Permalink
Commits on Jun 15, 2017
  1. pkcs11-tool: respect CKA_ALWAYS_AUTHENTICATE

    Quoting from PKCS#11:
    
    The CKA_ALWAYS_AUTHENTICATE attribute can be used to force re-authentication (i.e. force the user to provide a PIN) for each use of a private key. “Use” in this case means a cryptographic operation such as sign or decrypt. This attribute may only be set to CK_TRUE when CKA_PRIVATE is also CK_TRUE.
    
    Re-authentication occurs by calling C_Login with userType set to CKU_CONTEXT_SPECIFIC immediately after a cryptographic operation using the key has been initiated (e.g. after C_SignInit).
    
    Closes OpenSC#1066
    frankmorgner committed Jun 14, 2017
Commits on Jun 13, 2017
  1. 0.17.0 version bump

    frankmorgner committed Jun 13, 2017
  2. fixed Coverity issues

    frankmorgner committed Jun 13, 2017
  3. pkcs15init: use random id for secret key

    Calculating intrinsic key would probably be not wise, because
    it would leak out information about the secret key. Try to
    generate globally unique IDs just by using a random one.
    fabled committed with frankmorgner Apr 27, 2017
  4. pkcs15: allow struct sc_pkcs15_prkey to contain secret key

    This allows using the existing store_key abstraction to upload
    secret keys too.
    fabled committed with frankmorgner Apr 17, 2017
  5. pkcs15-init: include secret keys in generic object handling code

    Type user visible type string is 'secrkey' in harmony with pkcs11-tool.
    fabled committed with frankmorgner Apr 14, 2017
  6. Imporve SKDF decoding and implement encoding

    - fixes decoding of SecretKeyAttributes
    - adds support for algorithmReferences
    - adds support for algIndependentKeys (PKCS#15 Generic keys)
    - implements encoding of SKDF
    fabled committed with frankmorgner Apr 14, 2017
  7. add AES algorithm ID

    fabled committed with frankmorgner Apr 14, 2017
Commits on Jun 9, 2017
  1. fixed ressource leak

    frankmorgner committed Jun 5, 2017
  2. avoid logically dead code

    frankmorgner committed Jun 5, 2017
  3. prevent integer overflow

    frankmorgner committed Jun 5, 2017
  4. fixed bad memory access

    frankmorgner committed Jun 5, 2017
  5. pkcs11-tool: add GOSTR3410 keypair generation (#997)

    * pkcs11-tool: add GOSTR3410 keypair generation
    * Refactor gost3410 generation
    konstantinpersidskiy committed with frankmorgner Jun 9, 2017
Commits on Jun 5, 2017
  1. sc-hsm: add GoID ATRs

    disables forcing sc-hsm for standard JCOP ATRs, see
    OpenSC@b7de588#commitcomment-22258928
    frankmorgner committed May 29, 2017
Commits on Jun 4, 2017
  1. removed BUILD_ON/BUILD_FOR variable

    - guess the system architecture based on %PROCESSOR_ARCHITECTURE%
    - guess the target system based on %PLATFORM%
    frankmorgner committed May 31, 2017
Commits on May 29, 2017
Commits on May 22, 2017
  1. sc-hsm: fixed forcing a card driver via opensc.conf

    - don't use private data on card matching
    - instead, return 1 for every known ATR and only select the applet if the ATR is unknown.
    - card initialization always selects the applet.
    
    Advantage: decouples memeory management in matching from initializing the card.
    Disadvantage: Applet is selected twice in case of an unknown ATR (once for matching and a second time for initializing the card).
    
    Fixes OpenSC#1042
    frankmorgner committed May 4, 2017