| $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $<
|
||||
$(AM_V_GEN)sed -e 's|@pkgdatadir[@]|$(pkgdatadir)|g' < $< \
|
||||
| $(XSLTPROC) --nonet --path "$(srcdir)/..:$(xslstylesheetsdir)/manpages" --xinclude -o $@ man.xsl $< 2>/dev/null
|
||||
|
||||
%: $(srcdir)/%.1.xml
|
||||
@echo $< $@
|
||||
@cat $(srcdir)/completion-template \
|
||||
$(AM_V_GEN)cat $(srcdir)/completion-template \
|
||||
| sed "s,ALLOPTS,\
|
||||
$(shell sed -n 's,.*<option>\([^<]*\)</option>.*,\1,pg' $< \
|
||||
| sort -u | grep -- '^\-' | tr '\n' ' ')," \
|
||||
|
@ -32,6 +31,9 @@ tools.html: $(srcdir)/tools.xml $(wildcard $(srcdir)/*.1.xml)
|
|||
| sed "s,FILEOPTS,\
|
||||
$(shell sed -n 's,.*<option>\([^<]*\)</option>.*<replaceable>.*filename.*,\1,pg' $< \
|
||||
| sort -u | grep -- '^\-' | tr '\n' '|' | sed 's,|$$,,' | grep ^ || echo "!*")," \
|
||||
| sed "s,PINOPTS,\
|
||||
$(shell sed -En 's,.*<option>([^<]*)</option>.*<replaceable>\s*(newpin|pin|puk|sopin|sopuk)\s*<.*,\1,pg' $< \
|
||||
| sort -u | grep -- '^\-' | tr '\n' '|' | sed 's,|$$,,' | grep ^ || echo "!*")," \
|
||||
| sed "s,MODULEOPTS,\
|
||||
$(shell sed -n 's,.*<option>\([^<]*\)</option>.*<replaceable>.*mod.*,\1,pg' $< \
|
||||
| sort -u | grep -- '^\-' | tr '\n' '|' | sed 's,|$$,,' | grep ^ || echo "!*")," \
|
||||
|
|
|
@ -33,13 +33,6 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
|
|||
<title>Options</title>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--card-driver</option> <replaceable>name</replaceable>,
|
||||
<option>-c</option> <replaceable>name</replaceable></term>
|
||||
<listitem><para>Use the card driver specified by <replaceable>name</replaceable>.
|
||||
The default is to auto-detect the correct card driver.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--format</option>,
|
||||
|
|
|
@ -3,7 +3,7 @@ _FUNCTION_NAME()
|
|||
{
|
||||
COMPREPLY=()
|
||||
local cur prev split=false
|
||||
_get_comp_words_by_ref cur prev
|
||||
_get_comp_words_by_ref -n : cur prev
|
||||
|
||||
_split_longopt && split=true
|
||||
|
||||
|
@ -23,6 +23,11 @@ _FUNCTION_NAME()
|
|||
_filedir
|
||||
return 0
|
||||
;;
|
||||
PINOPTS|--password)
|
||||
COMPREPLY=( $( compgen -W "$(printenv | cut -d = -f 1 | xargs printf 'env:%s ')" -- $cur ) )
|
||||
__ltrim_colon_completions "$cur"
|
||||
return 0
|
||||
;;
|
||||
OPTSWITHARGS)
|
||||
return 0
|
||||
;;
|
||||
|
|
|
@ -75,11 +75,23 @@
|
|||
<option>--pin</option> <replaceable>pin</replaceable>,
|
||||
<option>-p</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify the user pin <replaceable>pin</replaceable> to use.
|
||||
If set to env:<replaceable>VARIABLE</replaceable>, the
|
||||
value of the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.
|
||||
The default is do not enter pin</para></listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
These options can be used to specify the PIN value
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
@ -95,14 +107,6 @@
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--driver</option> <replaceable>driver</replaceable>,
|
||||
<option>-c</option> <replaceable>driver</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify the card driver <replaceable>driver</replaceable> to use.
|
||||
Default is use driver from configuration file, or auto-detect if absent</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--wait</option>,
|
||||
|
|
|
@ -46,9 +46,25 @@
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option> <replaceable>argument</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Define user PIN.</para></listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
This option can be used to specify the PIN value
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
|
|
@ -0,0 +1,126 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<refentry id="goid-tool">
|
||||
<refmeta>
|
||||
<refentrytitle>goid-tool</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
<refmiscinfo class="productname">OpenSC</refmiscinfo>
|
||||
<refmiscinfo class="manual">OpenSC Tools</refmiscinfo>
|
||||
<refmiscinfo class="source">opensc</refmiscinfo>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>goid-tool</refname>
|
||||
<refpurpose>???</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>goid-tool</command>
|
||||
<arg choice="opt"><replaceable class="option">OPTIONS</replaceable></arg>
|
||||
<arg><replaceable class="option">mode</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The <command>goid-tool</command> utility can be used from
|
||||
the command line to ???
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--help</option>,
|
||||
<option>-h</option>
|
||||
</term>
|
||||
<listitem><para>Print help message on screen.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--version</option>,
|
||||
<option>-V</option>
|
||||
</term>
|
||||
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--reader</option> <replaceable>string</replaceable>,
|
||||
<option>-r</option> <replaceable>string</replaceable>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Specify the number of the reader to use. By default, the
|
||||
first reader with present card is used. If
|
||||
the argument is an ATR, the reader with a
|
||||
matching card will be chosen.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--verbose</option>,
|
||||
<option>-v</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Cause <command>goid-tool</command> to be
|
||||
more verbose. Use it multiple times to be even more
|
||||
verbose.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--verify-pin</option>,
|
||||
<option>-p</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Verify PIN.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--verify-bio</option>,
|
||||
<option>-b</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Verify finger print.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--verify-pin-or-bio</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Verify PIN or finger print (user's choice).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
<!-- TODO modes -->
|
||||
<refsect1>
|
||||
<title>See also</title>
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-tool</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</citerefentry>
|
||||
<citerefentry>
|
||||
<refentrytitle>opensc.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Authors</title>
|
||||
<para><command>pkcs11-register</command> was written by
|
||||
Frank Morgner <email>frankmorgner@gmail.com</email>.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
||||
|
||||
|
|
@ -43,29 +43,29 @@
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option> <replaceable>pin-value</replaceable>,
|
||||
<option>-p</option> <replaceable>pin-value</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>,
|
||||
<option>-p</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specifies the current value of the global PIN.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--puk</option> <replaceable>pin-value</replaceable>,
|
||||
<option>-u</option> <replaceable>pin-value</replaceable>
|
||||
<option>--puk</option> <replaceable>pin</replaceable>,
|
||||
<option>-u</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specifies the current value of the global PUK.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin0</option> <replaceable>pin-value</replaceable>,
|
||||
<option>-0</option> <replaceable>pin-value</replaceable>
|
||||
<option>--pin0</option> <replaceable>pin</replaceable>,
|
||||
<option>-0</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specifies the current value of the local PIN0 (aka local PIN).</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin1</option> <replaceable>pin-value</replaceable>,
|
||||
<option>-1</option> <replaceable>pin-value</replaceable>
|
||||
<option>--pin1</option> <replaceable>pin</replaceable>,
|
||||
<option>-1</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specifies the current value of the local PIN1 (aka local PUK).</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -149,14 +149,25 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option> <replaceable>string</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>
|
||||
The PIN text to verify. If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value of
|
||||
the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.
|
||||
</para></listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
This option can be used to specify the PIN value
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -55,8 +55,11 @@
|
|||
<option>-c</option> <replaceable>driver</replaceable>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Use the given card driver. The default is
|
||||
auto-detected.
|
||||
Use the given card driver.
|
||||
The default is to auto-detect the correct card driver.
|
||||
The literal value <literal>?</literal> lists
|
||||
all available card drivers and terminates
|
||||
<command>opensc-explorer</command>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -163,11 +166,23 @@
|
|||
<term>
|
||||
<command>asn1</command>
|
||||
<replaceable>file-id</replaceable>
|
||||
<arg choice="opt"><replaceable>rec-no</replaceable></arg>
|
||||
<arg choice="opt"><replaceable>offs</replaceable></arg>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Parse and print the ASN.1 encoded content of the working EF
|
||||
specified by <replaceable>file-id</replaceable>.
|
||||
If the optional parameter
|
||||
<replaceable>rec-no</replaceable> is given and the file is
|
||||
a record-oriented EF, parse and print only the record
|
||||
indicated by this parameter.
|
||||
If the optional parameter
|
||||
<replaceable>offs</replaceable> is given, start parsing
|
||||
and printing the file or record at the offset indicated
|
||||
by the value given.
|
||||
If this parameter is not given, the default offset is
|
||||
<literal>0</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -179,12 +194,16 @@
|
|||
<arg choice="plain"><replaceable>file-id</replaceable></arg>
|
||||
<arg choice="plain"><literal>sfi:</literal><replaceable>short-id</replaceable></arg>
|
||||
</group>
|
||||
<arg choice="opt"><replaceable>rec-no</replaceable></arg>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Print the contents of the working EF specified by
|
||||
<replaceable>file-id</replaceable> or the short file id
|
||||
<replaceable>short-id</replaceable>.
|
||||
If the optional second parameter
|
||||
<replaceable>rec-no</replaceable> is given,
|
||||
only print the record indicated by this parameter.
|
||||
If no argument is given, print the the contents
|
||||
of the currently selected EF.
|
||||
</para>
|
||||
|
@ -400,6 +419,31 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>get_record</command>
|
||||
<replaceable>file-id</replaceable>
|
||||
<replaceable>rec-no</replaceable>
|
||||
<arg choice="opt"><replaceable>output</replaceable></arg>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Copy a record of a record-oriented EF to a local file.
|
||||
The local file is specified by
|
||||
<replaceable>output</replaceable>
|
||||
while the card file and the record are specified by
|
||||
<replaceable>file-id</replaceable> and
|
||||
<replaceable>rec-no</replaceable>,
|
||||
</para>
|
||||
<para>
|
||||
If <replaceable>output</replaceable> is omitted,
|
||||
the name of the output file will be derived from the
|
||||
full card path to <replaceable>file-id</replaceable>.
|
||||
and the <replaceable>rec-no</replaceable>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<command>help</command>
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--version</option>,
|
||||
<option>--version</option>
|
||||
</term>
|
||||
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
||||
</varlistentry>
|
||||
|
@ -52,8 +52,12 @@
|
|||
<option>--card-driver</option> <replaceable>driver</replaceable>,
|
||||
<option>-c</option> <replaceable>driver</replaceable>
|
||||
</term>
|
||||
<listitem><para>Use the given card driver.
|
||||
The default is auto-detected.</para></listitem>
|
||||
<listitem><para>
|
||||
Use the given card driver.
|
||||
The default is to auto-detect the correct card driver.
|
||||
The literal value <literal>?</literal> lists
|
||||
all available card drivers.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
|
|
|
@ -53,15 +53,18 @@
|
|||
<option>--admin</option> <replaceable>argument</replaceable>,
|
||||
<option>-A</option> <replaceable>argument</replaceable>
|
||||
</term>
|
||||
<listitem><para>Authenticate to the card using a 2DES or 3DES key.
|
||||
<listitem><para>Authenticate to the card using a 2DES, 3DES or AES key.
|
||||
The <replaceable>argument</replaceable> of the form
|
||||
<synopsis> {<literal>A</literal>|<literal>M</literal>}<literal>:</literal><replaceable>ref</replaceable><literal>:</literal><replaceable>alg</replaceable></synopsis>
|
||||
is required, were <literal>A</literal> uses "EXTERNAL AUTHENTICATION"
|
||||
and <literal>M</literal> uses "MUTUAL AUTHENTICATION".
|
||||
<replaceable>ref</replaceable> is normally <literal>9B</literal>,
|
||||
and <replaceable>alg</replaceable> is <literal>03</literal> for 3DES.
|
||||
The key is provided by the card vendor, and the environment variable
|
||||
<varname>PIV_EXT_AUTH_KEY</varname> must point to a text file containing
|
||||
and <replaceable>alg</replaceable> is <literal>03</literal> for 3DES,
|
||||
<literal>01</literal> for 2DES, <literal>08</literal> for AES-128,
|
||||
<literal>0A</literal> for AES-192 or <literal>0C</literal> for AES-256.
|
||||
The key is provided by the card vendor. The environment variable
|
||||
<varname>PIV_EXT_AUTH_KEY</varname> must point to either a binary file
|
||||
matching the length of the key or a text file containing
|
||||
the key in the format:
|
||||
<code>XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX</code>
|
||||
</para></listitem>
|
||||
|
@ -163,14 +166,6 @@
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--card-driver</option> <replaceable>driver</replaceable>,
|
||||
<option>-c</option> <replaceable>driver</replaceable>
|
||||
</term>
|
||||
<listitem><para>Use the given card driver.
|
||||
The default is auto-detected.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--wait</option>,
|
||||
|
|
|
@ -0,0 +1,124 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<refentry id="pkcs11-register">
|
||||
<refmeta>
|
||||
<refentrytitle>pkcs11-register</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
<refmiscinfo class="productname">OpenSC</refmiscinfo>
|
||||
<refmiscinfo class="manual">OpenSC Tools</refmiscinfo>
|
||||
<refmiscinfo class="source">opensc</refmiscinfo>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>pkcs11-register</refname>
|
||||
<refpurpose>Simple tool to install PKCS#11 modules to known applications.</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>pkcs11-register</command>
|
||||
<arg choice="opt"><replaceable class="option">OPTIONS</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The <command>pkcs11-register</command> utility can be used from
|
||||
the command line to register PKCS#11 modules to various applications
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--help</option>,
|
||||
<option>-h</option>
|
||||
</term>
|
||||
<listitem><para>Print help message on screen.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--version</option>,
|
||||
<option>-V</option>
|
||||
</term>
|
||||
<listitem><para>Print the OpenSC package release version.</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--module</option> <replaceable>filename</replaceable>,
|
||||
<option>-m</option> <replaceable>filename</replaceable>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Path to the PKCS#11 module to load. The default
|
||||
is OpenSC PKCS#11 module.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--skip-chrome</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Don't install module for Chrome browser. By default,
|
||||
the tool attempts to install the module for Chrome
|
||||
browser.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--skip-firefox</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Don't install module for Firefox browser. By default,
|
||||
the tool attempts to install the module for Firefox
|
||||
browser.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--skip-thunderbird</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Don't install module for Thunderbird mail client.
|
||||
By default, the tool attempts to install the module
|
||||
for Thunderbird mail client.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--skip-seamonkey</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Don't install module for Seamonkey. By default,
|
||||
the tool attempts to install the module Seamonkey.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>See also</title>
|
||||
<para>
|
||||
<citerefentry>
|
||||
<refentrytitle>pkcs11-tool</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</citerefentry>
|
||||
<citerefentry>
|
||||
<refentrytitle>opensc.conf</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Authors</title>
|
||||
<para><command>pkcs11-register</command> was written by
|
||||
Frank Morgner <email>frankmorgner@gmail.com</email>.</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
||||
|
|
@ -146,7 +146,9 @@
|
|||
<term>
|
||||
<option>--key-type</option> <replaceable>specification</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify the type and length of the key to create, for example rsa:1024 or EC:prime256v1.</para></listitem>
|
||||
<listitem><para>Specify the type and length (bytes if symmetric) of the key to create,
|
||||
for example RSA:1024, EC:prime256v1, GOSTR3410-2012-256:B,
|
||||
DES:8, DES3:24, AES:16 or GENERIC:64.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -170,6 +172,13 @@
|
|||
<listitem><para>Specify 'derive' key usage flag (EC only).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--usage-wrap</option>
|
||||
</term>
|
||||
<listitem><para>Specify 'wrap' key usage flag.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--label</option> <replaceable>name</replaceable>,
|
||||
|
@ -212,6 +221,13 @@
|
|||
<listitem><para>List slots with tokens.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--list-interfaces</option>
|
||||
</term>
|
||||
<listitem><para>List interfaces of PKCS #11 3.0 library.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--login</option>,
|
||||
|
@ -266,7 +282,7 @@
|
|||
<option>--moz-cert</option> <replaceable>filename</replaceable>,
|
||||
<option>-z</option> <replaceable>filename</replaceable>
|
||||
</term>
|
||||
<listitem><para>Test a Mozilla-like keypair generation
|
||||
<listitem><para>Test a Mozilla-like key pair generation
|
||||
and certificate request. Specify the <replaceable>filename</replaceable>
|
||||
to the certificate file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
@ -410,6 +426,22 @@
|
|||
<listitem><para>Specify the index of the object to use.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--use-locking</option>
|
||||
</term>
|
||||
<listitem><para>Tell pkcs11 module it should use OS thread locking.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--test-threads</option> <replaceable>options</replaceable>
|
||||
</term>
|
||||
<listitem><para>Test a pkcs11 module's thread implication. (See source code).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--token-label</option> <replaceable>label</replaceable>
|
||||
|
@ -605,6 +637,15 @@
|
|||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--allow-sw</option>
|
||||
</term>
|
||||
<listitem><para>Allow using software mechanisms that do not have the CKF_HW flag set.
|
||||
May be required when using software tokens and emulators.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -136,11 +136,12 @@
|
|||
<command>pkcs15-init --generate-key " keyspec " --auth-id " nn</command>
|
||||
</para>
|
||||
<para>
|
||||
where <replaceable>keyspec</replaceable> describes the algorithm and length of the
|
||||
key to be created, such as <literal>rsa/512</literal>. This will create a 512 bit
|
||||
RSA key. Currently, only RSA key generation is supported. Note that cards
|
||||
usually support just a few different key lengths. Almost all cards will support
|
||||
512 and 1024 bit keys, some will support 768 or 2048 as well.
|
||||
where <replaceable>keyspec</replaceable> describes the algorithm and the parameters
|
||||
of the key to be created. For example, <literal>rsa:2048</literal> generates a RSA key
|
||||
with 2048-bit modulus. If you are generating an EC key, the curve designation must
|
||||
be specified, for example <literal>ec:prime256v1</literal>. For symmetric key,
|
||||
the length of key is specified in bytes, for example <literal>AES:32</literal>
|
||||
or <literal>DES3:24</literal>.
|
||||
</para>
|
||||
<para>
|
||||
<replaceable>nn</replaceable> is the ID of a user PIN installed previously,
|
||||
|
@ -242,7 +243,7 @@
|
|||
you would use
|
||||
</para>
|
||||
<para>
|
||||
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
|
||||
<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes:256 --auth-id 01</command>
|
||||
</para>
|
||||
<para>
|
||||
By default a random ID is generated for the secret key. You may specify an ID
|
||||
|
@ -332,9 +333,9 @@
|
|||
<listitem>
|
||||
<para>
|
||||
Tells the card to generate new key and store it on the card.
|
||||
<replaceable>keyspec</replaceable> consists of an algorithm name
|
||||
(currently, the only supported name is <option>RSA</option>),
|
||||
optionally followed by a slash and the length of the key in bits.
|
||||
<replaceable>keyspec</replaceable> consists of an algorithm name,
|
||||
optionally followed by a colon ":", slash "/" or hyphen "-" and
|
||||
the parameters of the key to be created.
|
||||
It is a good idea to specify the key ID along with this command,
|
||||
using the <option>id</option> option, otherwise an intrinsic ID
|
||||
will be calculated from the key material. Look the description of
|
||||
|
@ -348,46 +349,26 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--options-file</option> <replaceable>filename</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>,
|
||||
<option>--puk</option> <replaceable>puk</replaceable>,
|
||||
<option>--so-pin</option> <replaceable>sopin</replaceable>,
|
||||
<option>--so-puk</option> <replaceable>sopuk</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Tells <command>pkcs15-init</command> to read additional options
|
||||
from <replaceable>filename</replaceable>. The file is supposed to
|
||||
contain one long option per line, without the leading dashes,
|
||||
for instance:
|
||||
<programlisting>
|
||||
pin 1234
|
||||
puk 87654321
|
||||
</programlisting>
|
||||
These options can be used to specify the PIN/PUK values
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
You can specify <option>--options-file</option> several times.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option>,
|
||||
<option>--puk</option>
|
||||
<option>--so-pin</option>,
|
||||
<option>--so-puk</option>,
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
These options can be used to specify PIN/PUK values
|
||||
on the command line. If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value
|
||||
of the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used. Note
|
||||
that on most operation systems, any user can
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should use
|
||||
these options only on a secured system, or in an
|
||||
options file specified with
|
||||
<option>--options-file</option>.
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -437,7 +418,7 @@ puk 87654321
|
|||
<listitem>
|
||||
<para>
|
||||
<replaceable>keyspec</replaceable> describes the algorithm and length of the
|
||||
key to be created or downloaded, such as <literal>aes/256</literal>.
|
||||
key to be created or downloaded, such as <literal>aes:256</literal>.
|
||||
This will create a 256 bit AES key.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -52,8 +52,8 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--auth-id</option> <replaceable>pin</replaceable>,
|
||||
<option>-a</option> <replaceable>pin</replaceable>
|
||||
<option>--auth-id</option> <replaceable>id</replaceable>,
|
||||
<option>-a</option> <replaceable>id</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specifies the auth id of the PIN to use for the
|
||||
operation. This is useful with the --change-pin operation.</para></listitem>
|
||||
|
@ -310,21 +310,32 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option> <replaceable>PIN</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>,
|
||||
<option>--new-pin</option> <replaceable>newpin</replaceable>
|
||||
<option>--puk</option> <replaceable>puk</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify PIN</para></listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
These options can be used to specify the PIN/PUK values
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--puk</option> <replaceable>PUK</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify Unblock PIN</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--new-pin</option> <replaceable>PIN</replaceable>
|
||||
<option>--new-pin</option> <replaceable>pin</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify New PIN (when changing or unblocking)</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -120,26 +120,25 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--so-pin</option> <replaceable>value</replaceable>
|
||||
<option>--pin</option> <replaceable>pin</replaceable>,
|
||||
<option>--so-pin</option> <replaceable>sopin</replaceable>,
|
||||
</term>
|
||||
<listitem>
|
||||
<para>Define SO-PIN for initialization. If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value of
|
||||
the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin</option> <replaceable>value</replaceable>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>Define user PIN for initialization, wrap or
|
||||
unwrap operation. If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value of
|
||||
the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.</para>
|
||||
<para>
|
||||
These options can be used to specify the PIN values
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
1032
doc/tools/tools.html
1032
doc/tools/tools.html
File diff suppressed because it is too large
Load Diff
|
@ -115,25 +115,28 @@
|
|||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--pin-value</option> <replaceable>value</replaceable>,
|
||||
<option>-x</option> <replaceable>value</replaceable>
|
||||
<option>--pin-value</option> <replaceable>pin</replaceable>,
|
||||
<option>-x</option> <replaceable>pin</replaceable>
|
||||
<option>--puk-value</option> <replaceable>puk</replaceable>,
|
||||
<option>-y</option> <replaceable>puk</replaceable>
|
||||
</term>
|
||||
<listitem><para>Set value of PIN. If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value of
|
||||
the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>--puk-value</option> <replaceable>value</replaceable>,
|
||||
<option>-y</option> <replaceable>value</replaceable>
|
||||
</term>
|
||||
<listitem><para>set value of PUK (or value of new PIN for change PIN
|
||||
command see <option>-n</option>). If set to
|
||||
env:<replaceable>VARIABLE</replaceable>, the value of
|
||||
the environment variable
|
||||
<replaceable>VARIABLE</replaceable> is used.</para></listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
These options can be used to specify the PIN/PUK values
|
||||
on the command line. If the value is set to
|
||||
<literal>env:</literal><replaceable>VARIABLE</replaceable>, the value
|
||||
of the specified environment variable is used. By default,
|
||||
the code is prompted on the command line if needed.
|
||||
</para>
|
||||
<para>
|
||||
Note that on most operation systems, any user can
|
||||
display the command line of any process on the
|
||||
system using utilities such as
|
||||
<command>ps(1)</command>. Therefore, you should prefer
|
||||
passing the codes via an environment variable
|
||||
on an unsecured system.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -12,12 +12,12 @@ nodist_noinst_DATA = opensc.conf.example
|
|||
|
||||
# Make sure we build this every time
|
||||
# as there is no dependency for this.
|
||||
# Can be removed if MSVC is not requried.
|
||||
# Can be removed if MSVC is not required.
|
||||
force:
|
||||
opensc.conf.example: opensc.conf.example.in force
|
||||
|
||||
.in:
|
||||
@sed \
|
||||
$(AM_V_GEN)sed \
|
||||
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
|
||||
-e 's|@DEBUG_FILE[@]|$(DEBUG_FILE)|g' \
|
||||
-e 's|@DEFAULT_PCSC_PROVIDER[@]|$(DEFAULT_PCSC_PROVIDER)|g' \
|
||||
|
|
|
@ -174,7 +174,7 @@ app default {
|
|||
# QES is only possible with a Comfort Reader (CAT-K), which holds a
|
||||
# cryptographic key to authenticate itself as signature terminal (ST).
|
||||
# We usually will use the reader's capability to sign the data.
|
||||
# However, during developement you may specify soft certificates and
|
||||
# However, during development you may specify soft certificates and
|
||||
# keys for a ST below.
|
||||
# The following example EAC PKI can be found in vicc's example data:
|
||||
# https://github.com/frankmorgner/vsmartcard/tree/master/virtualsmartcard/npa-example-data
|
||||
|
@ -202,6 +202,15 @@ app default {
|
|||
# user_consent_app = "/usr/bin/pinentry";
|
||||
}
|
||||
|
||||
card_driver edo {
|
||||
# CAN is required to establish connection
|
||||
# with the card. It might be overridden by
|
||||
# EDO_CAN environment variable. Currently,
|
||||
# it is not possible to set it in any other way.
|
||||
#
|
||||
#can = 123456;
|
||||
}
|
||||
|
||||
# In addition to the built-in list of known cards in the
|
||||
# card driver, you can configure a new card for the driver
|
||||
# using the card_atr block. The goal is to centralize
|
||||
|
@ -894,6 +903,8 @@ app default {
|
|||
# Older PKCS#11 applications not supporting CKA_ALWAYS_AUTHENTICATE
|
||||
# may need to set this to get signatures to work with some cards.
|
||||
# Default: false
|
||||
# It is recommended to enable also use_pin_caching to allow OpenSC
|
||||
# to pass the pin to the card when needed.
|
||||
# pin_cache_ignore_user_consent = true;
|
||||
|
||||
# How to handle a PIN-protected certificate
|
||||
|
@ -1054,7 +1065,7 @@ app opensc-pkcs11 {
|
|||
# init_pin_in_so_session: C_InitPIN() in CKU_SO logged session:
|
||||
# User PIN 'UNBLOCK' is protected by SOPIN. (PUK == SOPIN).
|
||||
# # Actually this style works only for the PKCS15 contents without SOPIN.
|
||||
# # For those with SOPIN, this mode will be usefull for the cards without
|
||||
# # For those with SOPIN, this mode will be useful for the cards without
|
||||
# # modes 00 and 01 of ISO command 'RESET RETRY COUNTER'. --vt
|
||||
#
|
||||
# Default: none
|
||||
|
@ -1073,7 +1084,7 @@ app opensc-pkcs11 {
|
|||
# Card can contain more then one PINs or more then one on-card application with
|
||||
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
|
||||
# created for all of them. Many slots could be ennoying for some of widely used application,
|
||||
# like FireFox. This configuration parameter allows to select the PIN(s)
|
||||
# like FireFox. This configuration parameter allows one to select the PIN(s)
|
||||
# for which PKCS#11 slot will be created.
|
||||
# Actually recognised following symbolic names:
|
||||
# 'user', 'sign', 'all'
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_ac_append_to_file.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_AC_APPEND_TO_FILE([FILE],[DATA])
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Appends the specified data to the specified Autoconf is run. If you want
|
||||
# to append to a file when configure is run use AX_APPEND_TO_FILE instead.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2009 Allan Caffee <allan.caffee@gmail.com>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 10
|
||||
|
||||
AC_DEFUN([AX_AC_APPEND_TO_FILE],[
|
||||
AC_REQUIRE([AX_FILE_ESCAPES])
|
||||
m4_esyscmd(
|
||||
AX_FILE_ESCAPES
|
||||
[
|
||||
printf "%s" "$2" >> "$1"
|
||||
])
|
||||
])
|
|
@ -0,0 +1,32 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_ac_print_to_file.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_AC_PRINT_TO_FILE([FILE],[DATA])
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Writes the specified data to the specified file when Autoconf is run. If
|
||||
# you want to print to a file when configure is run use AX_PRINT_TO_FILE
|
||||
# instead.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2009 Allan Caffee <allan.caffee@gmail.com>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 10
|
||||
|
||||
AC_DEFUN([AX_AC_PRINT_TO_FILE],[
|
||||
m4_esyscmd(
|
||||
AC_REQUIRE([AX_FILE_ESCAPES])
|
||||
[
|
||||
printf "%s" "$2" > "$1"
|
||||
])
|
||||
])
|
|
@ -0,0 +1,28 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_add_am_macro_static.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_ADD_AM_MACRO_STATIC([RULE])
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Adds the specified rule to $AMINCLUDE.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2009 Tom Howard <tomhoward@users.sf.net>
|
||||
# Copyright (c) 2009 Allan Caffee <allan.caffee@gmail.com>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 8
|
||||
|
||||
AC_DEFUN([AX_ADD_AM_MACRO_STATIC],[
|
||||
AC_REQUIRE([AX_AM_MACROS_STATIC])
|
||||
AX_AC_APPEND_TO_FILE(AMINCLUDE_STATIC,[$1])
|
||||
])
|
|
@ -0,0 +1,38 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_am_macros_static.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_AM_MACROS_STATIC
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Adds support for macros that create Automake rules. You must manually
|
||||
# add the following line
|
||||
#
|
||||
# include $(top_srcdir)/aminclude_static.am
|
||||
#
|
||||
# to your Makefile.am files.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2009 Tom Howard <tomhoward@users.sf.net>
|
||||
# Copyright (c) 2009 Allan Caffee <allan.caffee@gmail.com>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 11
|
||||
|
||||
AC_DEFUN([AMINCLUDE_STATIC],[aminclude_static.am])
|
||||
|
||||
AC_DEFUN([AX_AM_MACROS_STATIC],
|
||||
[
|
||||
AX_AC_PRINT_TO_FILE(AMINCLUDE_STATIC,[
|
||||
# ]AMINCLUDE_STATIC[ generated automatically by Autoconf
|
||||
# from AX_AM_MACROS_STATIC on ]m4_esyscmd([LC_ALL=C date])[
|
||||
])
|
||||
])
|
|
@ -0,0 +1,95 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_check_gnu_make.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_CHECK_GNU_MAKE([run-if-true],[run-if-false])
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# This macro searches for a GNU version of make. If a match is found:
|
||||
#
|
||||
# * The makefile variable `ifGNUmake' is set to the empty string, otherwise
|
||||
# it is set to "#". This is useful for including a special features in a
|
||||
# Makefile, which cannot be handled by other versions of make.
|
||||
# * The makefile variable `ifnGNUmake' is set to #, otherwise
|
||||
# it is set to the empty string. This is useful for including a special
|
||||
# features in a Makefile, which can be handled
|
||||
# by other versions of make or to specify else like clause.
|
||||
# * The variable `_cv_gnu_make_command` is set to the command to invoke
|
||||
# GNU make if it exists, the empty string otherwise.
|
||||
# * The variable `ax_cv_gnu_make_command` is set to the command to invoke
|
||||
# GNU make by copying `_cv_gnu_make_command`, otherwise it is unset.
|
||||
# * If GNU Make is found, its version is extracted from the output of
|
||||
# `make --version` as the last field of a record of space-separated
|
||||
# columns and saved into the variable `ax_check_gnu_make_version`.
|
||||
# * Additionally if GNU Make is found, run shell code run-if-true
|
||||
# else run shell code run-if-false.
|
||||
#
|
||||
# Here is an example of its use:
|
||||
#
|
||||
# Makefile.in might contain:
|
||||
#
|
||||
# # A failsafe way of putting a dependency rule into a makefile
|
||||
# $(DEPEND):
|
||||
# $(CC) -MM $(srcdir)/*.c > $(DEPEND)
|
||||
#
|
||||
# @ifGNUmake@ ifeq ($(DEPEND),$(wildcard $(DEPEND)))
|
||||
# @ifGNUmake@ include $(DEPEND)
|
||||
# @ifGNUmake@ else
|
||||
# fallback code
|
||||
# @ifGNUmake@ endif
|
||||
#
|
||||
# Then configure.in would normally contain:
|
||||
#
|
||||
# AX_CHECK_GNU_MAKE()
|
||||
# AC_OUTPUT(Makefile)
|
||||
#
|
||||
# Then perhaps to cause gnu make to override any other make, we could do
|
||||
# something like this (note that GNU make always looks for GNUmakefile
|
||||
# first):
|
||||
#
|
||||
# if ! test x$_cv_gnu_make_command = x ; then
|
||||
# mv Makefile GNUmakefile
|
||||
# echo .DEFAULT: > Makefile ;
|
||||
# echo \ $_cv_gnu_make_command \$@ >> Makefile;
|
||||
# fi
|
||||
#
|
||||
# Then, if any (well almost any) other make is called, and GNU make also
|
||||
# exists, then the other make wraps the GNU make.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2008 John Darrington <j.darrington@elvis.murdoch.edu.au>
|
||||
# Copyright (c) 2015 Enrico M. Crisostomo <enrico.m.crisostomo@gmail.com>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 12
|
||||
|
||||
AC_DEFUN([AX_CHECK_GNU_MAKE],dnl
|
||||
[AC_PROG_AWK
|
||||
AC_CACHE_CHECK([for GNU make],[_cv_gnu_make_command],[dnl
|
||||
_cv_gnu_make_command="" ;
|
||||
dnl Search all the common names for GNU make
|
||||
for a in "$MAKE" make gmake gnumake ; do
|
||||
if test -z "$a" ; then continue ; fi ;
|
||||
if "$a" --version 2> /dev/null | grep GNU 2>&1 > /dev/null ; then
|
||||
_cv_gnu_make_command=$a ;
|
||||
AX_CHECK_GNU_MAKE_HEADLINE=$("$a" --version 2> /dev/null | grep "GNU Make")
|
||||
ax_check_gnu_make_version=$(echo ${AX_CHECK_GNU_MAKE_HEADLINE} | ${AWK} -F " " '{ print $(NF); }')
|
||||
break ;
|
||||
fi
|
||||
done ;])
|
||||
dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise
|
||||
AS_VAR_IF([_cv_gnu_make_command], [""], [AS_VAR_SET([ifGNUmake], ["#"])], [AS_VAR_SET([ifGNUmake], [""])])
|
||||
AS_VAR_IF([_cv_gnu_make_command], [""], [AS_VAR_SET([ifnGNUmake], [""])], [AS_VAR_SET([ifnGNUmake], ["#"])])
|
||||
AS_VAR_IF([_cv_gnu_make_command], [""], [AS_UNSET(ax_cv_gnu_make_command)], [AS_VAR_SET([ax_cv_gnu_make_command], [${_cv_gnu_make_command}])])
|
||||
AS_VAR_IF([_cv_gnu_make_command], [""],[$2],[$1])
|
||||
AC_SUBST([ifGNUmake])
|
||||
AC_SUBST([ifnGNUmake])
|
||||
])
|
|
@ -0,0 +1,272 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_code_coverage.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_CODE_COVERAGE()
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Defines CODE_COVERAGE_CPPFLAGS, CODE_COVERAGE_CFLAGS,
|
||||
# CODE_COVERAGE_CXXFLAGS and CODE_COVERAGE_LIBS which should be included
|
||||
# in the CPPFLAGS, CFLAGS CXXFLAGS and LIBS/LIBADD variables of every
|
||||
# build target (program or library) which should be built with code
|
||||
# coverage support. Also add rules using AX_ADD_AM_MACRO_STATIC; and
|
||||
# $enable_code_coverage which can be used in subsequent configure output.
|
||||
# CODE_COVERAGE_ENABLED is defined and substituted, and corresponds to the
|
||||
# value of the --enable-code-coverage option, which defaults to being
|
||||
# disabled.
|
||||
#
|
||||
# Test also for gcov program and create GCOV variable that could be
|
||||
# substituted.
|
||||
#
|
||||
# Note that all optimization flags in CFLAGS must be disabled when code
|
||||
# coverage is enabled.
|
||||
#
|
||||
# Usage example:
|
||||
#
|
||||
# configure.ac:
|
||||
#
|
||||
# AX_CODE_COVERAGE
|
||||
#
|
||||
# Makefile.am:
|
||||
#
|
||||
# include $(top_srcdir)/aminclude_static.am
|
||||
#
|
||||
# my_program_LIBS = ... $(CODE_COVERAGE_LIBS) ...
|
||||
# my_program_CPPFLAGS = ... $(CODE_COVERAGE_CPPFLAGS) ...
|
||||
# my_program_CFLAGS = ... $(CODE_COVERAGE_CFLAGS) ...
|
||||
# my_program_CXXFLAGS = ... $(CODE_COVERAGE_CXXFLAGS) ...
|
||||
#
|
||||
# clean-local: code-coverage-clean
|
||||
# distclean-local: code-coverage-dist-clean
|
||||
#
|
||||
# This results in a "check-code-coverage" rule being added to any
|
||||
# Makefile.am which do "include $(top_srcdir)/aminclude_static.am"
|
||||
# (assuming the module has been configured with --enable-code-coverage).
|
||||
# Running `make check-code-coverage` in that directory will run the
|
||||
# module's test suite (`make check`) and build a code coverage report
|
||||
# detailing the code which was touched, then print the URI for the report.
|
||||
#
|
||||
# This code was derived from Makefile.decl in GLib, originally licensed
|
||||
# under LGPLv2.1+.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2012, 2016 Philip Withnall
|
||||
# Copyright (c) 2012 Xan Lopez
|
||||
# Copyright (c) 2012 Christian Persch
|
||||
# Copyright (c) 2012 Paolo Borelli
|
||||
# Copyright (c) 2012 Dan Winship
|
||||
# Copyright (c) 2015,2018 Bastien ROUCARIES
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
#serial 32
|
||||
|
||||
m4_define(_AX_CODE_COVERAGE_RULES,[
|
||||
AX_ADD_AM_MACRO_STATIC([
|
||||
# Code coverage
|
||||
#
|
||||
# Optional:
|
||||
# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting.
|
||||
# Multiple directories may be specified, separated by whitespace.
|
||||
# (Default: \$(top_builddir))
|
||||
# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated
|
||||
# by lcov for code coverage. (Default:
|
||||
# \$(PACKAGE_NAME)-\$(PACKAGE_VERSION)-coverage.info)
|
||||
# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage
|
||||
# reports to be created. (Default:
|
||||
# \$(PACKAGE_NAME)-\$(PACKAGE_VERSION)-coverage)
|
||||
# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage,
|
||||
# set to 0 to disable it and leave empty to stay with the default.
|
||||
# (Default: empty)
|
||||
# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov
|
||||
# instances. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE)
|
||||
# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov
|
||||
# instances. (Default: $CODE_COVERAGE_LCOV_SHOPTS_DEFAULT)
|
||||
# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov
|
||||
# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the
|
||||
# collecting lcov instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH)
|
||||
# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov
|
||||
# instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_DEFAULT)
|
||||
# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering
|
||||
# lcov instance. (Default: empty)
|
||||
# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov
|
||||
# instance. (Default: $CODE_COVERAGE_LCOV_RMOPTS_DEFAULT)
|
||||
# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the
|
||||
# genhtml instance. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE)
|
||||
# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml
|
||||
# instance. (Default: $CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
|
||||
# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore
|
||||
#
|
||||
# The generated report will be titled using the \$(PACKAGE_NAME) and
|
||||
# \$(PACKAGE_VERSION). In order to add the current git hash to the title,
|
||||
# use the git-version-gen script, available online.
|
||||
# Optional variables
|
||||
# run only on top dir
|
||||
if CODE_COVERAGE_ENABLED
|
||||
ifeq (\$(abs_builddir), \$(abs_top_builddir))
|
||||
CODE_COVERAGE_DIRECTORY ?= \$(top_builddir)
|
||||
CODE_COVERAGE_OUTPUT_FILE ?= \$(PACKAGE_NAME)-\$(PACKAGE_VERSION)-coverage.info
|
||||
CODE_COVERAGE_OUTPUT_DIRECTORY ?= \$(PACKAGE_NAME)-\$(PACKAGE_VERSION)-coverage
|
||||
|
||||
CODE_COVERAGE_BRANCH_COVERAGE ?=
|
||||
CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= \$(if \$(CODE_COVERAGE_BRANCH_COVERAGE),\
|
||||
--rc lcov_branch_coverage=\$(CODE_COVERAGE_BRANCH_COVERAGE))
|
||||
CODE_COVERAGE_LCOV_SHOPTS ?= \$(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT)
|
||||
CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool \"\$(GCOV)\"
|
||||
CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= \$(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH)
|
||||
CODE_COVERAGE_LCOV_OPTIONS ?= \$(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT)
|
||||
CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?=
|
||||
CODE_COVERAGE_LCOV_RMOPTS ?= \$(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT)
|
||||
CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\
|
||||
\$(if \$(CODE_COVERAGE_BRANCH_COVERAGE),\
|
||||
--rc genhtml_branch_coverage=\$(CODE_COVERAGE_BRANCH_COVERAGE))
|
||||
CODE_COVERAGE_GENHTML_OPTIONS ?= \$(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
|
||||
CODE_COVERAGE_IGNORE_PATTERN ?=
|
||||
|
||||
GITIGNOREFILES = \$(GITIGNOREFILES) \$(CODE_COVERAGE_OUTPUT_FILE) \$(CODE_COVERAGE_OUTPUT_DIRECTORY)
|
||||
code_coverage_v_lcov_cap = \$(code_coverage_v_lcov_cap_\$(V))
|
||||
code_coverage_v_lcov_cap_ = \$(code_coverage_v_lcov_cap_\$(AM_DEFAULT_VERBOSITY))
|
||||
code_coverage_v_lcov_cap_0 = @echo \" LCOV --capture\" \$(CODE_COVERAGE_OUTPUT_FILE);
|
||||
code_coverage_v_lcov_ign = \$(code_coverage_v_lcov_ign_\$(V))
|
||||
code_coverage_v_lcov_ign_ = \$(code_coverage_v_lcov_ign_\$(AM_DEFAULT_VERBOSITY))
|
||||
code_coverage_v_lcov_ign_0 = @echo \" LCOV --remove /tmp/*\" \$(CODE_COVERAGE_IGNORE_PATTERN);
|
||||
code_coverage_v_genhtml = \$(code_coverage_v_genhtml_\$(V))
|
||||
code_coverage_v_genhtml_ = \$(code_coverage_v_genhtml_\$(AM_DEFAULT_VERBOSITY))
|
||||
code_coverage_v_genhtml_0 = @echo \" GEN \" \"\$(CODE_COVERAGE_OUTPUT_DIRECTORY)\";
|
||||
code_coverage_quiet = \$(code_coverage_quiet_\$(V))
|
||||
code_coverage_quiet_ = \$(code_coverage_quiet_\$(AM_DEFAULT_VERBOSITY))
|
||||
code_coverage_quiet_0 = --quiet
|
||||
|
||||
# sanitizes the test-name: replaces with underscores: dashes and dots
|
||||
code_coverage_sanitize = \$(subst -,_,\$(subst .,_,\$(1)))
|
||||
|
||||
# Use recursive makes in order to ignore errors during check
|
||||
check-code-coverage:
|
||||
-\$(AM_V_at)\$(MAKE) \$(AM_MAKEFLAGS) -k check
|
||||
\$(AM_V_at)\$(MAKE) \$(AM_MAKEFLAGS) code-coverage-capture
|
||||
|
||||
# Capture code coverage data
|
||||
code-coverage-capture: code-coverage-capture-hook
|
||||
\$(code_coverage_v_lcov_cap)\$(LCOV) \$(code_coverage_quiet) \$(addprefix --directory ,\$(CODE_COVERAGE_DIRECTORY)) --capture --output-file \"\$(CODE_COVERAGE_OUTPUT_FILE).tmp\" --test-name \"\$(call code_coverage_sanitize,\$(PACKAGE_NAME)-\$(PACKAGE_VERSION))\" --no-checksum --compat-libtool \$(CODE_COVERAGE_LCOV_SHOPTS) \$(CODE_COVERAGE_LCOV_OPTIONS)
|
||||
\$(code_coverage_v_lcov_ign)\$(LCOV) \$(code_coverage_quiet) \$(addprefix --directory ,\$(CODE_COVERAGE_DIRECTORY)) --remove \"\$(CODE_COVERAGE_OUTPUT_FILE).tmp\" \"/tmp/*\" \$(CODE_COVERAGE_IGNORE_PATTERN) --output-file \"\$(CODE_COVERAGE_OUTPUT_FILE)\" \$(CODE_COVERAGE_LCOV_SHOPTS) \$(CODE_COVERAGE_LCOV_RMOPTS)
|
||||
-@rm -f \"\$(CODE_COVERAGE_OUTPUT_FILE).tmp\"
|
||||
\$(code_coverage_v_genhtml)LANG=C \$(GENHTML) \$(code_coverage_quiet) \$(addprefix --prefix ,\$(CODE_COVERAGE_DIRECTORY)) --output-directory \"\$(CODE_COVERAGE_OUTPUT_DIRECTORY)\" --title \"\$(PACKAGE_NAME)-\$(PACKAGE_VERSION) Code Coverage\" --legend --show-details \"\$(CODE_COVERAGE_OUTPUT_FILE)\" \$(CODE_COVERAGE_GENHTML_OPTIONS)
|
||||
@echo \"file://\$(abs_builddir)/\$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html\"
|
||||
|
||||
code-coverage-clean:
|
||||
-\$(LCOV) --directory \$(top_builddir) -z
|
||||
-rm -rf \"\$(CODE_COVERAGE_OUTPUT_FILE)\" \"\$(CODE_COVERAGE_OUTPUT_FILE).tmp\" \"\$(CODE_COVERAGE_OUTPUT_DIRECTORY)\"
|
||||
-find . \\( -name \"*.gcda\" -o -name \"*.gcno\" -o -name \"*.gcov\" \\) -delete
|
||||
|
||||
code-coverage-dist-clean:
|
||||
|
||||
A][M_DISTCHECK_CONFIGURE_FLAGS = \$(A][M_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage
|
||||
else # ifneq (\$(abs_builddir), \$(abs_top_builddir))
|
||||
check-code-coverage:
|
||||
|
||||
code-coverage-capture: code-coverage-capture-hook
|
||||
|
||||
code-coverage-clean:
|
||||
|
||||
code-coverage-dist-clean:
|
||||
endif # ifeq (\$(abs_builddir), \$(abs_top_builddir))
|
||||
else #! CODE_COVERAGE_ENABLED
|
||||
# Use recursive makes in order to ignore errors during check
|
||||
check-code-coverage:
|
||||
@echo \"Need to reconfigure with --enable-code-coverage\"
|
||||
# Capture code coverage data
|
||||
code-coverage-capture: code-coverage-capture-hook
|
||||
@echo \"Need to reconfigure with --enable-code-coverage\"
|
||||
|
||||
code-coverage-clean:
|
||||
|
||||
code-coverage-dist-clean:
|
||||
|
||||
endif #CODE_COVERAGE_ENABLED
|
||||
# Hook rule executed before code-coverage-capture, overridable by the user
|
||||
code-coverage-capture-hook:
|
||||
|
||||
.PHONY: check-code-coverage code-coverage-capture code-coverage-dist-clean code-coverage-clean code-coverage-capture-hook
|
||||
])
|
||||
])
|
||||
|
||||
AC_DEFUN([_AX_CODE_COVERAGE_ENABLED],[
|
||||
AX_CHECK_GNU_MAKE([],[AC_MSG_ERROR([not using GNU make that is needed for coverage])])
|
||||
AC_REQUIRE([AX_ADD_AM_MACRO_STATIC])
|
||||
# check for gcov
|
||||
AC_CHECK_TOOL([GCOV],
|
||||
[$_AX_CODE_COVERAGE_GCOV_PROG_WITH],
|
||||
[:])
|
||||
AS_IF([test "X$GCOV" = "X:"],
|
||||
[AC_MSG_ERROR([gcov is needed to do coverage])])
|
||||
AC_SUBST([GCOV])
|
||||
|
||||
dnl Check if gcc is being used
|
||||
AS_IF([ test "$GCC" = "no" ], [
|
||||
AC_MSG_ERROR([not compiling with gcc, which is required for gcov code coverage])
|
||||
])
|
||||
|
||||
AC_CHECK_PROG([LCOV], [lcov], [lcov])
|
||||
AC_CHECK_PROG([GENHTML], [genhtml], [genhtml])
|
||||
|
||||
AS_IF([ test x"$LCOV" = x ], [
|
||||
AC_MSG_ERROR([To enable code coverage reporting you must have lcov installed])
|
||||
])
|
||||
|
||||
AS_IF([ test x"$GENHTML" = x ], [
|
||||
AC_MSG_ERROR([Could not find genhtml from the lcov package])
|
||||
])
|
||||
|
||||
dnl Build the code coverage flags
|
||||
dnl Define CODE_COVERAGE_LDFLAGS for backwards compatibility
|
||||
CODE_COVERAGE_CPPFLAGS="-DNDEBUG"
|
||||
CODE_COVERAGE_CFLAGS="-O0 -g -fprofile-arcs -ftest-coverage"
|
||||
CODE_COVERAGE_CXXFLAGS="-O0 -g -fprofile-arcs -ftest-coverage"
|
||||
CODE_COVERAGE_LIBS="-lgcov"
|
||||
|
||||
AC_SUBST([CODE_COVERAGE_CPPFLAGS])
|
||||
AC_SUBST([CODE_COVERAGE_CFLAGS])
|
||||
AC_SUBST([CODE_COVERAGE_CXXFLAGS])
|
||||
AC_SUBST([CODE_COVERAGE_LIBS])
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_CODE_COVERAGE],[
|
||||
dnl Check for --enable-code-coverage
|
||||
|
||||
# allow to override gcov location
|
||||
AC_ARG_WITH([gcov],
|
||||
[AS_HELP_STRING([--with-gcov[=GCOV]], [use given GCOV for coverage (GCOV=gcov).])],
|
||||
[_AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov],
|
||||
[_AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov])
|
||||
|
||||
AC_MSG_CHECKING([whether to build with code coverage support])
|
||||
AC_ARG_ENABLE([code-coverage],
|
||||
AS_HELP_STRING([--enable-code-coverage],
|
||||
[Whether to enable code coverage support]),,
|
||||
enable_code_coverage=no)
|
||||
|
||||
AM_CONDITIONAL([CODE_COVERAGE_ENABLED], [test "x$enable_code_coverage" = xyes])
|
||||
AC_SUBST([CODE_COVERAGE_ENABLED], [$enable_code_coverage])
|
||||
AC_MSG_RESULT($enable_code_coverage)
|
||||
|
||||
AS_IF([ test "x$enable_code_coverage" = xyes ], [
|
||||
_AX_CODE_COVERAGE_ENABLED
|
||||
])
|
||||
|
||||
_AX_CODE_COVERAGE_RULES
|
||||
])
|
|
@ -0,0 +1,30 @@
|
|||
# ===========================================================================
|
||||
# https://www.gnu.org/software/autoconf-archive/ax_file_escapes.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_FILE_ESCAPES
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Writes the specified data to the specified file.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2008 Tom Howard <tomhoward@users.sf.net>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 8
|
||||
|
||||
AC_DEFUN([AX_FILE_ESCAPES],[
|
||||
AX_DOLLAR="\$"
|
||||
AX_SRB="\\135"
|
||||
AX_SLB="\\133"
|
||||
AX_BS="\\\\"
|
||||
AX_DQ="\""
|
||||
])
|
|
@ -43,4 +43,4 @@ TIDY_FILES = \
|
|||
libpkcs11.c libscdl.c
|
||||
|
||||
check-local:
|
||||
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' -header-filter=.* $(TIDY_FILES) -- $(TIDY_FLAGS); fi
|
||||
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' --checks='$(TIDY_CHECKS)' -header-filter=.* $(addprefix $(srcdir)/,$(TIDY_FILES)) -- $(TIDY_FLAGS); fi
|
||||
|
|
|
@ -99,7 +99,7 @@ handle(char *progname,
|
|||
{
|
||||
char rc = letters[(match - letters + rotate) % 26];
|
||||
if (isupper(c))
|
||||
rc = toupper(rc);
|
||||
rc = toupper((unsigned char)rc);
|
||||
c = rc;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCAT
|
||||
#if !defined(HAVE_DECL_STRLCAT) || !HAVE_DECL_STRLCAT
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
|
||||
|
|
|
@ -10,9 +10,11 @@
|
|||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCAT
|
||||
#if !defined(HAVE_DECL_STRLCAT) || !HAVE_DECL_STRLCAT
|
||||
#include <stddef.h>
|
||||
size_t strlcat(char *dst, const char *src, size_t siz);
|
||||
#else
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCPY /* empty file if strlcpy is available */
|
||||
#if !defined(HAVE_DECL_STRLCPY) || !HAVE_DECL_STRLCPY
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
|
||||
|
|
|
@ -38,9 +38,11 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRLCPY
|
||||
#if !defined(HAVE_DECL_STRLCPY) || !HAVE_DECL_STRLCPY
|
||||
#include <stddef.h>
|
||||
size_t strlcpy(char *dst, const char *src, size_t siz);
|
||||
#else
|
||||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -49,6 +49,7 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
|
|||
{
|
||||
sc_pkcs11_module_t *mod;
|
||||
CK_RV rv, (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR);
|
||||
CK_RV (*c_get_interface)(CK_UTF8CHAR_PTR, CK_VERSION_PTR, CK_INTERFACE_PTR_PTR, CK_FLAGS);
|
||||
mod = calloc(1, sizeof(*mod));
|
||||
if (mod == NULL) {
|
||||
return NULL;
|
||||
|
@ -65,6 +66,24 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
|
|||
goto failed;
|
||||
}
|
||||
|
||||
c_get_interface = (CK_RV (*)(CK_UTF8CHAR_PTR, CK_VERSION_PTR, CK_INTERFACE_PTR_PTR, CK_FLAGS))
|
||||
sc_dlsym(mod->handle, "C_GetInterface");
|
||||
if (c_get_interface) {
|
||||
CK_INTERFACE *interface = NULL;
|
||||
|
||||
/* Get default PKCS #11 interface */
|
||||
rv = c_get_interface((CK_UTF8CHAR_PTR) "PKCS 11", NULL, &interface, 0);
|
||||
if (rv == CKR_OK) {
|
||||
/* this is actually 3.0 function list, but it starts
|
||||
* with the same fields. Only for new functions, it
|
||||
* needs to be casted to new structure */
|
||||
*funcs = interface->pFunctionList;
|
||||
return (void *) mod;
|
||||
} else {
|
||||
fprintf(stderr, "C_GetInterface failed %lx, retry 2.x way", rv);
|
||||
}
|
||||
}
|
||||
|
||||
/* Get the list of function pointers */
|
||||
c_get_function_list = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))
|
||||
sc_dlsym(mod->handle, "C_GetFunctionList");
|
||||
|
@ -100,7 +119,6 @@ C_UnloadModule(void *module)
|
|||
if (mod->handle != NULL && sc_dlclose(mod->handle) < 0)
|
||||
return CKR_FUNCTION_FAILED;
|
||||
|
||||
memset(mod, 0, sizeof(*mod));
|
||||
free(mod);
|
||||
return CKR_OK;
|
||||
}
|
||||
|
|
|
@ -28,7 +28,9 @@
|
|||
#if !defined(_WIN32)
|
||||
#include <arpa/inet.h> /* for htons() */
|
||||
#include <unistd.h>
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
#include <sys/time.h> /* for gettimeofday() */
|
||||
#endif
|
||||
#include <stdint.h>
|
||||
#else
|
||||
#include <winsock2.h>
|
||||
|
@ -71,8 +73,10 @@
|
|||
|
||||
/* disable asserts */
|
||||
#ifndef SIMCLIST_DEBUG
|
||||
#ifndef NDEBUG
|
||||
#define NDEBUG
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
/build/
|
|
@ -0,0 +1,12 @@
|
|||
cmake_minimum_required(VERSION 3.18)
|
||||
|
||||
project(gcns VERSION 1.0 DESCRIPTION "Italian healthcare smart card parsing utility")
|
||||
|
||||
add_library(gcns SHARED gcns.c gcns.cpp)
|
||||
target_include_directories(gcns PUBLIC ../.. .. .)
|
||||
install(TARGETS gcns LIBRARY)
|
||||
install(FILES gcns.h gcns.hpp DESTINATION include)
|
||||
|
||||
add_executable(main main.c ../tools/util.c)
|
||||
target_link_libraries(main gcns opensc bsd)
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
# Maintainer: Giovan Battista Rolandi <giomba@linux.it>
|
||||
|
||||
pkgname=gcns
|
||||
pkgver=1.0
|
||||
pkgrel=1
|
||||
pkgdesc='Tools for Italian healthcare smart card'
|
||||
arch=('x86_64')
|
||||
url='https://git.golem.linux.it/giomba/opensc'
|
||||
license=('LGPL')
|
||||
depends=('opensc')
|
||||
source=('git+https://git.golem.linux.it/giomba/opensc#branch=golem/tessera-sanitaria')
|
||||
sha256sums=('SKIP')
|
||||
|
||||
build() {
|
||||
cd opensc
|
||||
|
||||
./bootstrap
|
||||
./configure
|
||||
make -j$(nproc)
|
||||
cd src/gcns
|
||||
|
||||
mkdir -p build
|
||||
cd build
|
||||
cmake ..
|
||||
make -j$(nproc)
|
||||
|
||||
}
|
||||
|
||||
package() {
|
||||
cd opensc/src/gcns/build
|
||||
make DESTDIR=$pkgdir install
|
||||
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
/*
|
||||
* gcns.c: A reader of Italian healtcare smartcards with libopensc
|
||||
*
|
||||
* Copyright (C) 2022 Giovan Battista Rolandi <giomba@linux.it>
|
||||
* based on previous work by
|
||||
* Copyright (C) 2001 Juha Yrjölä <juha.yrjola@iki.fi>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "gcns.h"
|
||||
|
||||
#include "libopensc/asn1.h"
|
||||
#include "tools/util.h"
|
||||
|
||||
static int opt_wait = 0;
|
||||
static const char *opt_reader = NULL;
|
||||
static sc_context_t *ctx = NULL;
|
||||
static sc_card_t *card = NULL;
|
||||
sc_context_param_t ctx_param;
|
||||
|
||||
int gcns_init() {
|
||||
int r, err = 0;
|
||||
int lcycle = SC_CARDCTRL_LIFECYCLE_ADMIN;
|
||||
|
||||
memset(&ctx_param, 0, sizeof(ctx_param));
|
||||
ctx_param.ver = 0;
|
||||
|
||||
r = sc_context_create(&ctx, &ctx_param);
|
||||
if (r) {
|
||||
fprintf(stderr, "Failed to establish context: %s\n", sc_strerror(r));
|
||||
return GCNS_INIT;
|
||||
}
|
||||
|
||||
ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
|
||||
|
||||
err = util_connect_card_ex(ctx, &card, opt_reader, opt_wait, 0, 0);
|
||||
if (err) {
|
||||
return GCNS_INIT;
|
||||
}
|
||||
|
||||
r = sc_lock(card);
|
||||
if (r == SC_SUCCESS)
|
||||
r = sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &lcycle);
|
||||
sc_unlock(card);
|
||||
if (r && r != SC_ERROR_NOT_SUPPORTED) {
|
||||
fprintf(stderr, "unable to change lifecycle: %s\n", sc_strerror(r));
|
||||
return GCNS_INIT;
|
||||
}
|
||||
|
||||
return GCNS_SUCCESS;
|
||||
}
|
||||
|
||||
int gcns_close() {
|
||||
if (card) {
|
||||
sc_disconnect_card(card);
|
||||
}
|
||||
if (ctx) sc_release_context(ctx);
|
||||
return GCNS_SUCCESS;
|
||||
}
|
||||
|
||||
int gcns_read_personal_data(u8 *buffer, size_t len) {
|
||||
sc_path_t path;
|
||||
int r;
|
||||
|
||||
sc_format_path("3F0011001102", &path);
|
||||
r = sc_select_file(card, &path, NULL);
|
||||
if (r) {
|
||||
fprintf(stderr, "no select file: 3F0011001102\n");
|
||||
return GCNS_READ_PERSONAL_DATA;
|
||||
}
|
||||
r = sc_read_binary(card, 0, buffer, 0x180, 0);
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "no read binary: %d\n", r);
|
||||
return GCNS_READ_PERSONAL_DATA;
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
#include "gcns.hpp"
|
||||
|
||||
#include <vector>
|
||||
|
||||
using namespace gcns;
|
||||
|
||||
PersonalData::PersonalData(const uint8_t* buffer, size_t len) {
|
||||
std::vector<std::string> field;
|
||||
|
||||
// TODO check length at the beginning?
|
||||
for (int i = 12; i < len;) {
|
||||
if (buffer[i] == '\0') break;
|
||||
|
||||
std::string hexstring((const char*)&buffer[i], 2);
|
||||
int len = std::stoi(hexstring, nullptr, 16);
|
||||
i += 2;
|
||||
std::string fieldData((const char*)&buffer[i], len);
|
||||
i += len;
|
||||
|
||||
field.push_back(fieldData);
|
||||
}
|
||||
|
||||
for (int i = 0; i < (int)field.size(); ++i) {
|
||||
switch (i) {
|
||||
case 0:
|
||||
this->issue_date.year =
|
||||
std::stoi(field[i].substr(4, 4), nullptr);
|
||||
this->issue_date.month =
|
||||
std::stoi(field[i].substr(2, 2), nullptr);
|
||||
this->issue_date.day =
|
||||
std::stoi(field[i].substr(0, 2), nullptr);
|
||||
break;
|
||||
case 1:
|
||||
this->expiration_date.year =
|
||||
std::stoi(field[i].substr(4, 4), nullptr);
|
||||
this->expiration_date.month =
|
||||
std::stoi(field[i].substr(2, 2), nullptr);
|
||||
this->expiration_date.day =
|
||||
std::stoi(field[i].substr(0, 2), nullptr);
|
||||
break;
|
||||
case 2:
|
||||
this->family_name = field[i];
|
||||
break;
|
||||
case 3:
|
||||
this->first_name = field[i];
|
||||
break;
|
||||
case 4:
|
||||
this->birth_date.year =
|
||||
std::stoi(field[i].substr(4, 4), nullptr);
|
||||
this->birth_date.month =
|
||||
std::stoi(field[i].substr(2, 2), nullptr);
|
||||
this->birth_date.day =
|
||||
std::stoi(field[i].substr(0, 2), nullptr);
|
||||
break;
|
||||
case 5:
|
||||
this->gender = field[i] == "F" ? GENDER_FEMALE : GENDER_MALE;
|
||||
break;
|
||||
case 7:
|
||||
this->fiscal_code = field[i];
|
||||
break;
|
||||
case 9:
|
||||
this->birth_place = field[i];
|
||||
break;
|
||||
case 12:
|
||||
this->residence_place = field[i];
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
#ifndef GCNS_H
|
||||
#define GCNS_H
|
||||
|
||||
#define GCNS_SUCCESS 0
|
||||
#define GCNS_INIT -1001
|
||||
#define GCNS_READ_PERSONAL_DATA -1002
|
||||
#define GCNS_CLOSE -1003
|
||||
|
||||
int gcns_init();
|
||||
int gcns_read_personal_data(u8 *buffer, size_t len);
|
||||
int gcns_close();
|
||||
|
||||
#endif
|
|
@ -0,0 +1,34 @@
|
|||
#ifndef GCNS_CPP
|
||||
#define GCNS_CPP
|
||||
|
||||
#include <string>
|
||||
|
||||
namespace gcns {
|
||||
|
||||
enum Gender { GENDER_MALE, GENDER_FEMALE };
|
||||
|
||||
struct Date {
|
||||
uint16_t year;
|
||||
uint8_t month;
|
||||
uint8_t day;
|
||||
};
|
||||
|
||||
class PersonalData {
|
||||
private:
|
||||
std::string first_name;
|
||||
std::string family_name;
|
||||
std::string fiscal_code;
|
||||
std::string birth_place;
|
||||
Date birth_date;
|
||||
std::string residence_place;
|
||||
Gender gender;
|
||||
Date issue_date;
|
||||
Date expiration_date;
|
||||
|
||||
public:
|
||||
PersonalData(const uint8_t* personal_data, size_t len);
|
||||
};
|
||||
|
||||
} // namespace gcns
|
||||
|
||||
#endif
|
|
@ -0,0 +1,56 @@
|
|||
#include <ctype.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "config.h"
|
||||
#ifdef ENABLE_READLINE
|
||||
#include <readline/history.h>
|
||||
#include <readline/readline.h>
|
||||
#endif
|
||||
#if !defined(_WIN32)
|
||||
#include <arpa/inet.h> /* for htons() */
|
||||
#endif
|
||||
|
||||
#include <getopt.h>
|
||||
|
||||
#include "common/compat_strlcpy.h"
|
||||
#include "gcns.h"
|
||||
#include "libopensc/asn1.h"
|
||||
#include "libopensc/cardctl.h"
|
||||
#include "libopensc/cards.h"
|
||||
#include "libopensc/internal.h"
|
||||
#include "libopensc/iso7816.h"
|
||||
#include "libopensc/log.h"
|
||||
#include "libopensc/opensc.h"
|
||||
#include "tools/util.h"
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
int r;
|
||||
|
||||
printf("OpenSC version: %s\n", sc_get_version());
|
||||
|
||||
r = gcns_init();
|
||||
if (r != GCNS_SUCCESS) {
|
||||
fprintf(stderr, "Init Error\n");
|
||||
return GCNS_INIT;
|
||||
}
|
||||
|
||||
u8 buffer[2048];
|
||||
r = gcns_read_personal_data(buffer, 2048);
|
||||
|
||||
if (r < 0) {
|
||||
fprintf(stderr, "Read personal data error\n");
|
||||
return GCNS_READ_PERSONAL_DATA;
|
||||
}
|
||||
|
||||
util_hex_dump_asc(stdout, buffer, r, 0);
|
||||
|
||||
r = gcns_close();
|
||||
if (r != GCNS_SUCCESS) {
|
||||
return GCNS_CLOSE;
|
||||
}
|
||||
|
||||
return GCNS_SUCCESS;
|
||||
}
|
|
@ -12,7 +12,8 @@ noinst_HEADERS = cards.h ctbcs.h internal.h muscle.h muscle-filesystem.h \
|
|||
errors.h types.h compression.h itacns.h iso7816.h \
|
||||
authentic.h iasecc.h iasecc-sdo.h sm.h card-sc-hsm.h \
|
||||
pace.h cwa14890.h cwa-dnie.h card-gids.h aux-data.h \
|
||||
jpki.h sc-ossl-compat.h card-npa.h ccid-types.h reader-tr03119.h \
|
||||
jpki.h sc-ossl-compat.h card-npa.h card-openpgp.h \
|
||||
ccid-types.h reader-tr03119.h \
|
||||
card-cac-common.h
|
||||
|
||||
AM_CPPFLAGS = -D'OPENSC_CONF_PATH="$(sysconfdir)/opensc.conf"' \
|
||||
|
@ -48,14 +49,15 @@ libopensc_la_SOURCES_BASE = \
|
|||
card-iasecc.c iasecc-sdo.c iasecc-sm.c card-sc-hsm.c \
|
||||
card-dnie.c cwa14890.c cwa-dnie.c \
|
||||
card-isoApplet.c card-masktech.c card-gids.c card-jpki.c \
|
||||
card-npa.c card-esteid2018.c \
|
||||
card-npa.c card-esteid2018.c card-idprime.c \
|
||||
card-edo.c \
|
||||
\
|
||||
pkcs15-openpgp.c pkcs15-starcert.c \
|
||||
pkcs15-openpgp.c pkcs15-starcert.c pkcs15-cardos.c \
|
||||
pkcs15-tcos.c pkcs15-esteid.c pkcs15-gemsafeGPK.c \
|
||||
pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \
|
||||
pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \
|
||||
pkcs15-oberthur.c pkcs15-itacns.c pkcs15-gemsafeV1.c pkcs15-sc-hsm.c \
|
||||
pkcs15-coolkey.c pkcs15-din-66291.c \
|
||||
pkcs15-coolkey.c pkcs15-din-66291.c pkcs15-idprime.c \
|
||||
pkcs15-dnie.c pkcs15-gids.c pkcs15-iasecc.c pkcs15-jpki.c pkcs15-esteid2018.c \
|
||||
compression.c p15card-helper.c sm.c \
|
||||
aux-data.c
|
||||
|
@ -64,10 +66,9 @@ if ENABLE_CRYPTOTOKENKIT
|
|||
# most platforms don't support objective C the way we needed.
|
||||
# Only include it if needed
|
||||
libopensc_la_SOURCES_BASE += reader-cryptotokenkit.m
|
||||
else
|
||||
endif
|
||||
libopensc_la_LIBTOOLFLAGS = --tag CC
|
||||
libopensc_static_la_LIBTOOLFLAGS = --tag CC
|
||||
endif
|
||||
|
||||
libopensc_la_SOURCES = $(libopensc_la_SOURCES_BASE) \
|
||||
libopensc.exports
|
||||
|
@ -131,18 +132,19 @@ TIDY_FILES = \
|
|||
card-iasecc.c iasecc-sdo.c iasecc-sm.c card-sc-hsm.c \
|
||||
cwa14890.c cwa-dnie.c \
|
||||
card-isoApplet.c card-masktech.c card-jpki.c \
|
||||
card-npa.c card-esteid2018.c \
|
||||
card-npa.c card-esteid2018.c card-idprime.c \
|
||||
card-edo.c \
|
||||
\
|
||||
pkcs15-openpgp.c \
|
||||
pkcs15-openpgp.c pkcs15-cardos.c \
|
||||
pkcs15-tcos.c pkcs15-esteid.c \
|
||||
pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c \
|
||||
pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \
|
||||
pkcs15-oberthur.c pkcs15-itacns.c pkcs15-sc-hsm.c \
|
||||
pkcs15-coolkey.c pkcs15-din-66291.c \
|
||||
pkcs15-coolkey.c pkcs15-din-66291.c pkcs15-idprime.c \
|
||||
pkcs15-dnie.c pkcs15-gids.c pkcs15-iasecc.c pkcs15-jpki.c pkcs15-esteid2018.c \
|
||||
compression.c p15card-helper.c sm.c \
|
||||
aux-data.c \
|
||||
#$(SOURCES)
|
||||
|
||||
check-local:
|
||||
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' -header-filter=.* $(TIDY_FILES) -- $(TIDY_FLAGS); fi
|
||||
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' --checks='$(TIDY_CHECKS)' -header-filter=.* $(addprefix $(srcdir)/,$(TIDY_FILES)) -- $(TIDY_FLAGS); fi
|
||||
|
|
|
@ -27,15 +27,16 @@ OBJECTS = \
|
|||
card-iasecc.obj iasecc-sdo.obj iasecc-sm.obj cwa-dnie.obj cwa14890.obj \
|
||||
card-sc-hsm.obj card-dnie.obj card-isoApplet.obj pkcs15-coolkey.obj \
|
||||
card-masktech.obj card-gids.obj card-jpki.obj \
|
||||
card-npa.obj card-esteid2018.obj \
|
||||
card-npa.obj card-esteid2018.obj card-idprime.obj \
|
||||
card-edo.obj \
|
||||
\
|
||||
pkcs15-openpgp.obj pkcs15-starcert.obj \
|
||||
pkcs15-openpgp.obj pkcs15-starcert.obj pkcs15-cardos.obj \
|
||||
pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-gemsafeGPK.obj \
|
||||
pkcs15-actalis.obj pkcs15-atrust-acos.obj pkcs15-tccardos.obj pkcs15-piv.obj \
|
||||
pkcs15-cac.obj pkcs15-esinit.obj pkcs15-westcos.obj pkcs15-pteid.obj pkcs15-din-66291.obj \
|
||||
pkcs15-oberthur.obj pkcs15-itacns.obj pkcs15-gemsafeV1.obj pkcs15-sc-hsm.obj \
|
||||
pkcs15-dnie.obj pkcs15-gids.obj pkcs15-iasecc.obj pkcs15-jpki.obj \
|
||||
pkcs15-esteid2018.obj \
|
||||
pkcs15-esteid2018.obj pkcs15-idprime.obj \
|
||||
compression.obj p15card-helper.obj sm.obj \
|
||||
aux-data.obj \
|
||||
$(TOPDIR)\win32\versioninfo.res
|
||||
|
|
|
@ -77,7 +77,7 @@ size_t sc_apdu_get_length(const sc_apdu_t *apdu, unsigned int proto)
|
|||
* @param apdu APDU to be encoded as an octet string
|
||||
* @param proto protocol version to be used
|
||||
* @param out output buffer of size outlen.
|
||||
* @param outlen size of hte output buffer
|
||||
* @param outlen size of the output buffer
|
||||
* @return SC_SUCCESS on success and an error code otherwise
|
||||
*/
|
||||
int sc_apdu2bytes(sc_context_t *ctx, const sc_apdu_t *apdu,
|
||||
|
@ -401,11 +401,13 @@ sc_set_le_and_transmit(struct sc_card *card, struct sc_apdu *apdu, size_t olen)
|
|||
/* set the new expected length */
|
||||
apdu->resplen = olen;
|
||||
apdu->le = nlen;
|
||||
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
/* Belpic V1 applets have a problem: if the card sends a 6C XX (only XX bytes available),
|
||||
* and we resend the command too soon (i.e. the reader is too fast), the card doesn't respond.
|
||||
* So we build in a delay. */
|
||||
if (card->type == SC_CARD_TYPE_BELPIC_EID)
|
||||
msleep(40);
|
||||
#endif
|
||||
|
||||
/* re-transmit the APDU with new Le length */
|
||||
rv = sc_single_transmit(card, apdu);
|
||||
|
|
|
@ -253,10 +253,15 @@ static void sc_asn1_print_bit_string(const u8 * buf, size_t buflen, size_t depth
|
|||
if (buflen > sizeof(a) + 1) {
|
||||
print_hex(buf, buflen, depth);
|
||||
} else {
|
||||
r = sc_asn1_decode_bit_string(buf, buflen, &a, sizeof(a));
|
||||
r = sc_asn1_decode_bit_string(buf, buflen, &a, sizeof(a), 1);
|
||||
if (r < 0) {
|
||||
printf("decode error");
|
||||
return;
|
||||
printf("decode error, ");
|
||||
/* try again without the strict mode */
|
||||
r = sc_asn1_decode_bit_string(buf, buflen, &a, sizeof(a), 0);
|
||||
if (r < 0) {
|
||||
printf("even for lax decoding");
|
||||
return ;
|
||||
}
|
||||
}
|
||||
for (i = r - 1; i >= 0; i--) {
|
||||
printf("%c", ((a >> i) & 1) ? '1' : '0');
|
||||
|
@ -374,7 +379,7 @@ static void print_tags_recursive(const u8 * buf0, const u8 * buf,
|
|||
size_t len;
|
||||
|
||||
r = sc_asn1_read_tag(&tagp, bytesleft, &cla, &tag, &len);
|
||||
if (r != SC_SUCCESS || tagp == NULL) {
|
||||
if (r != SC_SUCCESS || (tagp == NULL && tag != SC_ASN1_TAG_EOC)) {
|
||||
printf("Error in decoding.\n");
|
||||
return;
|
||||
}
|
||||
|
@ -567,7 +572,7 @@ const u8 *sc_asn1_verify_tag(sc_context_t *ctx, const u8 * buf, size_t buflen,
|
|||
}
|
||||
|
||||
static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
|
||||
size_t outlen, int invert)
|
||||
size_t outlen, int invert, const int strict)
|
||||
{
|
||||
const u8 *in = inbuf;
|
||||
u8 *out = (u8 *) outbuf;
|
||||
|
@ -577,6 +582,19 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
|
|||
|
||||
if (inlen < 1)
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
|
||||
/* The formatting is only enforced by SHALL keyword so we should accept
|
||||
* by default also non-strict values. */
|
||||
if (strict) {
|
||||
/* 8.6.2.3 If the bitstring is empty, there shall be no
|
||||
* subsequent octets,and the initial octet shall be zero. */
|
||||
if (inlen == 1 && *in != 0)
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
/* ITU-T Rec. X.690 8.6.2.2: The number shall be in the range zero to seven. */
|
||||
if ((*in & ~0x07) != 0)
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
|
||||
memset(outbuf, 0, outlen);
|
||||
zero_bits = *in & 0x07;
|
||||
in++;
|
||||
|
@ -591,9 +609,13 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
|
|||
int bits_to_go;
|
||||
|
||||
*out = 0;
|
||||
if (octets_left == 1)
|
||||
if (octets_left == 1 && zero_bits > 0) {
|
||||
bits_to_go = 8 - zero_bits;
|
||||
else
|
||||
/* Verify the padding is zero bits */
|
||||
if (*in & (1 << (zero_bits-1))) {
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
} else
|
||||
bits_to_go = 8;
|
||||
if (invert)
|
||||
for (i = 0; i < bits_to_go; i++) {
|
||||
|
@ -611,15 +633,15 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
|
|||
}
|
||||
|
||||
int sc_asn1_decode_bit_string(const u8 * inbuf, size_t inlen,
|
||||
void *outbuf, size_t outlen)
|
||||
void *outbuf, size_t outlen, const int strict)
|
||||
{
|
||||
return decode_bit_string(inbuf, inlen, outbuf, outlen, 1);
|
||||
return decode_bit_string(inbuf, inlen, outbuf, outlen, 1, strict);
|
||||
}
|
||||
|
||||
int sc_asn1_decode_bit_string_ni(const u8 * inbuf, size_t inlen,
|
||||
void *outbuf, size_t outlen)
|
||||
void *outbuf, size_t outlen, const int strict)
|
||||
{
|
||||
return decode_bit_string(inbuf, inlen, outbuf, outlen, 0);
|
||||
return decode_bit_string(inbuf, inlen, outbuf, outlen, 0, strict);
|
||||
}
|
||||
|
||||
static int encode_bit_string(const u8 * inbuf, size_t bits_left, u8 **outbuf,
|
||||
|
@ -664,7 +686,7 @@ static int encode_bit_string(const u8 * inbuf, size_t bits_left, u8 **outbuf,
|
|||
* Bitfields are just bit strings, stored in an unsigned int
|
||||
* (taking endianness into account)
|
||||
*/
|
||||
static int decode_bit_field(const u8 * inbuf, size_t inlen, void *outbuf, size_t outlen)
|
||||
static int decode_bit_field(const u8 * inbuf, size_t inlen, void *outbuf, size_t outlen, const int strict)
|
||||
{
|
||||
u8 data[sizeof(unsigned int)];
|
||||
unsigned int field = 0;
|
||||
|
@ -673,7 +695,7 @@ static int decode_bit_field(const u8 * inbuf, size_t inlen, void *outbuf, size_t
|
|||
if (outlen != sizeof(data))
|
||||
return SC_ERROR_BUFFER_TOO_SMALL;
|
||||
|
||||
n = decode_bit_string(inbuf, inlen, data, sizeof(data), 1);
|
||||
n = decode_bit_string(inbuf, inlen, data, sizeof(data), 1, strict);
|
||||
if (n < 0)
|
||||
return n;
|
||||
|
||||
|
@ -706,17 +728,28 @@ static int encode_bit_field(const u8 *inbuf, size_t inlen,
|
|||
return encode_bit_string(data, bits, outbuf, outlen, 1);
|
||||
}
|
||||
|
||||
int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out)
|
||||
int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out, int strict)
|
||||
{
|
||||
int a = 0, is_negative = 0;
|
||||
size_t i = 0;
|
||||
|
||||
if (inlen > sizeof(int) || inlen == 0)
|
||||
if (inlen == 0) {
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
if (inlen > sizeof(int)) {
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
if (inbuf[0] & 0x80) {
|
||||
if (strict && inlen > 1 && inbuf[0] == 0xff && (inbuf[1] & 0x80)) {
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
is_negative = 1;
|
||||
a |= 0xff^(*inbuf++);
|
||||
i = 1;
|
||||
} else {
|
||||
if (strict && inlen > 1 && inbuf[0] == 0x00 && (inbuf[1] & 0x80) == 0) {
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
}
|
||||
for (; i < inlen; i++) {
|
||||
if (a > (INT_MAX >> 8) || a < (INT_MIN + (1<<8))) {
|
||||
|
@ -797,7 +830,8 @@ static int asn1_encode_integer(int in, u8 ** obj, size_t * objsize)
|
|||
int
|
||||
sc_asn1_decode_object_id(const u8 *inbuf, size_t inlen, struct sc_object_id *id)
|
||||
{
|
||||
int a;
|
||||
int large_second_octet = 0;
|
||||
unsigned int a = 0;
|
||||
const u8 *p = inbuf;
|
||||
int *octet;
|
||||
|
||||
|
@ -807,18 +841,36 @@ sc_asn1_decode_object_id(const u8 *inbuf, size_t inlen, struct sc_object_id *id)
|
|||
sc_init_oid(id);
|
||||
octet = id->value;
|
||||
|
||||
a = *p;
|
||||
*octet++ = a / 40;
|
||||
*octet++ = a % 40;
|
||||
inlen--;
|
||||
/* The first octet can be 0, 1 or 2 and is derived from the first byte */
|
||||
a = MIN(*p / 40, 2);
|
||||
*octet++ = a;
|
||||
|
||||
/* The second octet fits here if the previous was 0 or 1 and second one is smaller than 40.
|
||||
* for the value 2 we can go up to 47. Otherwise the first bit needs to be set
|
||||
* and we continue reading further */
|
||||
if ((*p & 0x80) == 0) {
|
||||
*octet++ = *p - (a * 40);
|
||||
inlen--;
|
||||
} else {
|
||||
large_second_octet = 1;
|
||||
}
|
||||
|
||||
while (inlen) {
|
||||
p++;
|
||||
if (!large_second_octet)
|
||||
p++;
|
||||
/* This signalizes empty most significant bits, which means
|
||||
* the unsigned integer encoding is not minimal */
|
||||
if (*p == 0x80) {
|
||||
sc_init_oid(id);
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
/* Use unsigned type here so we can process the whole INT range.
|
||||
* Values can not be negative */
|
||||
a = *p & 0x7F;
|
||||
inlen--;
|
||||
while (inlen && *p & 0x80) {
|
||||
/* Limit the OID values to int size and do not overflow */
|
||||
if (a > (INT_MAX>>7)) {
|
||||
if (a > (UINT_MAX>>7)) {
|
||||
sc_init_oid(id);
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
@ -827,12 +879,26 @@ sc_asn1_decode_object_id(const u8 *inbuf, size_t inlen, struct sc_object_id *id)
|
|||
a |= *p & 0x7F;
|
||||
inlen--;
|
||||
}
|
||||
if (*p & 0x80) {
|
||||
/* We dropped out from previous cycle on the end of
|
||||
* data while still expecting continuation of value */
|
||||
sc_init_oid(id);
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
if (large_second_octet) {
|
||||
a -= (2 * 40);
|
||||
}
|
||||
if (a > INT_MAX) {
|
||||
sc_init_oid(id);
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
*octet++ = a;
|
||||
if (octet - id->value >= SC_MAX_OBJECT_ID_OCTETS) {
|
||||
sc_init_oid(id);
|
||||
return SC_ERROR_INVALID_ASN1_OBJECT;
|
||||
}
|
||||
};
|
||||
large_second_octet = 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -864,10 +930,13 @@ sc_asn1_encode_object_id(u8 **buf, size_t *buflen, const struct sc_object_id *id
|
|||
*p = k * 40;
|
||||
break;
|
||||
case 1:
|
||||
if (k > 39)
|
||||
if (k > 39 && id->value[0] < 2) {
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
*p++ += k;
|
||||
break;
|
||||
}
|
||||
/* We can encode larger IDs to multiple bytes
|
||||
* similarly as the following IDs */
|
||||
k += *p;
|
||||
/* fall through */
|
||||
default:
|
||||
shift = 28;
|
||||
while (shift && (k >> shift) == 0)
|
||||
|
@ -903,6 +972,9 @@ static int sc_asn1_decode_utf8string(const u8 *inbuf, size_t inlen,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* This assumes the tag is already encoded
|
||||
*/
|
||||
int sc_asn1_put_tag(unsigned int tag, const u8 * data, size_t datalen, u8 * out, size_t outlen, u8 **ptr)
|
||||
{
|
||||
size_t c = 0;
|
||||
|
@ -1174,9 +1246,12 @@ static int asn1_decode_se_info(sc_context_t *ctx, const u8 *obj, size_t objlen,
|
|||
size_t idx, ptrlen = objlen;
|
||||
int ret;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
ses = calloc(SC_MAX_SE_NUM, sizeof(sc_pkcs15_sec_env_info_t *));
|
||||
if (ses == NULL)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
if (ses == NULL) {
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, SC_ERROR_OUT_OF_MEMORY);
|
||||
}
|
||||
|
||||
for (idx=0; idx < SC_MAX_SE_NUM && ptrlen; ) {
|
||||
struct sc_asn1_entry asn1_se[2];
|
||||
|
@ -1220,7 +1295,7 @@ err:
|
|||
free(ses);
|
||||
}
|
||||
|
||||
return ret;
|
||||
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_ASN1, ret);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1448,7 +1523,7 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
|
|||
case SC_ASN1_INTEGER:
|
||||
case SC_ASN1_ENUMERATED:
|
||||
if (parm != NULL) {
|
||||
r = sc_asn1_decode_integer(obj, objlen, (int *) entry->parm);
|
||||
r = sc_asn1_decode_integer(obj, objlen, (int *) entry->parm, 0);
|
||||
sc_debug(ctx, SC_LOG_DEBUG_ASN1, "%*.*sdecoding '%s' returned %d\n", depth, depth, "",
|
||||
entry->name, *((int *) entry->parm));
|
||||
}
|
||||
|
@ -1474,7 +1549,7 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
|
|||
*len = objlen-1;
|
||||
parm = *buf;
|
||||
}
|
||||
r = decode_bit_string(obj, objlen, (u8 *) parm, *len, invert);
|
||||
r = decode_bit_string(obj, objlen, (u8 *) parm, *len, invert, 0);
|
||||
if (r >= 0) {
|
||||
*len = r;
|
||||
r = 0;
|
||||
|
@ -1483,7 +1558,7 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,
|
|||
break;
|
||||
case SC_ASN1_BIT_FIELD:
|
||||
if (parm != NULL)
|
||||
r = decode_bit_field(obj, objlen, (u8 *) parm, *len);
|
||||
r = decode_bit_field(obj, objlen, (u8 *) parm, *len, 0);
|
||||
break;
|
||||
case SC_ASN1_OCTET_STRING:
|
||||
if (parm != NULL) {
|
||||
|
@ -1927,6 +2002,10 @@ static int asn1_encode(sc_context_t *ctx, const struct sc_asn1_entry *asn1,
|
|||
u8 *obj = NULL, *buf = NULL, *tmp;
|
||||
size_t total = 0, objsize;
|
||||
|
||||
if (asn1 == NULL) {
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
||||
for (idx = 0; asn1[idx].name != NULL; idx++) {
|
||||
r = asn1_encode_entry(ctx, &asn1[idx], &obj, &objsize, depth);
|
||||
if (r) {
|
||||
|
@ -2096,8 +2175,10 @@ sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx, const unsigned char *in
|
|||
}
|
||||
|
||||
memset(buf, 0, buflen);
|
||||
memcpy(buf + (halflen - r_len), r, r_len);
|
||||
memcpy(buf + (buflen - s_len), s, s_len);
|
||||
if (r_len > 0)
|
||||
memcpy(buf + (halflen - r_len), r, r_len);
|
||||
if (s_len > 0)
|
||||
memcpy(buf + (buflen - s_len), s, s_len);
|
||||
|
||||
sc_log(ctx, "r(%"SC_FORMAT_LEN_SIZE_T"u): %s", halflen,
|
||||
sc_dump_hex(buf, halflen));
|
||||
|
|
|
@ -96,11 +96,11 @@ void sc_asn1_print_tags(const u8 * buf, size_t buflen);
|
|||
int sc_asn1_utf8string_to_ascii(const u8 * buf, size_t buflen,
|
||||
u8 * outbuf, size_t outlen);
|
||||
int sc_asn1_decode_bit_string(const u8 * inbuf, size_t inlen,
|
||||
void *outbuf, size_t outlen);
|
||||
void *outbuf, size_t outlen, const int strict);
|
||||
/* non-inverting version */
|
||||
int sc_asn1_decode_bit_string_ni(const u8 * inbuf, size_t inlen,
|
||||
void *outbuf, size_t outlen);
|
||||
int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out);
|
||||
void *outbuf, size_t outlen, const int strict);
|
||||
int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out, int strict);
|
||||
int sc_asn1_decode_object_id(const u8 * inbuf, size_t inlen,
|
||||
struct sc_object_id *id);
|
||||
int sc_asn1_encode_object_id(u8 **buf, size_t *buflen,
|
||||
|
@ -127,13 +127,16 @@ int sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx,
|
|||
const unsigned char *in, size_t inlen,
|
||||
unsigned char *buf, size_t buflen);
|
||||
|
||||
#define SC_ASN1_CLASS_MASK 0x30000000
|
||||
/* long form tags use these */
|
||||
/* Same as SC_ASN1_TAG_* shifted left by 24 bits */
|
||||
#define SC_ASN1_CLASS_MASK 0xC0000000
|
||||
#define SC_ASN1_UNI 0x00000000 /* Universal */
|
||||
#define SC_ASN1_APP 0x10000000 /* Application */
|
||||
#define SC_ASN1_CTX 0x20000000 /* Context */
|
||||
#define SC_ASN1_PRV 0x30000000 /* Private */
|
||||
#define SC_ASN1_CONS 0x01000000
|
||||
#define SC_ASN1_APP 0x40000000 /* Application */
|
||||
#define SC_ASN1_CTX 0x80000000 /* Context */
|
||||
#define SC_ASN1_PRV 0xC0000000 /* Private */
|
||||
#define SC_ASN1_CONS 0x20000000
|
||||
|
||||
#define SC_ASN1_CLASS_CONS 0xE0000000 /* CLASS and CONS */
|
||||
#define SC_ASN1_TAG_MASK 0x00FFFFFF
|
||||
#define SC_ASN1_TAGNUM_SIZE 3
|
||||
|
||||
|
@ -173,6 +176,7 @@ int sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx,
|
|||
/* use callback function */
|
||||
#define SC_ASN1_CALLBACK 384
|
||||
|
||||
/* use with short one byte tags */
|
||||
#define SC_ASN1_TAG_CLASS 0xC0
|
||||
#define SC_ASN1_TAG_UNIVERSAL 0x00
|
||||
#define SC_ASN1_TAG_APPLICATION 0x40
|
||||
|
@ -181,6 +185,7 @@ int sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx,
|
|||
|
||||
#define SC_ASN1_TAG_CONSTRUCTED 0x20
|
||||
#define SC_ASN1_TAG_PRIMITIVE 0x1F
|
||||
#define SC_ASN1_TAG_CLASS_CONS 0xE0
|
||||
|
||||
#define SC_ASN1_TAG_EOC 0
|
||||
#define SC_ASN1_TAG_BOOLEAN 1
|
||||
|
|
|
@ -167,7 +167,7 @@ static int asepcos_parse_sec_attr(sc_card_t *card, sc_file_t *file, const u8 *bu
|
|||
{
|
||||
const u8 *p = buf;
|
||||
|
||||
while (len != 0) {
|
||||
while (len > 0) {
|
||||
unsigned int amode, tlen = 3;
|
||||
if (len < 5 || p[0] != 0x80 || p[1] != 0x01) {
|
||||
sc_log(card->ctx, "invalid access mode encoding");
|
||||
|
@ -184,13 +184,21 @@ static int asepcos_parse_sec_attr(sc_card_t *card, sc_file_t *file, const u8 *bu
|
|||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
tlen += 2;
|
||||
} else if (p[3] == 0xA0 && len >= 4U + p[4]) {
|
||||
} else if (p[3] == 0xA0 && len >= 5U + p[4]) {
|
||||
if (len < 6) {
|
||||
sc_log(card->ctx, "invalid access mode encoding");
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
/* TODO: support OR expressions */
|
||||
int r = set_sec_attr(file, amode, p[5], SC_AC_CHV);
|
||||
if (r != SC_SUCCESS)
|
||||
return r;
|
||||
tlen += 2 + p[4]; /* FIXME */
|
||||
} else if (p[3] == 0xAF && len >= 4U + p[4]) {
|
||||
} else if (p[3] == 0xAF && len >= 5U + p[4]) {
|
||||
if (len < 6) {
|
||||
sc_log(card->ctx, "invalid access mode encoding");
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
/* TODO: support AND expressions */
|
||||
int r = set_sec_attr(file, amode, p[5], SC_AC_CHV);
|
||||
if (r != SC_SUCCESS)
|
||||
|
|
|
@ -123,7 +123,7 @@ static int atrust_acos_init(struct sc_card *card)
|
|||
| SC_ALGORITHM_RSA_HASH_RIPEMD160
|
||||
| SC_ALGORITHM_RSA_HASH_MD5_SHA1;
|
||||
|
||||
if (!strcmp(card->name, ACOS_EMV_A05))
|
||||
if (card->name != NULL && !strcmp(card->name, ACOS_EMV_A05))
|
||||
flags |= SC_ALGORITHM_RSA_HASH_SHA256;
|
||||
|
||||
_sc_card_add_rsa_alg(card, 1536, flags, 0x10001);
|
||||
|
|
|
@ -93,7 +93,7 @@ unsigned char aid_AuthentIC_3_2[] = {
|
|||
static int authentic_select_file(struct sc_card *card, const struct sc_path *path, struct sc_file **file_out);
|
||||
static int authentic_process_fci(struct sc_card *card, struct sc_file *file, const unsigned char *buf, size_t buflen);
|
||||
static int authentic_get_serialnr(struct sc_card *card, struct sc_serial_number *serial);
|
||||
static int authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data);
|
||||
static int authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data, struct sc_acl_entry *acls);
|
||||
static int authentic_pin_is_verified(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd, int *tries_left);
|
||||
static int authentic_select_mf(struct sc_card *card, struct sc_file **file_out);
|
||||
static int authentic_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr);
|
||||
|
@ -275,7 +275,7 @@ authentic_decode_pubkey_rsa(struct sc_context *ctx, unsigned char *blob, size_t
|
|||
|
||||
static int
|
||||
authentic_parse_credential_data(struct sc_context *ctx, struct sc_pin_cmd_data *pin_cmd,
|
||||
unsigned char *blob, size_t blob_len)
|
||||
struct sc_acl_entry *acls, unsigned char *blob, size_t blob_len)
|
||||
{
|
||||
unsigned char *data;
|
||||
size_t data_len;
|
||||
|
@ -298,31 +298,34 @@ authentic_parse_credential_data(struct sc_context *ctx, struct sc_pin_cmd_data *
|
|||
else
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "unsupported Credential type");
|
||||
|
||||
rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_DOCP_ACLS, &data, &data_len);
|
||||
LOG_TEST_RET(ctx, rv, "failed to get ACLs");
|
||||
sc_log(ctx, "data_len:%"SC_FORMAT_LEN_SIZE_T"u", data_len);
|
||||
if (data_len == 10) {
|
||||
for (ii=0; ii<5; ii++) {
|
||||
unsigned char acl = *(data + ii*2);
|
||||
unsigned char cred_id = *(data + ii*2 + 1);
|
||||
unsigned sc = acl * 0x100 + cred_id;
|
||||
/* Parse optional ACLs when requested */
|
||||
if (acls) {
|
||||
rv = authentic_get_tagged_data(ctx, blob, blob_len, AUTHENTIC_TAG_DOCP_ACLS, &data, &data_len);
|
||||
LOG_TEST_RET(ctx, rv, "failed to get ACLs");
|
||||
sc_log(ctx, "data_len:%"SC_FORMAT_LEN_SIZE_T"u", data_len);
|
||||
if (data_len == 10) {
|
||||
for (ii=0; ii<5; ii++) {
|
||||
unsigned char acl = *(data + ii*2);
|
||||
unsigned char cred_id = *(data + ii*2 + 1);
|
||||
unsigned sc = acl * 0x100 + cred_id;
|
||||
|
||||
sc_log(ctx, "%i: SC:%X", ii, sc);
|
||||
if (!sc)
|
||||
continue;
|
||||
sc_log(ctx, "%i: SC:%X", ii, sc);
|
||||
if (!sc)
|
||||
continue;
|
||||
|
||||
if (acl & AUTHENTIC_AC_SM_MASK) {
|
||||
pin_cmd->pin1.acls[ii].method = SC_AC_SCB;
|
||||
pin_cmd->pin1.acls[ii].key_ref = sc;
|
||||
}
|
||||
else if (acl!=0xFF && cred_id) {
|
||||
sc_log(ctx, "%i: ACL(method:SC_AC_CHV,id:%i)", ii, cred_id);
|
||||
pin_cmd->pin1.acls[ii].method = SC_AC_CHV;
|
||||
pin_cmd->pin1.acls[ii].key_ref = cred_id;
|
||||
}
|
||||
else {
|
||||
pin_cmd->pin1.acls[ii].method = SC_AC_NEVER;
|
||||
pin_cmd->pin1.acls[ii].key_ref = 0;
|
||||
if (acl & AUTHENTIC_AC_SM_MASK) {
|
||||
acls[ii].method = SC_AC_SCB;
|
||||
acls[ii].key_ref = sc;
|
||||
}
|
||||
else if (acl!=0xFF && cred_id) {
|
||||
sc_log(ctx, "%i: ACL(method:SC_AC_CHV,id:%i)", ii, cred_id);
|
||||
acls[ii].method = SC_AC_CHV;
|
||||
acls[ii].key_ref = cred_id;
|
||||
}
|
||||
else {
|
||||
acls[ii].method = SC_AC_NEVER;
|
||||
acls[ii].key_ref = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -491,6 +494,11 @@ authentic_init(struct sc_card *card)
|
|||
if (rv != SC_SUCCESS)
|
||||
rv = SC_ERROR_INVALID_CARD;
|
||||
|
||||
/* Free private data on error */
|
||||
if (rv != SC_SUCCESS) {
|
||||
free(card->drv_data);
|
||||
card->drv_data = NULL;
|
||||
}
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
@ -515,9 +523,8 @@ authentic_erase_binary(struct sc_card *card, unsigned int offs, size_t count, un
|
|||
|
||||
rv = sc_update_binary(card, offs, buf_zero, count, flags);
|
||||
free(buf_zero);
|
||||
LOG_TEST_RET(ctx, rv, "'ERASE BINARY' failed");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
}
|
||||
|
||||
|
||||
|
@ -541,7 +548,10 @@ authentic_set_current_files(struct sc_card *card, struct sc_path *path,
|
|||
file->path = *path;
|
||||
|
||||
rv = authentic_process_fci(card, file, resp, resplen);
|
||||
LOG_TEST_RET(ctx, rv, "cannot set 'current file': FCI process error");
|
||||
if (rv != SC_SUCCESS) {
|
||||
sc_file_free(file);
|
||||
LOG_TEST_RET(ctx, rv, "cannot set 'current file': FCI process error");
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
|
@ -561,9 +571,11 @@ authentic_set_current_files(struct sc_card *card, struct sc_path *path,
|
|||
|
||||
if (cur_df_path.len) {
|
||||
if (cur_df_path.len + card->cache.current_df->path.len > sizeof card->cache.current_df->path.value
|
||||
|| cur_df_path.len > sizeof card->cache.current_df->path.value)
|
||||
|| cur_df_path.len > sizeof card->cache.current_df->path.value) {
|
||||
sc_file_free(file);
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
|
||||
memcpy(card->cache.current_df->path.value + cur_df_path.len,
|
||||
}
|
||||
memmove(card->cache.current_df->path.value + cur_df_path.len,
|
||||
card->cache.current_df->path.value,
|
||||
card->cache.current_df->path.len);
|
||||
memcpy(card->cache.current_df->path.value, cur_df_path.value, cur_df_path.len);
|
||||
|
@ -660,12 +672,12 @@ authentic_reduce_path(struct sc_card *card, struct sc_path *path)
|
|||
cur_path = card->cache.current_df->path;
|
||||
|
||||
if (!memcmp(cur_path.value, "\x3F\x00", 2) && memcmp(in_path.value, "\x3F\x00", 2)) {
|
||||
memmove(in_path.value + 2, in_path.value, in_path.len);
|
||||
memmove(in_path.value + 2, in_path.value, (in_path.len - 2));
|
||||
memcpy(in_path.value, "\x3F\x00", 2);
|
||||
in_path.len += 2;
|
||||
}
|
||||
|
||||
for (offs=0; offs < in_path.len && offs < cur_path.len; offs += 2) {
|
||||
for (offs = 0; (offs + 1) < in_path.len && (offs + 1) < cur_path.len; offs += 2) {
|
||||
if (cur_path.value[offs] != in_path.value[offs])
|
||||
break;
|
||||
if (cur_path.value[offs + 1] != in_path.value[offs + 1])
|
||||
|
@ -687,8 +699,8 @@ authentic_debug_select_file(struct sc_card *card, const struct sc_path *path)
|
|||
struct sc_card_cache *cache = &card->cache;
|
||||
|
||||
if (path)
|
||||
sc_log(ctx, "try to select path(type:%i) %s",
|
||||
path->type, sc_print_path(path));
|
||||
sc_log(ctx, "try to select path(type:%i,len=%"SC_FORMAT_LEN_SIZE_T"u) %s",
|
||||
path->type, path->len, sc_print_path(path));
|
||||
|
||||
if (!cache->valid)
|
||||
return;
|
||||
|
@ -752,8 +764,12 @@ authentic_select_file(struct sc_card *card, const struct sc_path *path,
|
|||
memmove(&lpath.value[0], &lpath.value[2], lpath.len - 2);
|
||||
lpath.len -= 2;
|
||||
|
||||
if (!lpath.len)
|
||||
if (lpath.len == 0) {
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
} else if (file_out != NULL) {
|
||||
sc_file_free(*file_out);
|
||||
*file_out = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (lpath.type == SC_PATH_TYPE_PATH && (lpath.len == 2))
|
||||
|
@ -1313,7 +1329,7 @@ authentic_pin_verify(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd)
|
|||
|
||||
memset(prv_data->pins_sha1[pin_cmd->pin_reference], 0, sizeof(prv_data->pins_sha1[0]));
|
||||
|
||||
rv = authentic_pin_get_policy(card, pin_cmd);
|
||||
rv = authentic_pin_get_policy(card, pin_cmd, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
if (pin_cmd->pin1.len > (int)pin_cmd->pin1.max_length)
|
||||
|
@ -1350,7 +1366,7 @@ authentic_pin_change_pinpad(struct sc_card *card, unsigned reference, int *tries
|
|||
pin_cmd.cmd = SC_PIN_CMD_CHANGE;
|
||||
pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd);
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
memset(pin1_data, pin_cmd.pin1.pad_char, sizeof(pin1_data));
|
||||
|
@ -1388,7 +1404,7 @@ authentic_pin_change(struct sc_card *card, struct sc_pin_cmd_data *data, int *tr
|
|||
size_t offs;
|
||||
int rv;
|
||||
|
||||
rv = authentic_pin_get_policy(card, data);
|
||||
rv = authentic_pin_get_policy(card, data, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
memset(prv_data->pins_sha1[data->pin_reference], 0, sizeof(prv_data->pins_sha1[0]));
|
||||
|
@ -1448,7 +1464,7 @@ authentic_chv_set_pinpad(struct sc_card *card, unsigned char reference)
|
|||
pin_cmd.cmd = SC_PIN_CMD_UNBLOCK;
|
||||
pin_cmd.flags |= SC_PIN_CMD_USE_PINPAD | SC_PIN_CMD_NEED_PADDING;
|
||||
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd);
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
memset(pin_data, pin_cmd.pin1.pad_char, sizeof(pin_data));
|
||||
|
@ -1471,7 +1487,7 @@ authentic_chv_set_pinpad(struct sc_card *card, unsigned char reference)
|
|||
|
||||
|
||||
static int
|
||||
authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data)
|
||||
authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data, struct sc_acl_entry *acls)
|
||||
{
|
||||
struct sc_context *ctx = card->ctx;
|
||||
struct sc_apdu apdu;
|
||||
|
@ -1500,7 +1516,7 @@ authentic_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data)
|
|||
|
||||
data->pin1.tries_left = -1;
|
||||
|
||||
rv = authentic_parse_credential_data(ctx, data, apdu.resp, apdu.resplen);
|
||||
rv = authentic_parse_credential_data(ctx, data, acls, apdu.resp, apdu.resplen);
|
||||
LOG_TEST_RET(ctx, rv, "Cannot parse credential data");
|
||||
|
||||
data->pin1.encoding = SC_PIN_ENCODING_ASCII;
|
||||
|
@ -1527,6 +1543,7 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
|
|||
struct sc_context *ctx = card->ctx;
|
||||
struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data;
|
||||
struct sc_pin_cmd_data pin_cmd, puk_cmd;
|
||||
struct sc_acl_entry acls[SC_MAX_SDO_ACLS];
|
||||
struct sc_apdu apdu;
|
||||
unsigned reference;
|
||||
int rv, ii;
|
||||
|
@ -1541,17 +1558,18 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
|
|||
pin_cmd.pin_type = data->pin_type;
|
||||
pin_cmd.pin1.tries_left = -1;
|
||||
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd);
|
||||
memset(&acls, 0, sizeof(acls));
|
||||
rv = authentic_pin_get_policy(card, &pin_cmd, acls);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
if (pin_cmd.pin1.acls[AUTHENTIC_ACL_NUM_PIN_RESET].method == SC_AC_CHV) {
|
||||
if (acls[AUTHENTIC_ACL_NUM_PIN_RESET].method == SC_AC_CHV) {
|
||||
for (ii=0;ii<8;ii++) {
|
||||
unsigned char mask = 0x01 << ii;
|
||||
if (pin_cmd.pin1.acls[AUTHENTIC_ACL_NUM_PIN_RESET].key_ref & mask) {
|
||||
if (acls[AUTHENTIC_ACL_NUM_PIN_RESET].key_ref & mask) {
|
||||
memset(&puk_cmd, 0, sizeof(puk_cmd));
|
||||
puk_cmd.pin_reference = ii + 1;
|
||||
|
||||
rv = authentic_pin_get_policy(card, &puk_cmd);
|
||||
rv = authentic_pin_get_policy(card, &puk_cmd, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
|
||||
|
||||
if (puk_cmd.pin_type == SC_AC_CHV)
|
||||
|
@ -1627,7 +1645,7 @@ authentic_pin_cmd(struct sc_card *card, struct sc_pin_cmd_data *data, int *tries
|
|||
rv = authentic_pin_reset(card, data, tries_left);
|
||||
break;
|
||||
case SC_PIN_CMD_GET_INFO:
|
||||
rv = authentic_pin_get_policy(card, data);
|
||||
rv = authentic_pin_get_policy(card, data, NULL);
|
||||
break;
|
||||
default:
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Unsupported PIN command");
|
||||
|
|
|
@ -215,7 +215,6 @@ static int belpic_match_card(sc_card_t *card)
|
|||
static int belpic_init(sc_card_t *card)
|
||||
{
|
||||
int key_size = 1024;
|
||||
int r;
|
||||
|
||||
sc_log(card->ctx, "Belpic V%s\n", BELPIC_VERSION);
|
||||
|
||||
|
@ -227,7 +226,7 @@ static int belpic_init(sc_card_t *card)
|
|||
u8 carddata[BELPIC_CARDDATA_RESP_LEN];
|
||||
memset(carddata, 0, sizeof(carddata));
|
||||
|
||||
if((r = get_carddata(card, carddata, sizeof(carddata))) < 0) {
|
||||
if(get_carddata(card, carddata, sizeof(carddata)) < 0) {
|
||||
return SC_ERROR_INVALID_CARD;
|
||||
}
|
||||
if (carddata[BELPIC_CARDDATA_OFF_APPLETVERS] >= 0x17) {
|
||||
|
|
|
@ -54,6 +54,7 @@
|
|||
#endif
|
||||
#include "iso7816.h"
|
||||
#include "card-cac-common.h"
|
||||
#include "pkcs15.h"
|
||||
|
||||
/*
|
||||
* CAC hardware and APDU constants
|
||||
|
@ -105,6 +106,8 @@
|
|||
#define CAC_ACR_AMP 0x20
|
||||
#define CAC_ACR_SERVICE 0x21
|
||||
|
||||
#define CAC_MAX_CCC_DEPTH 16
|
||||
|
||||
/* hardware data structures (returned in the CCC) */
|
||||
/* part of the card_url */
|
||||
typedef struct cac_access_profile {
|
||||
|
@ -621,15 +624,6 @@ done:
|
|||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
|
||||
/* CAC driver is read only */
|
||||
static int cac_write_binary(sc_card_t *card, unsigned int idx,
|
||||
const u8 *buf, size_t count, unsigned long flags)
|
||||
{
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
/* initialize getting a list and return the number of elements in the list */
|
||||
static int cac_get_init_and_get_count(list_t *list, cac_object_t **entry, int *countp)
|
||||
{
|
||||
|
@ -877,7 +871,7 @@ static int cac_parse_properties_object(sc_card_t *card, u8 type,
|
|||
if (data_len < 11)
|
||||
return -1;
|
||||
|
||||
/* Initilize: non-PKI applet */
|
||||
/* Initialize: non-PKI applet */
|
||||
object->privatekey = 0;
|
||||
|
||||
val = data;
|
||||
|
@ -1090,10 +1084,8 @@ static int cac_select_file_by_type(sc_card_t *card, const sc_path_t *in_path, sc
|
|||
* We only need to do this for private keys.
|
||||
*/
|
||||
if ((pathlen > 2) && (pathlen <= 4) && memcmp(path, "\x3F\x00", 2) == 0) {
|
||||
if (pathlen > 2) {
|
||||
path += 2;
|
||||
pathlen -= 2;
|
||||
}
|
||||
path += 2;
|
||||
pathlen -= 2;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1307,7 +1299,7 @@ static int cac_parse_aid(sc_card_t *card, cac_private_data_t *priv, const u8 *ai
|
|||
memcpy(new_object.path.aid.value, aid, aid_len);
|
||||
new_object.path.aid.len = aid_len;
|
||||
|
||||
/* Call without OID set will just select the AID without subseqent
|
||||
/* Call without OID set will just select the AID without subsequent
|
||||
* OID selection, which we need to figure out just now
|
||||
*/
|
||||
cac_select_file_by_type(card, &new_object.path, NULL);
|
||||
|
@ -1419,10 +1411,10 @@ static int cac_parse_cuid(sc_card_t *card, cac_private_data_t *priv, cac_cuid_t
|
|||
priv->cac_id_len = card_id_len;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv);
|
||||
static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth);
|
||||
|
||||
static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl,
|
||||
size_t tl_len, u8 *val, size_t val_len)
|
||||
size_t tl_len, u8 *val, size_t val_len, int depth)
|
||||
{
|
||||
size_t len = 0;
|
||||
const u8 *tl_end = tl + tl_len;
|
||||
|
@ -1519,7 +1511,8 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = cac_process_CCC(card, priv);
|
||||
/* Increase depth to avoid infinite recursion */
|
||||
r = cac_process_CCC(card, priv, depth + 1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
break;
|
||||
|
@ -1532,12 +1525,16 @@ static int cac_parse_CCC(sc_card_t *card, cac_private_data_t *priv, const u8 *tl
|
|||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv)
|
||||
static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv, int depth)
|
||||
{
|
||||
u8 *tl = NULL, *val = NULL;
|
||||
size_t tl_len, val_len;
|
||||
int r;
|
||||
|
||||
if (depth > CAC_MAX_CCC_DEPTH) {
|
||||
sc_log(card->ctx, "Too much recursive CCC found. Exiting");
|
||||
return SC_ERROR_INVALID_CARD;
|
||||
}
|
||||
|
||||
r = cac_read_file(card, CAC_FILE_TAG, &tl, &tl_len);
|
||||
if (r < 0)
|
||||
|
@ -1547,7 +1544,7 @@ static int cac_process_CCC(sc_card_t *card, cac_private_data_t *priv)
|
|||
if (r < 0)
|
||||
goto done;
|
||||
|
||||
r = cac_parse_CCC(card, priv, tl, tl_len, val, val_len);
|
||||
r = cac_parse_CCC(card, priv, tl, tl_len, val, val_len, depth);
|
||||
done:
|
||||
if (tl)
|
||||
free(tl);
|
||||
|
@ -1774,7 +1771,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
|||
priv = cac_new_private_data();
|
||||
if (!priv)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
r = cac_process_CCC(card, priv);
|
||||
r = cac_process_CCC(card, priv, 0);
|
||||
if (r == SC_SUCCESS) {
|
||||
card->type = SC_CARD_TYPE_CAC_II;
|
||||
card->drv_data = priv;
|
||||
|
@ -1796,7 +1793,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
|||
}
|
||||
r = cac_process_ACA(card, priv);
|
||||
if (r == SC_SUCCESS) {
|
||||
card->type = SC_CARD_TYPE_CAC_II;
|
||||
card->type = SC_CARD_TYPE_CAC_ALT_HID;
|
||||
card->drv_data = priv;
|
||||
return r;
|
||||
}
|
||||
|
@ -1872,7 +1869,10 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
|
|||
* FIPS 201 4.1.6.1 (numeric only) and * FIPS 140-2
|
||||
* (6 character minimum) requirements.
|
||||
*/
|
||||
sc_apdu_t apdu;
|
||||
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE];
|
||||
struct sc_card_driver *iso_drv = sc_get_iso7816_driver();
|
||||
int rv;
|
||||
|
||||
if (data->cmd == SC_PIN_CMD_CHANGE) {
|
||||
int i = 0;
|
||||
|
@ -1884,9 +1884,24 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
|
|||
return SC_ERROR_INVALID_DATA;
|
||||
}
|
||||
}
|
||||
|
||||
/* We can change the PIN of Giesecke & Devrient CAC ALT tokens
|
||||
* with a bit non-standard APDU */
|
||||
if (card->type == SC_CARD_TYPE_CAC_ALT_HID) {
|
||||
int r = 0;
|
||||
r = iso7816_build_pin_apdu(card, &apdu, data, sbuf, sizeof(sbuf));
|
||||
if (r < 0)
|
||||
return r;
|
||||
/* it requires P1 = 0x01 completely against the ISO specs */
|
||||
apdu.p1 = 0x01;
|
||||
data->apdu = &apdu;
|
||||
}
|
||||
}
|
||||
|
||||
return iso_drv->ops->pin_cmd(card, data, tries_left);
|
||||
rv = iso_drv->ops->pin_cmd(card, data, tries_left);
|
||||
|
||||
data->apdu = NULL;
|
||||
return rv;
|
||||
}
|
||||
|
||||
static struct sc_card_operations cac_ops;
|
||||
|
@ -1910,7 +1925,8 @@ static struct sc_card_driver * sc_get_driver(void)
|
|||
cac_ops.select_file = cac_select_file; /* need to record object type */
|
||||
cac_ops.get_challenge = cac_get_challenge;
|
||||
cac_ops.read_binary = cac_read_binary;
|
||||
cac_ops.write_binary = cac_write_binary;
|
||||
/* CAC driver is read only */
|
||||
cac_ops.write_binary = NULL;
|
||||
cac_ops.set_security_env = cac_set_security_env;
|
||||
cac_ops.restore_security_env = cac_restore_security_env;
|
||||
cac_ops.compute_signature = cac_compute_signature;
|
||||
|
|
|
@ -54,6 +54,7 @@
|
|||
#endif
|
||||
#include "iso7816.h"
|
||||
#include "card-cac-common.h"
|
||||
#include "pkcs15.h"
|
||||
|
||||
/*
|
||||
* CAC hardware and APDU constants
|
||||
|
@ -78,7 +79,7 @@ static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_l
|
|||
out_ptr = *out_buf ? *out_buf : buf;
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, CAC_INS_GET_CERTIFICATE, 0, 0 );
|
||||
len = MIN(left, 100);
|
||||
for (; left > 0;) { /* Increments for readability in the end of the function */
|
||||
while (left > 0) {
|
||||
apdu.resp = out_ptr;
|
||||
apdu.le = len;
|
||||
apdu.resplen = left;
|
||||
|
|
|
@ -53,13 +53,44 @@ static const struct sc_atr_table cardos_atrs[] = {
|
|||
/* CardOS v5.0 */
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:01:14", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
||||
/* CardOS v5.3 */
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:02:17", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_0, 0, NULL},
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:02:17", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:03:16", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
|
||||
/* CardOS v5.4 */
|
||||
{ "3b:d2:18:00:81:31:fe:58:c9:04:11", NULL, NULL, SC_CARD_TYPE_CARDOS_V5_3, 0, NULL},
|
||||
{ NULL, NULL, NULL, 0, 0, NULL }
|
||||
};
|
||||
|
||||
static unsigned int algorithm_ids_in_tokeninfo[SC_MAX_SUPPORTED_ALGORITHMS];
|
||||
static unsigned int algorithm_ids_in_tokeninfo_count=0;
|
||||
/* private data for cardos driver */
|
||||
typedef struct cardos_data {
|
||||
/* constructed internally */
|
||||
unsigned int algorithm_ids_in_tokeninfo[SC_MAX_SUPPORTED_ALGORITHMS];
|
||||
unsigned int algorithm_ids_in_tokeninfo_count;
|
||||
unsigned long flags; /* flags used by init to create sc_algorithms */
|
||||
unsigned long ec_flags;
|
||||
unsigned long ext_flags;
|
||||
int rsa_2048;
|
||||
const sc_security_env_t * sec_env;
|
||||
} cardos_data_t;
|
||||
|
||||
/* copied from iso7816.c */
|
||||
static void fixup_transceive_length(const struct sc_card *card,
|
||||
struct sc_apdu *apdu)
|
||||
{
|
||||
if (card == NULL || apdu == NULL) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (apdu->lc > sc_get_max_send_size(card)) {
|
||||
/* The lower layers will automatically do chaining */
|
||||
apdu->flags |= SC_APDU_FLAGS_CHAINING;
|
||||
}
|
||||
|
||||
if (apdu->le > sc_get_max_recv_size(card)) {
|
||||
/* The lower layers will automatically do a GET RESPONSE, if possible.
|
||||
* All other workarounds must be carried out by the upper layers. */
|
||||
apdu->le = sc_get_max_recv_size(card);
|
||||
}
|
||||
}
|
||||
|
||||
static int cardos_match_card(sc_card_t *card)
|
||||
{
|
||||
|
@ -79,6 +110,8 @@ static int cardos_match_card(sc_card_t *card)
|
|||
return 1;
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0)
|
||||
return 1;
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_3)
|
||||
return 1;
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
|
||||
int rv;
|
||||
sc_apdu_t apdu;
|
||||
|
@ -128,7 +161,7 @@ static int cardos_have_2048bit_package(sc_card_t *card)
|
|||
sc_apdu_t apdu;
|
||||
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE];
|
||||
int r;
|
||||
const u8 *p = rbuf, *q;
|
||||
const u8 *p = rbuf, *q, *pp;
|
||||
size_t len, tlen = 0, ilen = 0;
|
||||
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88);
|
||||
|
@ -144,10 +177,10 @@ static int cardos_have_2048bit_package(sc_card_t *card)
|
|||
return 0;
|
||||
|
||||
while (len != 0) {
|
||||
p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
|
||||
if (p == NULL)
|
||||
pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen);
|
||||
if (pp == NULL)
|
||||
return 0;
|
||||
q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen);
|
||||
q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen);
|
||||
if (q == NULL || ilen != 4)
|
||||
return 0;
|
||||
if (q[0] == 0x1c)
|
||||
|
@ -159,42 +192,104 @@ static int cardos_have_2048bit_package(sc_card_t *card)
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Called from cardos_init for old cards, from cardos_cardctl_parsed_token_info for new cards */
|
||||
/* TODO see if works from old cards too */
|
||||
static int cardos_add_algs(sc_card_t *card, unsigned long flags, unsigned long ec_flags, unsigned long ext_flags)
|
||||
{
|
||||
|
||||
cardos_data_t * priv = (cardos_data_t *)card->drv_data;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
_sc_card_add_rsa_alg(card, 512, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 768, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
||||
if (priv->rsa_2048 == 1) {
|
||||
_sc_card_add_rsa_alg(card, 1280, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1536, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1792, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
||||
}
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
/* Starting with CardOS 5, the card supports PIN query commands */
|
||||
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
||||
_sc_card_add_rsa_alg(card, 3072, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 4096, flags, 0);
|
||||
}
|
||||
|
||||
/* TODO need to get sizes from supported_algos too */
|
||||
if (ec_flags != 0) {
|
||||
_sc_card_add_ec_alg(card, 256, ec_flags, priv->ext_flags, NULL);
|
||||
_sc_card_add_ec_alg(card, 384, ec_flags, priv->ext_flags, NULL);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int cardos_init(sc_card_t *card)
|
||||
{
|
||||
unsigned long flags = 0, rsa_2048 = 0;
|
||||
cardos_data_t * priv = NULL;
|
||||
unsigned long flags = 0;
|
||||
size_t data_field_length;
|
||||
sc_apdu_t apdu;
|
||||
u8 rbuf[2];
|
||||
int r;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
priv = calloc(1, sizeof(cardos_data_t));
|
||||
if (!priv)
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
card->drv_data = priv;
|
||||
|
||||
card->name = "Atos CardOS";
|
||||
card->cla = 0x00;
|
||||
|
||||
/* Set up algorithm info. */
|
||||
flags = 0;
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||
/* let user override flags and type from opensc.conf */
|
||||
/* user can override card->type too.*/
|
||||
if (card->flags) {
|
||||
flags = card->flags;
|
||||
} else {
|
||||
flags |= SC_ALGORITHM_RSA_RAW
|
||||
| SC_ALGORITHM_RSA_HASH_NONE
|
||||
| SC_ALGORITHM_NEED_USAGE
|
||||
| SC_ALGORITHM_ONBOARD_KEY_GEN;
|
||||
|
||||
/* Set up algorithm info. */
|
||||
flags = 0;
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||
} else if(card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
flags |= SC_ALGORITHM_RSA_RAW
|
||||
| SC_ALGORITHM_RSA_HASH_NONE
|
||||
| SC_ALGORITHM_ONBOARD_KEY_GEN;
|
||||
} else {
|
||||
flags |= SC_ALGORITHM_RSA_RAW
|
||||
| SC_ALGORITHM_RSA_HASH_NONE
|
||||
| SC_ALGORITHM_NEED_USAGE
|
||||
| SC_ALGORITHM_ONBOARD_KEY_GEN;
|
||||
}
|
||||
}
|
||||
|
||||
priv->flags = flags;
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_M4_2) {
|
||||
r = cardos_have_2048bit_package(card);
|
||||
if (r < 0)
|
||||
return SC_ERROR_INVALID_CARD;
|
||||
if (r < 0) {
|
||||
r = SC_ERROR_INVALID_CARD;
|
||||
goto err;
|
||||
}
|
||||
if (r == 1)
|
||||
rsa_2048 = 1;
|
||||
priv->rsa_2048 = 1;
|
||||
card->caps |= SC_CARD_CAP_APDU_EXT;
|
||||
} else if (card->type == SC_CARD_TYPE_CARDOS_M4_3
|
||||
} else if (card->type == SC_CARD_TYPE_CARDOS_M4_3
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2B
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
rsa_2048 = 1;
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
priv->rsa_2048 = 1;
|
||||
card->caps |= SC_CARD_CAP_APDU_EXT;
|
||||
/* TODO check this. EC only if in supported_algo */
|
||||
priv->ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
|
||||
}
|
||||
|
||||
/* probe DATA FIELD LENGTH with GET DATA */
|
||||
|
@ -202,48 +297,122 @@ static int cardos_init(sc_card_t *card)
|
|||
apdu.le = sizeof rbuf;
|
||||
apdu.resp = rbuf;
|
||||
apdu.resplen = sizeof(rbuf);
|
||||
|
||||
r = sc_transmit_apdu(card, &apdu);
|
||||
if (r < 0)
|
||||
LOG_TEST_RET(card->ctx,
|
||||
LOG_TEST_GOTO_ERR(card->ctx,
|
||||
SC_ERROR_INVALID_CARD,
|
||||
"APDU transmit failed");
|
||||
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
if (r < 0)
|
||||
LOG_TEST_RET(card->ctx,
|
||||
LOG_TEST_GOTO_ERR(card->ctx,
|
||||
SC_ERROR_INVALID_CARD,
|
||||
"GET DATA command returned error");
|
||||
if (apdu.resplen != 2)
|
||||
return SC_ERROR_INVALID_CARD;
|
||||
if (apdu.resplen != 2) {
|
||||
r = SC_ERROR_INVALID_CARD;
|
||||
goto err;
|
||||
}
|
||||
data_field_length = ((rbuf[0] << 8) | rbuf[1]);
|
||||
|
||||
/* strip the length of possible Lc and Le bytes */
|
||||
if (card->caps & SC_CARD_CAP_APDU_EXT)
|
||||
card->max_send_size = data_field_length - 6;
|
||||
else
|
||||
card->max_send_size = data_field_length - 3;
|
||||
/* strip the length of SW bytes */
|
||||
card->max_recv_size = data_field_length - 2;
|
||||
/* TODO is this really needed? strip the length of possible Lc and Le bytes */
|
||||
|
||||
_sc_card_add_rsa_alg(card, 512, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 768, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
||||
if (rsa_2048 == 1) {
|
||||
_sc_card_add_rsa_alg(card, 1280, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1536, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 1792, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
||||
/* Use Min card sizes and reader too. for V5_3 at least*/
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "data_field_length:%"SC_FORMAT_LEN_SIZE_T"u "
|
||||
"card->reader->max_send_size:%"SC_FORMAT_LEN_SIZE_T"u "
|
||||
"card->reader->max_recv_size:%"SC_FORMAT_LEN_SIZE_T"u %s",
|
||||
data_field_length, card->reader->max_send_size, card->reader->max_recv_size,
|
||||
(card->caps & SC_CARD_CAP_APDU_EXT) ? "SC_CARD_CAP_APDU_EXT" : " ");
|
||||
|
||||
if (card->caps & SC_CARD_CAP_APDU_EXT) {
|
||||
card->max_send_size = data_field_length - 6;
|
||||
#ifdef _WIN32
|
||||
/* Windows does not support PCSC PART_10 and may have forced reader to 255/256
|
||||
* https://github.com/OpenSC/OpenSC/commit/eddea6f3c2d3dafc2c09eba6695c745a61b5186f
|
||||
* may have reset this. if so, will override and force extended
|
||||
* Most, if not all, cardos cards do extended, but not chaining
|
||||
*/
|
||||
if (card->reader->max_send_size == 255 && card->reader->max_recv_size == 256) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "resetting reader to use data_field_length");
|
||||
card->reader->max_send_size = data_field_length - 6;
|
||||
card->reader->max_recv_size = data_field_length - 3;
|
||||
}
|
||||
#endif
|
||||
} else
|
||||
card->max_send_size = data_field_length - 3;
|
||||
|
||||
card->max_send_size = sc_get_max_send_size(card); /* include reader sizes and protocol */
|
||||
card->max_recv_size = data_field_length - 2;
|
||||
card->max_recv_size = sc_get_max_recv_size(card);
|
||||
} else {
|
||||
/* old way, disregards reader capabilities */
|
||||
if (card->caps & SC_CARD_CAP_APDU_EXT)
|
||||
card->max_send_size = data_field_length - 6;
|
||||
else
|
||||
card->max_send_size = data_field_length - 3;
|
||||
/* strip the length of SW bytes */
|
||||
card->max_recv_size = data_field_length - 2;
|
||||
}
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
/* Starting with CardOS 5, the card supports PIN query commands */
|
||||
card->caps |= SC_CARD_CAP_ISO7816_PIN_INFO;
|
||||
_sc_card_add_rsa_alg(card, 3072, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 4096, flags, 0);
|
||||
/*for new cards, wait till after sc_pkcs15_bind_internal reads tokeninfo */
|
||||
if (card->type != SC_CARD_TYPE_CARDOS_V5_0 && card->type != SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
r = cardos_add_algs(card, flags, 0, 0);
|
||||
}
|
||||
|
||||
return 0;
|
||||
err:
|
||||
if (r != SC_SUCCESS) {
|
||||
free(priv);
|
||||
card->drv_data = NULL;
|
||||
}
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
static int cardos_pass_algo_flags(sc_card_t *card, struct sc_cardctl_cardos_pass_algo_flags * ptr)
|
||||
{
|
||||
cardos_data_t * priv = (cardos_data_t *)card->drv_data;
|
||||
int r = 0;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
switch (ptr->pass) {
|
||||
case 1:
|
||||
ptr->card_flags = card->flags;
|
||||
ptr->used_flags = priv->flags;
|
||||
ptr->ec_flags = priv->ec_flags;
|
||||
ptr->ext_flags = priv->ext_flags;
|
||||
break;
|
||||
case 2:
|
||||
r = cardos_add_algs(card,ptr->new_flags, ptr->ec_flags, ptr->ext_flags);
|
||||
break;
|
||||
default:
|
||||
sc_log(card->ctx, "ptr->pass: %ul invalid", ptr->pass);
|
||||
r = SC_ERROR_INTERNAL;
|
||||
}
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
|
||||
|
||||
static int cardos_finish(sc_card_t *card)
|
||||
{
|
||||
int r = 0;
|
||||
|
||||
if (card == NULL )
|
||||
return 0;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
/* free priv data */
|
||||
if (card->drv_data) { /* priv */
|
||||
free(card->drv_data);
|
||||
card->drv_data = NULL;
|
||||
}
|
||||
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
}
|
||||
|
||||
|
||||
|
||||
static const struct sc_card_error cardos_errors[] = {
|
||||
/* some error inside the card */
|
||||
/* i.e. nothing you can do */
|
||||
|
@ -381,8 +550,7 @@ get_next_part:
|
|||
q = sc_asn1_find_tag(card->ctx, p, tlen, 0x8a, &ilen);
|
||||
if (q != NULL && ilen == 1) {
|
||||
offset = (u8)ilen;
|
||||
if (offset != 0)
|
||||
goto get_next_part;
|
||||
goto get_next_part;
|
||||
}
|
||||
len -= tlen + 2;
|
||||
p += tlen;
|
||||
|
@ -462,7 +630,7 @@ static const int ef_acl[9] = {
|
|||
/* XXX: ADMIN should be an ACL type of its own, or mapped
|
||||
* to erase */
|
||||
SC_AC_OP_UPDATE, /* ADMIN EF (modify meta information?) */
|
||||
-1, /* INC (-> cylic fixed files) */
|
||||
-1, /* INC (-> cyclic fixed files) */
|
||||
-1 /* DEC */
|
||||
};
|
||||
|
||||
|
@ -773,8 +941,9 @@ cardos_set_security_env(sc_card_t *card,
|
|||
const sc_security_env_t *env,
|
||||
int se_num)
|
||||
{
|
||||
cardos_data_t* priv = (cardos_data_t*)card->drv_data;
|
||||
sc_apdu_t apdu;
|
||||
u8 data[6];
|
||||
u8 data[9];
|
||||
int key_id, r;
|
||||
|
||||
assert(card != NULL && env != NULL);
|
||||
|
@ -783,6 +952,15 @@ cardos_set_security_env(sc_card_t *card,
|
|||
sc_log(card->ctx, "No or invalid key reference\n");
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
priv->sec_env = env; /* pass on to crypto routines */
|
||||
|
||||
/* key_ref includes card mechanism and key number
|
||||
* But newer cards appear to get this some other way,
|
||||
* We can use flags passed to know what OpenSC expects from the card
|
||||
* and have derived what these machanisums are.
|
||||
* Newer cards may change how this is done
|
||||
*/
|
||||
|
||||
key_id = env->key_ref[0];
|
||||
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0, 0);
|
||||
|
@ -803,16 +981,39 @@ cardos_set_security_env(sc_card_t *card,
|
|||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
/* some cards appear to have key_id be both Cryptographic mechanism reference 4 bits
|
||||
* and key_ref 4 bits. But this limits card to 16 keys.
|
||||
* TODO may need to be looked at at a later time
|
||||
*/
|
||||
/* Private key reference */
|
||||
data[0] = 0x84;
|
||||
data[1] = 0x01;
|
||||
data[2] = key_id;
|
||||
data[2] = key_id & 0x0F;
|
||||
/* Usage qualifier byte */
|
||||
data[3] = 0x95;
|
||||
data[4] = 0x01;
|
||||
data[5] = 0x40;
|
||||
apdu.lc = apdu.datalen = 6;
|
||||
if (key_id & 0xF0) {
|
||||
/* Cryptographic mechanism reference */
|
||||
data[6] = 0x80;
|
||||
data[7] = 0x01;
|
||||
data[8] = key_id & 0xF0;
|
||||
apdu.lc = apdu.datalen = 9;
|
||||
} else if (priv->sec_env->algorithm_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
||||
/* TODO this may only apply to c903 cards */
|
||||
/* TODO or only for cards without any supported_algos or EIDComplient only */
|
||||
data[6] = 0x80;
|
||||
data[7] = 0x01;
|
||||
data[8] = 0x10;
|
||||
apdu.lc = apdu.datalen = 9;
|
||||
} else if (priv->sec_env->algorithm_flags & SC_ALGORITHM_ECDSA_RAW) {
|
||||
data[6] = 0x80;
|
||||
data[7] = 0x01;
|
||||
data[8] = 0x30;
|
||||
apdu.lc = apdu.datalen = 9;
|
||||
}
|
||||
} else {
|
||||
data[0] = 0x83;
|
||||
data[1] = 0x01;
|
||||
|
@ -840,12 +1041,12 @@ cardos_set_security_env(sc_card_t *card,
|
|||
|
||||
sc_log(card->ctx, "is signature");
|
||||
sc_log(card->ctx, "Adding ID %d at index %d", algorithm_id, algorithm_id_count);
|
||||
algorithm_ids_in_tokeninfo[algorithm_id_count++] = algorithm_id;
|
||||
priv->algorithm_ids_in_tokeninfo[algorithm_id_count++] = algorithm_id;
|
||||
}
|
||||
sc_log(card->ctx, "reference=%d, mechanism=%d, operations=%d, algo_ref=%d",
|
||||
alg.reference, alg.mechanism, alg.operations, alg.algo_ref);
|
||||
}
|
||||
algorithm_ids_in_tokeninfo_count = algorithm_id_count;
|
||||
priv -> algorithm_ids_in_tokeninfo_count = algorithm_id_count;
|
||||
} while (0);
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
|
@ -860,6 +1061,7 @@ static int
|
|||
do_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
||||
u8 *out, size_t outlen)
|
||||
{
|
||||
/* cardos_data_t* priv = (cardos_data_t*)card->drv_dataa */;
|
||||
int r;
|
||||
sc_apdu_t apdu;
|
||||
|
||||
|
@ -874,6 +1076,7 @@ do_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
apdu.data = data;
|
||||
apdu.lc = datalen;
|
||||
apdu.datalen = datalen;
|
||||
fixup_transceive_length(card, &apdu);
|
||||
r = sc_transmit_apdu(card, &apdu);
|
||||
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
||||
|
||||
|
@ -887,6 +1090,7 @@ static int
|
|||
cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
||||
u8 *out, size_t outlen)
|
||||
{
|
||||
cardos_data_t* priv;
|
||||
int r;
|
||||
sc_context_t *ctx;
|
||||
int do_rsa_pure_sig = 0;
|
||||
|
@ -896,8 +1100,21 @@ cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
|
||||
assert(card != NULL && data != NULL && out != NULL);
|
||||
ctx = card->ctx;
|
||||
priv = (cardos_data_t*)card->drv_data;
|
||||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
/* sec_env has algorithm_flags set from sc_get_encoding_flags sec_flags
|
||||
* If flags are set correctly we don't need to test anything
|
||||
* TODO this assumes RSA is PSS, PKCS1 or RAW and we are passing
|
||||
* the correct data. Should work for ECDSA too.
|
||||
* use for V5 cards and TODO should for older cards too
|
||||
*/
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
|
||||
r = do_compute_signature(card, data, datalen, out, outlen);
|
||||
LOG_FUNC_RETURN(ctx, r);
|
||||
}
|
||||
|
||||
/* There are two ways to create a signature, depending on the way,
|
||||
* the key was created: RSA_SIG and RSA_PURE_SIG.
|
||||
* We can use the following reasoning, to determine the correct operation:
|
||||
|
@ -914,8 +1131,8 @@ cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
*/
|
||||
|
||||
/* check the the algorithmIDs from the AlgorithmInfo */
|
||||
for (i = 0; i < algorithm_ids_in_tokeninfo_count; ++i) {
|
||||
unsigned int id = algorithm_ids_in_tokeninfo[i];
|
||||
for (i = 0; i < priv->algorithm_ids_in_tokeninfo_count; ++i) {
|
||||
unsigned int id = priv->algorithm_ids_in_tokeninfo[i];
|
||||
if (id == 0x86 || id == 0x88) {
|
||||
do_rsa_sig = 1;
|
||||
} else if (id == 0x8C || id == 0x8A) {
|
||||
|
@ -986,10 +1203,41 @@ cardos_decipher(struct sc_card *card,
|
|||
const u8 * crgram, size_t crgram_len,
|
||||
u8 * out, size_t outlen)
|
||||
{
|
||||
cardos_data_t* priv = (cardos_data_t*)card->drv_data;
|
||||
int r;
|
||||
size_t card_max_send_size = card->max_send_size;
|
||||
size_t reader_max_send_size = card->reader->max_send_size;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
/* 5.3 supports command chaining. Others may also
|
||||
* card_max_send_size for 5.3 is already based on reader max_send_size */
|
||||
|
||||
if (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
|
||||
r = iso_ops->decipher(card, crgram, crgram_len, out, outlen);
|
||||
/*
|
||||
* 5.3 supports RAW as well as PKCS1 and PSS
|
||||
* description may strip padding if card supports it
|
||||
* with cards that support RAW, it always appears to
|
||||
* drop first 00 that is start of padding.
|
||||
*/
|
||||
|
||||
if (r > 0 && priv->sec_env->algorithm_flags & SC_ALGORITHM_RSA_RAW) {
|
||||
size_t rsize = r;
|
||||
/* RSA RAW crgram_len == modlen */
|
||||
/* removed padding is always > 1 byte */
|
||||
/* add back missing leading zero if card dropped it */
|
||||
if (rsize == crgram_len - 1 && rsize < outlen) {
|
||||
memmove(out+1, out, rsize);
|
||||
out[0] =0x00;
|
||||
r++;
|
||||
}
|
||||
}
|
||||
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
}
|
||||
|
||||
if (sc_get_max_send_size(card) < crgram_len + 1) {
|
||||
/* CardOS doesn't support chaining for PSO:DEC, so we just _hope_
|
||||
* that both, the reader and the card are able to send enough data.
|
||||
|
@ -1004,7 +1252,7 @@ cardos_decipher(struct sc_card *card,
|
|||
card->max_send_size = card_max_send_size;
|
||||
card->reader->max_send_size = reader_max_send_size;
|
||||
|
||||
return r;
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1189,7 +1437,7 @@ static int cardos_get_serialnr(sc_card_t *card, sc_serial_number_t *serial)
|
|||
LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
||||
if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
|
||||
return SC_ERROR_INTERNAL;
|
||||
if ((apdu.resplen == 8) && (card->type == SC_CARD_TYPE_CARDOS_V5_0)) {
|
||||
if ((apdu.resplen == 8) && (card->type == SC_CARD_TYPE_CARDOS_V5_0 || card->type == SC_CARD_TYPE_CARDOS_V5_3)) {
|
||||
/* cache serial number */
|
||||
memcpy(card->serialnr.value, rbuf, 8);
|
||||
card->serialnr.len = 8;
|
||||
|
@ -1224,6 +1472,9 @@ cardos_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
|||
case SC_CARDCTL_CARDOS_GENERATE_KEY:
|
||||
return cardos_generate_key(card,
|
||||
(struct sc_cardctl_cardos_genkey_info *) ptr);
|
||||
case SC_CARDCTL_CARDOS_PASS_ALGO_FLAGS:
|
||||
return cardos_pass_algo_flags(card,
|
||||
(struct sc_cardctl_cardos_pass_algo_flags *) ptr);
|
||||
case SC_CARDCTL_LIFECYCLE_GET:
|
||||
return cardos_lifecycle_get(card, (int *) ptr);
|
||||
case SC_CARDCTL_LIFECYCLE_SET:
|
||||
|
@ -1280,7 +1531,8 @@ cardos_logout(sc_card_t *card)
|
|||
|| card->type == SC_CARD_TYPE_CARDOS_M4_2C
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_3
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_M4_4
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0) {
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_0
|
||||
|| card->type == SC_CARD_TYPE_CARDOS_V5_3) {
|
||||
sc_apdu_t apdu;
|
||||
int r;
|
||||
sc_path_t path;
|
||||
|
@ -1310,6 +1562,7 @@ static struct sc_card_driver * sc_get_driver(void)
|
|||
cardos_ops = *iso_ops;
|
||||
cardos_ops.match_card = cardos_match_card;
|
||||
cardos_ops.init = cardos_init;
|
||||
cardos_ops.finish = cardos_finish;
|
||||
cardos_ops.select_file = cardos_select_file;
|
||||
cardos_ops.create_file = cardos_create_file;
|
||||
cardos_ops.set_security_env = cardos_set_security_env;
|
||||
|
|
|
@ -799,9 +799,7 @@ static void coolkey_free_private_data(coolkey_private_data_t *priv)
|
|||
list_iterator_stop(l);
|
||||
|
||||
list_destroy(&priv->objects_list);
|
||||
if (priv->token_name) {
|
||||
free(priv->token_name);
|
||||
}
|
||||
free(priv->token_name);
|
||||
free(priv);
|
||||
return;
|
||||
}
|
||||
|
@ -1101,6 +1099,8 @@ static int coolkey_read_object(sc_card_t *card, unsigned long object_id, size_t
|
|||
size_t len;
|
||||
int r;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
ulong2bebytes(¶ms.object_id[0], object_id);
|
||||
|
||||
out_ptr = out_buf;
|
||||
|
@ -1127,7 +1127,7 @@ static int coolkey_read_object(sc_card_t *card, unsigned long object_id, size_t
|
|||
return out_len;
|
||||
|
||||
fail:
|
||||
return r;
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1208,7 +1208,7 @@ static int coolkey_read_binary(sc_card_t *card, unsigned int idx,
|
|||
|
||||
|
||||
r = coolkey_read_object(card, priv->obj->id, 0, data, priv->obj->length,
|
||||
priv->nonce, sizeof(priv->nonce));
|
||||
priv->nonce, sizeof(priv->nonce));
|
||||
if (r < 0)
|
||||
goto done;
|
||||
|
||||
|
@ -1337,8 +1337,11 @@ static int coolkey_get_token_info(sc_card_t *card, sc_pkcs15_tokeninfo_t * token
|
|||
serial_number = coolkey_cuid_to_string(&priv->cuid);
|
||||
|
||||
if (label && manufacturer_id && serial_number) {
|
||||
free(token_info->label);
|
||||
token_info->label = label;
|
||||
free(token_info->manufacturer_id);
|
||||
token_info->manufacturer_id = manufacturer_id;
|
||||
free(token_info->serial_number);
|
||||
token_info->serial_number = serial_number;
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
@ -1367,6 +1370,8 @@ coolkey_fill_object(sc_card_t *card, sc_cardctl_coolkey_object_t *obj)
|
|||
sc_cardctl_coolkey_object_t *obj_entry;
|
||||
coolkey_private_data_t * priv = COOLKEY_DATA(card);
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
if (obj->data != NULL) {
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
@ -1378,7 +1383,10 @@ coolkey_fill_object(sc_card_t *card, sc_cardctl_coolkey_object_t *obj)
|
|||
priv->nonce, sizeof(priv->nonce));
|
||||
if (r != (int)buf_len) {
|
||||
free(new_obj_data);
|
||||
return SC_ERROR_CORRUPTED_DATA;
|
||||
if (r < 0) {
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_CORRUPTED_DATA);
|
||||
}
|
||||
obj_entry = coolkey_find_object_by_id(&priv->objects_list, obj->id);
|
||||
if (obj_entry == NULL) {
|
||||
|
@ -1397,7 +1405,7 @@ coolkey_fill_object(sc_card_t *card, sc_cardctl_coolkey_object_t *obj)
|
|||
}
|
||||
obj_entry->data = new_obj_data;
|
||||
obj->data = new_obj_data;
|
||||
return SC_SUCCESS;
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1419,6 +1427,8 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|||
attribute->attribute_length = 0;
|
||||
attribute->attribute_value = NULL;
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
if (obj == NULL) {
|
||||
/* cast away const so we can cache the data value */
|
||||
int r = coolkey_fill_object(card, (sc_cardctl_coolkey_object_t *)attribute->object);
|
||||
|
@ -1444,7 +1454,6 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|||
return SC_ERROR_CORRUPTED_DATA;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* now loop through all the attributes in the list. first find the start of the list
|
||||
*/
|
||||
|
@ -1460,7 +1469,7 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|||
size_t record_len = coolkey_get_attribute_record_len(attr, object_record_type, buf_len);
|
||||
/* make sure we have the complete record */
|
||||
if (buf_len < record_len || record_len < 4) {
|
||||
return SC_ERROR_CORRUPTED_DATA;
|
||||
return SC_ERROR_CORRUPTED_DATA;
|
||||
}
|
||||
/* does the attribute match the one we are looking for */
|
||||
if (attr_type == coolkey_get_attribute_type(attr, object_record_type, record_len)) {
|
||||
|
@ -1477,7 +1486,7 @@ coolkey_find_attribute(sc_card_t *card, sc_cardctl_coolkey_attribute_t *attribut
|
|||
|
||||
return coolkey_get_attribute_data_fixed(attr_type, fixed_attributes, attribute);
|
||||
}
|
||||
return SC_ERROR_DATA_OBJECT_NOT_FOUND;
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_DATA_OBJECT_NOT_FOUND);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1664,55 +1673,41 @@ typedef struct coolkey_compute_ecc_params {
|
|||
u8 buf[MAX_COMPUTE_BUF];
|
||||
} coolkey_compute_ecc_params_t;
|
||||
|
||||
static int coolkey_rsa_op(sc_card_t *card,
|
||||
const u8 * data, size_t datalen,
|
||||
u8 * out, size_t max_out_len)
|
||||
static int coolkey_rsa_op(sc_card_t *card, const u8 * data, size_t datalen,
|
||||
u8 * out, size_t max_out_len)
|
||||
{
|
||||
int r;
|
||||
const u8 *crypt_in;
|
||||
u8 **crypt_out_p;
|
||||
size_t crypt_in_len, *crypt_out_len_p;
|
||||
coolkey_private_data_t * priv = COOLKEY_DATA(card);
|
||||
u8 **crypt_out_p = NULL;
|
||||
size_t crypt_out_len_p = 0;
|
||||
coolkey_private_data_t *priv = COOLKEY_DATA(card);
|
||||
coolkey_compute_crypt_params_t params;
|
||||
u8 key_number;
|
||||
size_t params_len;
|
||||
size_t buf_len;
|
||||
u8 buf[MAX_COMPUTE_BUF+2];
|
||||
u8 buf[MAX_COMPUTE_BUF + 2];
|
||||
u8 *buf_out;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
sc_log(card->ctx,
|
||||
"datalen=%"SC_FORMAT_LEN_SIZE_T"u outlen=%"SC_FORMAT_LEN_SIZE_T"u\n",
|
||||
datalen, max_out_len);
|
||||
|
||||
crypt_in = data;
|
||||
crypt_in_len = datalen;
|
||||
|
||||
buf_out = &buf[0];
|
||||
crypt_out_p = &buf_out;
|
||||
buf_len = sizeof(buf);
|
||||
crypt_out_len_p = &buf_len;
|
||||
key_number = priv->key_id;
|
||||
params.init.mode = COOLKEY_CRYPT_MODE_RSA_NO_PAD;
|
||||
params.init.location = COOLKEY_CRYPT_LOCATION_APDU;
|
||||
params.init.direction = COOLKEY_CRYPT_DIRECTION_ENCRYPT; /* for no pad, direction is irrelevant */
|
||||
sc_log(card->ctx, "datalen=%"SC_FORMAT_LEN_SIZE_T"u outlen=%"SC_FORMAT_LEN_SIZE_T"u\n",
|
||||
datalen, max_out_len);
|
||||
|
||||
if (priv->key_id > 0xff) {
|
||||
r = SC_ERROR_NO_DEFAULT_KEY;
|
||||
goto done;
|
||||
}
|
||||
key_number = priv->key_id;
|
||||
|
||||
params_len = sizeof(params.init) + crypt_in_len;
|
||||
memset(¶ms, 0, sizeof(params));
|
||||
params.init.mode = COOLKEY_CRYPT_MODE_RSA_NO_PAD;
|
||||
params.init.direction = COOLKEY_CRYPT_DIRECTION_ENCRYPT; /* for no pad, direction is irrelevant */
|
||||
|
||||
/* send the data to the card if necessary */
|
||||
if (crypt_in_len > MAX_COMPUTE_BUF) {
|
||||
if (datalen > MAX_COMPUTE_BUF) {
|
||||
/* We need to write data to special object on the card as it does not safely fit APDU */
|
||||
u8 len_buf[2];
|
||||
|
||||
params.init.location = COOLKEY_CRYPT_LOCATION_DL_OBJECT;
|
||||
|
||||
params_len = sizeof(params.init);
|
||||
crypt_in = NULL;
|
||||
crypt_in_len = 0;
|
||||
*crypt_out_p = NULL;
|
||||
*crypt_out_len_p = 0;
|
||||
|
||||
ushort2bebytes(len_buf, datalen);
|
||||
|
||||
|
@ -1722,26 +1717,35 @@ static int coolkey_rsa_op(sc_card_t *card,
|
|||
goto done;
|
||||
}
|
||||
|
||||
r = coolkey_write_object(card, COOLKEY_DL_OBJECT_ID, 2, data, datalen, priv->nonce,
|
||||
sizeof(priv->nonce));
|
||||
r = coolkey_write_object(card, COOLKEY_DL_OBJECT_ID, 2, data, datalen, priv->nonce, sizeof(priv->nonce));
|
||||
if (r < 0) {
|
||||
goto done;
|
||||
}
|
||||
ushort2bebytes(params.init.buf_len, 0);
|
||||
} else {
|
||||
/* The data fits in APDU. Copy it to the params object */
|
||||
size_t buf_len;
|
||||
|
||||
}
|
||||
ushort2bebytes(params.init.buf_len, crypt_in_len);
|
||||
if (crypt_in_len) {
|
||||
memcpy(params.buf, crypt_in, crypt_in_len);
|
||||
}
|
||||
params.init.location = COOLKEY_CRYPT_LOCATION_APDU;
|
||||
|
||||
params_len = sizeof(params.init) + datalen;
|
||||
|
||||
buf_out = &buf[0];
|
||||
crypt_out_p = &buf_out;
|
||||
buf_len = sizeof(buf);
|
||||
crypt_out_len_p = buf_len;
|
||||
|
||||
ushort2bebytes(params.init.buf_len, datalen);
|
||||
memcpy(params.buf, data, datalen);
|
||||
}
|
||||
|
||||
r = coolkey_apdu_io(card, COOLKEY_CLASS, COOLKEY_INS_COMPUTE_CRYPT,
|
||||
key_number, COOLKEY_CRYPT_ONE_STEP, (u8 *)¶ms, params_len,
|
||||
crypt_out_p, crypt_out_len_p, priv->nonce, sizeof(priv->nonce));
|
||||
|
||||
crypt_out_p, &crypt_out_len_p, priv->nonce, sizeof(priv->nonce));
|
||||
if (r < 0) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (datalen > MAX_COMPUTE_BUF) {
|
||||
u8 len_buf[2];
|
||||
size_t out_length;
|
||||
|
@ -1760,8 +1764,12 @@ static int coolkey_rsa_op(sc_card_t *card,
|
|||
|
||||
} else {
|
||||
size_t out_length = bebytes2ushort(buf);
|
||||
if (out_length > sizeof buf - 2) {
|
||||
r = SC_ERROR_WRONG_LENGTH;
|
||||
goto done;
|
||||
}
|
||||
out_length = MIN(out_length, max_out_len);
|
||||
memcpy(out, buf+2, out_length);
|
||||
memcpy(out, buf + 2, out_length);
|
||||
r = out_length;
|
||||
}
|
||||
|
||||
|
@ -2047,6 +2055,7 @@ coolkey_process_combined_object(sc_card_t *card, coolkey_private_data_t *priv, u
|
|||
}
|
||||
|
||||
/* store the token name in the priv structure so the emulator can set it */
|
||||
free(priv->token_name);
|
||||
priv->token_name = malloc(decompressed_header->token_name_length+1);
|
||||
if (priv->token_name == NULL) {
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
|
@ -2054,17 +2063,28 @@ coolkey_process_combined_object(sc_card_t *card, coolkey_private_data_t *priv, u
|
|||
}
|
||||
memcpy(priv->token_name, &decompressed_header->token_name[0],
|
||||
decompressed_header->token_name_length);
|
||||
priv->token_name[decompressed_header->token_name_length] = 0;
|
||||
priv->token_name[decompressed_header->token_name_length] = '\0';
|
||||
priv->token_name_length = decompressed_header->token_name_length;
|
||||
|
||||
|
||||
for (i=0; i < object_count && object_offset < decompressed_object_len; i++ ) {
|
||||
u8 *current_object = &decompressed_object[object_offset];
|
||||
coolkey_combined_object_header_t *object_header =
|
||||
(coolkey_combined_object_header_t *)current_object;
|
||||
unsigned long object_id = bebytes2ulong(object_header->object_id);
|
||||
for (i=0; i < object_count; i++) {
|
||||
u8 *current_object = NULL;
|
||||
coolkey_combined_object_header_t *object_header = NULL;
|
||||
unsigned long object_id;
|
||||
int current_object_len;
|
||||
|
||||
/* Can we read the object header at all? */
|
||||
if ((object_offset + sizeof(coolkey_combined_object_header_t)) > decompressed_object_len) {
|
||||
r = SC_ERROR_CORRUPTED_DATA;
|
||||
goto done;
|
||||
}
|
||||
|
||||
current_object = &decompressed_object[object_offset];
|
||||
object_header = (coolkey_combined_object_header_t *)current_object;
|
||||
|
||||
/* Parse object ID */
|
||||
object_id = bebytes2ulong(object_header->object_id);
|
||||
|
||||
/* figure out how big it is */
|
||||
r = coolkey_v1_get_object_length(current_object, decompressed_object_len-object_offset);
|
||||
if (r < 0) {
|
||||
|
@ -2078,6 +2098,7 @@ coolkey_process_combined_object(sc_card_t *card, coolkey_private_data_t *priv, u
|
|||
object_offset += current_object_len;
|
||||
|
||||
/* record this object */
|
||||
sc_log(card->ctx, "Add new object id=%ld", object_id);
|
||||
r = coolkey_add_object(priv, object_id, current_object, current_object_len, 1);
|
||||
if (r) {
|
||||
goto done;
|
||||
|
@ -2146,7 +2167,7 @@ static int coolkey_initialize(sc_card_t *card)
|
|||
r = coolkey_list_object(card, COOLKEY_LIST_RESET, &object_info);
|
||||
while (r >= 0) {
|
||||
unsigned long object_id;
|
||||
unsigned short object_len;
|
||||
unsigned long object_len;
|
||||
|
||||
/* The card did not return what we expected: Lets try other objects */
|
||||
if ((size_t)r < (sizeof(object_info)))
|
||||
|
@ -2156,7 +2177,11 @@ static int coolkey_initialize(sc_card_t *card)
|
|||
|
||||
object_id = bebytes2ulong(object_info.object_id);
|
||||
object_len = bebytes2ulong(object_info.object_length);
|
||||
|
||||
/* Avoid insanely large data */
|
||||
if (object_len > MAX_FILE_SIZE) {
|
||||
r = SC_ERROR_CORRUPTED_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* the combined object is a single object that can store the other objects.
|
||||
* most coolkeys provisioned by TPS has a single combined object that is
|
||||
|
@ -2171,7 +2196,7 @@ static int coolkey_initialize(sc_card_t *card)
|
|||
break;
|
||||
}
|
||||
r = coolkey_read_object(card, COOLKEY_COMBINED_OBJECT_ID, 0, object, object_len,
|
||||
priv->nonce, sizeof(priv->nonce));
|
||||
priv->nonce, sizeof(priv->nonce));
|
||||
if (r < 0) {
|
||||
free(object);
|
||||
break;
|
||||
|
@ -2183,6 +2208,7 @@ static int coolkey_initialize(sc_card_t *card)
|
|||
}
|
||||
combined_processed = 1;
|
||||
} else {
|
||||
sc_log(card->ctx, "Add new object id=%ld, len=%lu", object_id, object_len);
|
||||
r = coolkey_add_object(priv, object_id, NULL, object_len, 0);
|
||||
if (r != SC_SUCCESS)
|
||||
sc_log(card->ctx, "coolkey_add_object() returned %d", r);
|
||||
|
@ -2216,19 +2242,19 @@ static int coolkey_initialize(sc_card_t *card)
|
|||
coolkey_make_cuid_from_cplc(&priv->cuid, &cplc_data);
|
||||
priv->token_name = (u8 *)strdup("COOLKEY");
|
||||
if (priv->token_name == NULL) {
|
||||
r= SC_ERROR_OUT_OF_MEMORY;
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto cleanup;
|
||||
}
|
||||
priv->token_name_length = sizeof("COOLKEY")-1;
|
||||
}
|
||||
card->drv_data = priv;
|
||||
return SC_SUCCESS;
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
|
||||
cleanup:
|
||||
if (priv) {
|
||||
coolkey_free_private_data(priv);
|
||||
}
|
||||
return r;
|
||||
LOG_FUNC_RETURN(card->ctx, r);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -903,22 +903,6 @@ static int dnie_finish(struct sc_card *card)
|
|||
|
||||
/* ISO 7816-4 functions */
|
||||
|
||||
/**
|
||||
* Convert little-endian data into unsigned long.
|
||||
*
|
||||
* @param pt pointer to little-endian data
|
||||
* @return equivalent long
|
||||
*/
|
||||
static unsigned long le2ulong(u8 * pt)
|
||||
{
|
||||
unsigned long res = 0L;
|
||||
if (pt==NULL) return res;
|
||||
res = (0xff & *(pt + 0)) +
|
||||
((0xff & *(pt + 1)) << 8) +
|
||||
((0xff & *(pt + 2)) << 16) + ((0xff & *(pt + 3)) << 24);
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Uncompress data if in compressed format.
|
||||
*
|
||||
|
@ -944,14 +928,17 @@ static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
|
|||
if (*len < 8)
|
||||
goto compress_exit;
|
||||
/* evaluate compressed an uncompressed sizes (little endian format) */
|
||||
uncompressed = le2ulong(from);
|
||||
compressed = le2ulong(from + 4);
|
||||
uncompressed = lebytes2ulong(from);
|
||||
compressed = lebytes2ulong(from + 4);
|
||||
/* if compressed size doesn't match data length assume not compressed */
|
||||
if (compressed != (*len) - 8)
|
||||
goto compress_exit;
|
||||
/* if compressed size greater than uncompressed, assume uncompressed data */
|
||||
if (uncompressed < compressed)
|
||||
goto compress_exit;
|
||||
/* Do not try to allocate insane size if we receive bogus data */
|
||||
if (uncompressed > MAX_FILE_SIZE)
|
||||
goto compress_exit;
|
||||
|
||||
sc_log(card->ctx, "Data seems to be compressed. calling uncompress");
|
||||
/* ok: data seems to be compressed */
|
||||
|
@ -960,16 +947,15 @@ static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
|
|||
sc_log(card->ctx, "alloc() for uncompressed buffer failed");
|
||||
return NULL;
|
||||
}
|
||||
*len = uncompressed;
|
||||
res = sc_decompress(upt, /* try to uncompress by calling sc_xx routine */
|
||||
(size_t *) & uncompressed,
|
||||
len,
|
||||
from + 8, (size_t) compressed, COMPRESSION_ZLIB);
|
||||
/* TODO: check that returned uncompressed size matches expected */
|
||||
if (res != SC_SUCCESS) {
|
||||
sc_log(card->ctx, "Uncompress() failed or data not compressed");
|
||||
goto compress_exit; /* assume not need uncompression */
|
||||
}
|
||||
/* Done; update buffer len and return pt to uncompressed data */
|
||||
*len = uncompressed;
|
||||
sc_log_hex(card->ctx, "Compressed data", from + 8, compressed);
|
||||
sc_log_hex(card->ctx, "Uncompressed data", upt, uncompressed);
|
||||
compress_exit:
|
||||
|
@ -1161,8 +1147,6 @@ static int dnie_compose_and_send_apdu(sc_card_t *card, const u8 *path, size_t pa
|
|||
int res = 0;
|
||||
sc_apdu_t apdu;
|
||||
u8 rbuf[MAX_RESP_BUFFER_SIZE];
|
||||
sc_file_t *file = NULL;
|
||||
|
||||
sc_context_t *ctx = NULL;
|
||||
|
||||
if (!card || !card->ctx)
|
||||
|
@ -1199,14 +1183,15 @@ static int dnie_compose_and_send_apdu(sc_card_t *card, const u8 *path, size_t pa
|
|||
LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED);
|
||||
}
|
||||
|
||||
/* finally process FCI response */
|
||||
file = sc_file_new();
|
||||
if (file == NULL) {
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
if (file_out) {
|
||||
/* finally process FCI response */
|
||||
sc_file_free(*file_out);
|
||||
*file_out = sc_file_new();
|
||||
if (*file_out == NULL) {
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
|
||||
}
|
||||
res = card->ops->process_fci(card, *file_out, apdu.resp + 2, apdu.resp[1]);
|
||||
}
|
||||
res = card->ops->process_fci(card, file, apdu.resp + 2, apdu.resp[1]);
|
||||
sc_file_free(*file_out);
|
||||
*file_out = file;
|
||||
LOG_FUNC_RETURN(ctx, res);
|
||||
}
|
||||
|
||||
|
@ -1907,8 +1892,8 @@ static int dnie_read_header(struct sc_card *card)
|
|||
/* check response */
|
||||
if (apdu.resplen != 8)
|
||||
goto header_notcompressed;
|
||||
uncompressed = le2ulong(apdu.resp);
|
||||
compressed = le2ulong(apdu.resp + 4);
|
||||
uncompressed = lebytes2ulong(apdu.resp);
|
||||
compressed = lebytes2ulong(apdu.resp + 4);
|
||||
if (uncompressed < compressed)
|
||||
goto header_notcompressed;
|
||||
if (uncompressed > 32767)
|
||||
|
@ -2158,7 +2143,6 @@ static int dnie_pin_verify(struct sc_card *card,
|
|||
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
|
||||
LOG_TEST_RET(card->ctx, res, "Establish SM failed");
|
||||
|
||||
data->apdu = &apdu; /* prepare apdu struct */
|
||||
/* compose pin data to be inserted in apdu */
|
||||
if (data->flags & SC_PIN_CMD_NEED_PADDING)
|
||||
padding = 1;
|
||||
|
@ -2191,7 +2175,9 @@ static int dnie_pin_verify(struct sc_card *card,
|
|||
if (card->atr.value[15] >= DNIE_30_VERSION) {
|
||||
sc_log(card->ctx, "DNIe 3.0 detected => re-establish secure channel");
|
||||
dnie_change_cwa_provider_to_secure(card);
|
||||
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
|
||||
if (res == SC_SUCCESS) {
|
||||
res = cwa_create_secure_channel(card, GET_DNIE_PRIV_DATA(card)->cwa_provider, CWA_SM_ON);
|
||||
}
|
||||
}
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, res);
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue