OpenSC fork, with some Italian healthcare smart card utils

Go to file

Doug Engert edf24d0e2e PIV and PIV-Want-To-Be Issues Not all PIV cards follow the NIST 800-73-3 standard. This commit is designed to address some of the issues. OpenSC developers don't have access to all the different versions of devices or access to release notes for the devices to see when a bug was introduced and when it is fixed. To make OpenSC code changes easier, the code is divided into four sections: (1) Identify the card/token as best possible by looking at the "Historical bytes" in the ATR. For the Yubico devices read their version number and log it via sc_debug. (2) Define the card_issues CI_* defines in card-piv.c. There are 8 of them at the moment. See below. (3) based on the card->type and possibly Yubico version set the priv->card_issues flags that apply to current card or device. (4) Implement in the code changes needed for each issue. Other issues can be added. As more info is obtained (3) can be updated using the version number as needed. The card issues are: CI_VERIFY_630X - VERIFY "tries left" returns 630X rather then 63CX CI_VERIFY_LC0_FAIL - VERIFY Lc=0 never returns 90 00 if PIN not needed. Will also test after first PIN verify if protected object can be used instead CI_CANT_USE_GETDATA_FOR_STATE - No object to test verification in place of VERIFY Lc=0 CI_LEAKS_FILE_NOT_FOUND - GET DATA of empty object returns 6A 82 even if PIN not verified CI_OTHER_AID_LOSE_STATE - Other drivers match routines may reset our security state and lose AID CI_NFC_EXPOSE_TOO_MUCH - PIN, crypto and objects exposed over NFS in violation of 800-73-3 CI_NO_RSA2048 - does not have RSA 2048 CI_NO_EC384 - does not have EC 384 The piv_card_match and piv_init interactions were cleaned up. Changes to be committed: modified: card-piv.c modified: cards.h		2016-07-19 15:17:28 +02:00
MacOSX	use a user defined PKG_CONFIG_PATH	2016-06-04 01:36:53 +02:00
doc	Relax XML parsing regexes for bash_completion	2016-06-09 14:34:31 -07:00
etc	fixed and cleaned up nmake Makefiles	2016-06-23 07:35:53 +02:00
m4	Use AX_PTHREAD instead of ACX_PTHREAD	2012-09-25 23:03:38 +02:00
packaging/debian.templates	fix LGPL version	2013-09-29 20:55:41 +02:00
solaris	Thomas Uhle: modify Makefile so configure finds the include files	2009-12-03 07:05:15 +00:00
src	PIV and PIV-Want-To-Be Issues	2016-07-19 15:17:28 +02:00
win32	fixed and cleaned up nmake Makefiles	2016-06-23 07:35:53 +02:00
.gitignore	Ignore gids-tool binary and documentation	2016-05-16 10:59:21 +02:00
.travis.yml	travis: run coverity for 'towards-opensc-0.16.0'	2016-05-23 13:59:01 +02:00
CONTRIBUTING.md	Create CONTRIBUTING.md	2015-02-13 16:52:10 +02:00
COPYING	- changed license to LGPL	2001-11-06 18:34:19 +00:00
ISSUE_TEMPLATE.md	added ISSUE_TEMPLATE	2016-03-11 21:06:43 +01:00
Makefile.am	build: bootstrap script has expected content	2014-05-11 09:15:27 +02:00
Makefile.mak	fixed and cleaned up nmake Makefiles	2016-06-23 07:35:53 +02:00
NEWS	fix NEWS, few debug messages more	2016-05-26 10:59:58 +02:00
README	link README to README.md	2015-11-02 23:54:36 +01:00
README.md	Use "native" badges	2016-01-22 18:42:10 +02:00
appveyor.yml	compile zlib with -MT instead of -MD	2016-06-14 14:58:11 +02:00
bootstrap	build: bootstrap script has expected content	2014-05-11 09:15:27 +02:00
bootstrap.ci	tools: print package revision	2016-03-04 14:16:06 +01:00
configure.ac	autoconf: option to disable -Werror=declaration-after-statement	2016-06-03 11:13:09 +02:00
version.m4	package: update RC version	2016-05-16 11:55:36 +02:00

README.md

OpenSC documentation

Wiki is available online

Please take a look at the documentation before trying to use OpenSC.