Permalink
Commits on Jan 1, 2017
  1. myeid: added card capabilities check to ...

    hhonkanen authored and viktorTarasov committed Dec 27, 2016
    ... correctly determine which algorithms and key sizes are supported.
  2. opensc-tool: only show the card name if present, to avoid "(null)"

    martinpaljak authored and viktorTarasov committed Dec 21, 2016
    Before:
    
    $ opensc-tool -lv
    
    Nr.  Card  Features  Name
    0    No              FujitsuTechnologySolutions GmbH SmartCase KB SCR eSIG [SmartCase Smartcard Reader] 00 00
    1    Yes             ACS ACR 38U-CCID 01 00
         3b:6e:00:00:80:31:80:66:b0:84:0c:01:6e:01:83:00:90:00 (null)
    
    After:
    
    $ opensc-tool -lv
    
    Nr.  Card  Features  Name
    0    No              FujitsuTechnologySolutions GmbH SmartCase KB SCR eSIG [SmartCase Smartcard Reader] 00 00
    1    Yes             ACS ACR 38U-CCID 01 00
         3b:6e:00:00:80:31:80:66:b0:84:0c:01:6e:01:83:00:90:00
    
    Change-Id: Id2cb858897cd845d93609e28019c94736b04fa93
    
    closes #921
Commits on Dec 18, 2016
  1. opensc-explorer: show tag 0x82 for unknown files

    popovec authored and viktorTarasov committed Dec 15, 2016
    For reserved/unknown file type print value of 0x82 tag, instead of "???" string.
    
    closes #918
  2. cwa-dnie is empty if openssl not defined

    rickyepoderi authored and viktorTarasov committed Dec 17, 2016
    closes #914
  3. dnie: lost change in the previous pull request ...

    rickyepoderi authored and viktorTarasov committed Nov 21, 2016
    ... and disable SM mode too.
  4. tools: fix segfault with verbose log into 'stderr'

    viktorTarasov committed Nov 23, 2016
    Issue #824
    
    In Windows, file handles (including 'stderr', 'stdout') can not be shared
    between DLL-s, and so, the log handle (File *), defined in one module, cannot
    be reused in another.
    
    That is the situation when, for example, the SM is processed
    in external, dynamically loadable module as it currently implemented for
    IAS/ECC card.
    
    That's for the configuration option 're-open of log file on each message' was
    introduced.
    
    This 're-open' logic has not been tested in the particular case of opensc-*
    tools used with verbose log into 'stderr' -- in dynamically loaded module the
    'stderr' handle, defined in the 'main' module, was not recognized as 'stderr'
    and there was an attempt to close it.
    
    closes #910
  5. travis: allow failed cross-builds

    viktorTarasov committed Nov 23, 2016
    closes #911
Commits on Dec 14, 2016
Commits on Nov 29, 2016
Commits on Nov 22, 2016
  1. Improve format in compact format

    nunojpg authored and frankmorgner committed Nov 17, 2016
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Commits on Nov 20, 2016
  1. Restore blocking WaitForSlotEvent functionality for recent PCSC-Lite …

    Jakuje authored and viktorTarasov committed Nov 10, 2016
    …versions
    
     * Add configure-time dependency on pcsclite (required version from comments in reader-pcsc.c)
     * The functionality is already supported in PCSC-Lite
     * For older PCSC-Lite versions still return CKR_FUNCTION_NOT_SUPPORTED
    
     # closes #899
  2. cwa-14890: little issue in cwa_external_auth

    rickyepoderi authored and viktorTarasov committed Nov 13, 2016
     # closes #903
  3. pkcs15-cert: fix double free issue, memory leak and comment

    dengert authored and viktorTarasov committed Nov 18, 2016
    if no extensions are found, val was uninitialized.
    If multiple extensions, val was not freed for non interestinf extensions.
    COmments dind not have valid OID values.
    
     On branch piv-keyusage
     Changes to be committed:
    	modified:   pkcs15-cert.c
    
     # VTA: closes #905
  4. piv: use cert keyUsage to set PKCS#11 key attributes

    dengert authored and viktorTarasov committed Aug 16, 2016
    This mod is for non federal issued PIV cards. It will set PKCS#11 key attributes
    based on the keyUsage extension from the coresponding certificates.
    
    This mod applies to a PIV or PIV-like card without a CHUID or without a FASC-N
    or a FASC-N that startes with 9999.  A federal issued PIV card will have a CHUID
    object with FASC-N that does not have the agency code 9999.
    
    If the certificate does not have keyUsage,the current defaults will be used.
    This avoids backword compatability issues with cards in the field.
    
    To take advantage of this mod, make sure certificates have keyUsage extension.
    This mod applies to all keys on the card including retiered keys.
    
    The NIST 800-73 standards specify the key usage for each key and different keys
    have different PIN requirements. This mod is designed to be used with  PIV-like
    cards or devices.
    
     On branch piv-keyusage
     Changes to be committed:
    	modified:   src/libopensc/pkcs15-piv.c
    
     # squashed by VTA with:
    
    Remove use of llu  in integer literal
    
    llu in literals is not supported in all compilers.
    let the compiler expand the literal befor doing the & opetation
  5. Pkcs11-tool.c changes to accommodate ECDH operations using SoftHSM. (#…

    dengert authored and viktorTarasov committed Nov 20, 2016
    …901)
    
    PKCS#11 v2.20 in not clear on the format of the public key of the other party
    pased during ECDH key derivation. Some implementations (OpenSC) pass just the value
    of the public key (RAW), while others (SoftHSM) pass an ASN.1 DER encoded OCTET_STRING.
    
    PKCS$11 v2.40 points out this problem and says implementations must support the
    RAW format and may also support the DER format.
    
    To allow pkcs11-tool.c to work with ECDH derivation and using the current libSoftHSM2.so
    a new parameter was added to pkcs11-tool, --derive-pass-der.
    
    Also added to teh template fot the new key were:
    
    CKA_SENSITIVE = false
    CKA_EXTRACTABLE = true
    CKA_VALUE_LEN = size of key to be derived.
    
    OpenSC currently only support derivation of ECDH session keys, (CKA_TOKEN = false)
    The derived key must be CK_KEY_TYPE = CKK_GENERIC_SECRET
    Additional changes could be made to support AES or DES3 keys.
    
    It is not clear if there is a need to support CKA_TOKEN =  true which says the
    derived key must be on the hardware token. For ECDH, these keys are short lived.
    
     On branch pkcs11-tool-simple-ecdh
     Changes to be committed:
    	modified:   src/tools/pkcs11-tool.c
Commits on Nov 17, 2016
  1. pkcs15-tool: add compact output format

    nunojpg authored and frankmorgner committed Nov 10, 2016
    Closes OpenSC#900
  2. pkcs15-tool: add --list-info option

    nunojpg authored and frankmorgner committed Nov 10, 2016
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
  3. pkcs15-tool: make --list* messages consistent

    nunojpg authored and frankmorgner committed Nov 10, 2016
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
Commits on Nov 8, 2016
  1. pkcs15-pteid: new implementation

    nunojpg authored and viktorTarasov committed Jul 10, 2016
    This implementation reads most of the data from the pkcs15 structure on card, so the objects list are greatly reduced.
    
    This improves several pending issues:
    
    * drop support for IAS card type
    In accordance to [1] IAS card type is no longer issued since version
    004.003.11 (2010-06-15) and as a legal requirement all documents have
    been destroyed or declared lost.
    
    [1] https://www.cartaodecidadao.pt/documentos/DOC_01-DCM-15_V3_CC_Controlo_Versao_2016-01-20.pdf
    
    * fix pteid_cert_ids
    The Signature and Authentication Sub CA certificates ids were wrong.
    
    * add objects and fix flags
    Add Root CA certificate.
    Add data objects SOD and TRACe
    Data object 'Citizen Notepad' doesn't require login to be read. Remove flags.
    
    * Support PIN max tries and tries left report
    
    * Properly report cards with 2048b keys.
    
    Suggested-by: João Poupino <joao.poupino@gmail.com>
    Suggested-by: André Guerreiro <andre.guerreiro@caixamagica.pt>
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
    
    -- closes #806
  2. card-gemsafeV1: use iso7816 pin_cmd implementation

    nunojpg authored and viktorTarasov committed Jun 21, 2016
    GemsafeV1 is compatible with iso7816 pin commands, including
    SC_PIN_CMD_GET_INFO so it doesn't need to customize it.
    
    Acked-by: João Poupino <joao.poupino@gmail.com>
    Tested-by: Lukas Wunner <lukas@wunner.de>
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
  3. card-gemsafeV1: fix driver name

    nunojpg authored and viktorTarasov committed Jun 21, 2016
    Acked-by: João Poupino <joao.poupino@gmail.com>
    Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
  4. prkey_fixup_rsa changes for OpenSSL-1.1.0

    dengert authored and viktorTarasov committed Oct 26, 2016
    Remove restrictions in prkey_fixup_rsa:
      /* Not thread safe, but much better than a memory leak */
      /* TODO put on stack, or allocate and clear and then free */
    Compute dmp1, dmp1 and/or iqmp if not in sc_pkcs15_prkey_rsa
    
    Remove the GETBN macro that was causing problems.
    
     Changes to be committed:
    	modified:   src/pkcs15init/pkcs15-lib.c
    
    -- closes #894
  5. Add Coolkey driver

    Jakuje authored and viktorTarasov committed Oct 14, 2016
    Author: Robert Relyea <rrelyea@redhat.com>
    
    Coolkey driver improvements:
     * Remove hardcoded list and use SimCList
     * Whitespace cleanup
     * Remove bogus if
     * drop inline keywords
     * proper path to include sys/types.h
     * full name of ushort type
     * condition to use compression
     * proper include path
     * Resolve template name conflict in Tokend
    
    Clean up the copyright headers
    
    -- rebased into one commit by VTA
    -- closes #896
Commits on Oct 31, 2016