Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Staging #11

Merged
merged 1 commit into from
Dec 16, 2011
Merged

Staging #11

merged 1 commit into from
Dec 16, 2011

Conversation

dengert
Copy link
Member

@dengert dengert commented Dec 15, 2011

If PIV card Discovery Object is present and Global PIN is preferred,
turn off the LOCAL flag.

Cleanup PKCS15 PIV Card PIN flags
51630a8 
If PIV card Discovery Object is present and Global PIN is preferred,
turn off the LOCAL flag.
@dengert dengert closed this Dec 15, 2011
@dengert dengert reopened this Dec 15, 2011
viktorTarasov added a commit that referenced this pull request Dec 16, 2011
@viktorTarasov
Merge pull request #11 from dengert/staging
e2b5603 
Note about using 'local'/'global' flags by OpenSC
http:https://www.opensc-project.org/pipermail/opensc-devel/2011-December/017525.html
@viktorTarasov viktorTarasov merged commit e2b5603 into OpenSC:staging Dec 16, 2011
nmav added a commit to nmav/OpenSC that referenced this pull request Mar 15, 2013
@nmav
Disable card reading during initialization of the library.
433caa4 
This prevents a slowdown of PKCS OpenSC#11 C_Initialize when cards
are present. This results to faster startup of programs that
initialize PKCS OpenSC#11 but not use any smart card operations, and
removes slowdowns in forking servers that follow PKCS OpenSC#11
and call C_Initialize after each fork().
@nmav nmav mentioned this pull request Mar 15, 2013
Closed
nmav added a commit to nmav/OpenSC that referenced this pull request Mar 15, 2013
@nmav
Disable card reading during initialization of the library.
7dab1cd 
This prevents a slowdown of PKCS OpenSC#11 C_Initialize when cards
are present. This results to faster startup of programs that
initialize PKCS OpenSC#11 but not use any smart card operations, and
removes slowdowns in forking servers that follow PKCS OpenSC#11
and call C_Initialize after each fork().
@puccia puccia mentioned this pull request May 17, 2014
Closed
@dengert dengert mentioned this pull request Feb 6, 2015
Closed
@varMari varMari mentioned this pull request Aug 4, 2015
Closed
@nmav nmav mentioned this pull request Aug 4, 2015
Closed
@r3pek r3pek mentioned this pull request Oct 21, 2015
Closed
@dengert dengert mentioned this pull request Jul 6, 2016
Closed
@dengert dengert mentioned this pull request Aug 1, 2016
Merged
@cmuellner cmuellner mentioned this pull request Mar 15, 2017
Merged
@mrlnc mrlnc mentioned this pull request Mar 24, 2017
Closed
@dengert dengert mentioned this pull request Apr 21, 2017
Closed
@dengert dengert mentioned this pull request Sep 15, 2017
Merged
5 tasks
@vovata vovata mentioned this pull request Nov 24, 2017
Closed
@dengert dengert mentioned this pull request Dec 15, 2017
Closed
@Jakuje Jakuje mentioned this pull request Jan 22, 2018
Merged
5 tasks
@dengert dengert mentioned this pull request Jul 14, 2018
Closed
@fabled fabled mentioned this pull request Oct 11, 2018
Merged
4 tasks
@dpmcgonigle dpmcgonigle mentioned this pull request Nov 13, 2018
Closed
@Jakuje Jakuje mentioned this pull request Jun 4, 2019
Closed
@c3ph3us c3ph3us mentioned this pull request Jun 13, 2019
Closed
@Jakuje Jakuje mentioned this pull request Oct 17, 2019
Closed
2 tasks
@Jakuje Jakuje mentioned this pull request Nov 8, 2019
Closed
@Jakuje Jakuje mentioned this pull request Nov 21, 2019
Closed
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Jan 11, 2021
@Jakuje
pkcs11-tool: Add option to list PKCS OpenSC#11 3.0 interfaces
049ae49
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Jan 11, 2021
@Jakuje
pkcs11: Implement PKCS OpenSC#11 3.0 Profile object and its handling …
b656c7d 
…in tools
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
Standardize PKCS #11 version to 2.20 systematically
e58e7e1
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
pkcs11: Implement getInterface() for accessing PKCS #11 3.0 functions
47151e9
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
Implement C_SessionCancel from PKCS #11 3.0
224e265
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
common, pkcs11-tool: Use new PKCS #11 API with fallback to old one
6e25924
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
pkcs11: Add missing flag for new PKCS #11 3.0 functions
03079a9
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
pkcs11-spy: Implement new functions and interfaces to intercept PKCS #11
d224b26 
 3.0 calls
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
pkcs11-tool: Add option to list PKCS #11 3.0 interfaces
7f9e8ba
frankmorgner pushed a commit that referenced this pull request Jan 11, 2021
@Jakuje @frankmorgner
pkcs11: Implement PKCS #11 3.0 Profile object and its handling in tools
db18a72
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Jan 25, 2021
@Jakuje
pkcs11: Add new mechanism flags from EC curves from current PKCS Open…
f71f540 
…SC#11 3.0
Jakuje added a commit that referenced this pull request Feb 4, 2021
@Jakuje
pkcs11: Add new mechanism flags from EC curves from current PKCS #11 3.0
cb074c5
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Mar 1, 2021
@Jakuje
p11test: Reformat the script and allow running against softhsm ed2551…
091b767 
…9 keys (with few tweaks)

The Ed25519 implementation in SoftHSM is now broken /non-interoperable. After fixing that,
the interoperability tests should work with this script:

 * SoftHSMv2#528: Avoid creating duplicate mechanisms
 * SoftHSMv2#522: Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification
 * SoftHSMv2#526: Adjust EDDSA code to return valid EC_PARAMS according to the final PKCS OpenSC#11 3.0 specification
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Mar 1, 2021
@Jakuje
Change (X)EDDSA EC_PARAMS encoding to OID
56af7de 
This is the current interpretation of the specs after talking with
several members of PKCS OpenSC#11 TC.
@fabrizius86 fabrizius86 mentioned this pull request Apr 28, 2021
Closed
@Jakuje Jakuje mentioned this pull request May 17, 2021
Open
5 tasks
@Jakuje Jakuje mentioned this pull request Jun 28, 2021
Closed
@dengert dengert mentioned this pull request Nov 8, 2021
Closed
5 tasks
xhanulik added a commit to xhanulik/OpenSC that referenced this pull request Jan 2, 2022
@xhanulik
pkcs15-libs.c: Free der value in ecparams
519b6c6 
Direct leak of 10 byte(s) in 1 object(s) allocated from:
    #0 0x519260 in realloc (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x519260)
    OpenSC#1 0x59ee3c in asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2022:16
    OpenSC#2 0x59eff2 in _sc_asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2050:9
    OpenSC#3 0x59f315 in sc_encode_oid /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2091:7
    OpenSC#4 0x5e0985 in sc_pkcs15_fix_ec_parameters /home/vhanulik/devel/OpenSC/src/libopensc/pkcs15-pubkey.c:1698:9
    OpenSC#5 0x56b9c7 in check_keygen_params_consistency /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:2369:8
    OpenSC#6 0x56a07a in sc_pkcs15init_generate_key /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:1468:6
    OpenSC#7 0x585394 in LLVMFuzzerTestOneInput /home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init.c:421:13
    OpenSC#8 0x45b2c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x45b2c0)
    OpenSC#9 0x43be53 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x43be53)
    OpenSC#10 0x445481 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x445481)
    OpenSC#11 0x432d16 in main (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x432d16)
    OpenSC#12 0x7fc522555492 in __libc_start_main (/lib64/libc.so.6+0x23492)
xhanulik added a commit to xhanulik/OpenSC that referenced this pull request Jan 4, 2022
@xhanulik
pkcs15-libs.c: Free der value in ecparams
4c1e20e 
Direct leak of 10 byte(s) in 1 object(s) allocated from:
    #0 0x519260 in realloc (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x519260)
    OpenSC#1 0x59ee3c in asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2022:16
    OpenSC#2 0x59eff2 in _sc_asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2050:9
    OpenSC#3 0x59f315 in sc_encode_oid /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2091:7
    OpenSC#4 0x5e0985 in sc_pkcs15_fix_ec_parameters /home/vhanulik/devel/OpenSC/src/libopensc/pkcs15-pubkey.c:1698:9
    OpenSC#5 0x56b9c7 in check_keygen_params_consistency /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:2369:8
    OpenSC#6 0x56a07a in sc_pkcs15init_generate_key /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:1468:6
    OpenSC#7 0x585394 in LLVMFuzzerTestOneInput /home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init.c:421:13
    OpenSC#8 0x45b2c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x45b2c0)
    OpenSC#9 0x43be53 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x43be53)
    OpenSC#10 0x445481 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x445481)
    OpenSC#11 0x432d16 in main (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x432d16)
    OpenSC#12 0x7fc522555492 in __libc_start_main (/lib64/libc.so.6+0x23492)
xhanulik added a commit to xhanulik/OpenSC that referenced this pull request Jan 4, 2022
@xhanulik
pkcs15-libs.c: Free der value in ecparams
4a1c7f5 
Direct leak of 10 byte(s) in 1 object(s) allocated from:
    #0 0x519260 in realloc (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x519260)
    OpenSC#1 0x59ee3c in asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2022:16
    OpenSC#2 0x59eff2 in _sc_asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2050:9
    OpenSC#3 0x59f315 in sc_encode_oid /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2091:7
    OpenSC#4 0x5e0985 in sc_pkcs15_fix_ec_parameters /home/vhanulik/devel/OpenSC/src/libopensc/pkcs15-pubkey.c:1698:9
    OpenSC#5 0x56b9c7 in check_keygen_params_consistency /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:2369:8
    OpenSC#6 0x56a07a in sc_pkcs15init_generate_key /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:1468:6
    OpenSC#7 0x585394 in LLVMFuzzerTestOneInput /home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init.c:421:13
    OpenSC#8 0x45b2c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x45b2c0)
    OpenSC#9 0x43be53 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x43be53)
    OpenSC#10 0x445481 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x445481)
    OpenSC#11 0x432d16 in main (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x432d16)
    OpenSC#12 0x7fc522555492 in __libc_start_main (/lib64/libc.so.6+0x23492)
xhanulik added a commit to xhanulik/OpenSC that referenced this pull request Jan 9, 2022
@xhanulik
pkcs15-libs.c: Free der value in ecparams
409abb9 
Direct leak of 10 byte(s) in 1 object(s) allocated from:
    #0 0x519260 in realloc (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x519260)
    OpenSC#1 0x59ee3c in asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2022:16
    OpenSC#2 0x59eff2 in _sc_asn1_encode /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2050:9
    OpenSC#3 0x59f315 in sc_encode_oid /home/vhanulik/devel/OpenSC/src/libopensc/asn1.c:2091:7
    OpenSC#4 0x5e0985 in sc_pkcs15_fix_ec_parameters /home/vhanulik/devel/OpenSC/src/libopensc/pkcs15-pubkey.c:1698:9
    OpenSC#5 0x56b9c7 in check_keygen_params_consistency /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:2369:8
    OpenSC#6 0x56a07a in sc_pkcs15init_generate_key /home/vhanulik/devel/OpenSC/src/tests/fuzzing/../../../src/pkcs15init/pkcs15-lib.c:1468:6
    OpenSC#7 0x585394 in LLVMFuzzerTestOneInput /home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init.c:421:13
    OpenSC#8 0x45b2c0 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x45b2c0)
    OpenSC#9 0x43be53 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x43be53)
    OpenSC#10 0x445481 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x445481)
    OpenSC#11 0x432d16 in main (/home/vhanulik/devel/OpenSC/src/tests/fuzzing/fuzz_pkcs15init+0x432d16)
    OpenSC#12 0x7fc522555492 in __libc_start_main (/lib64/libc.so.6+0x23492)
@jpbowling jpbowling mentioned this pull request May 18, 2022
Closed
@MkfsSion MkfsSion mentioned this pull request May 25, 2022
Merged
1 task
frankmorgner pushed a commit that referenced this pull request Mar 22, 2023
@jurajsarinay
support for Slovak eID cards (#2672)
d952a9f 
## Driver

The card runs CardOS 5.4, the new driver is therefore a stripped-down version of ```card-cardos.c``` The only place where I have to diverge from the original driver is ```set_security_env```, because the card expects ```MSE RESTORE``` instead of ```MSE SET```. I abuse ```key_ref``` to store the corresponding ```seIdentifier```, as our pkcs\#15 structures do not include the entry.

Because the card shares the ATR with other CardOS 5.4 cards, the new driver precedes ```cardos-driver``` within ```internal_card_drivers[]```.

## PKCS\#15 emulation

Within EF.DIR there are 5 applications. The last two carry (apparently not entirely usable) PKCS\#15 structures. 

```pkcs15-skeid.c``` binds the _fourth_ application in the list. Otherwise ```sc_pkcs15_bind_internal``` would get called and create an unusable token. In the case of the fifth application this is prevented by ```SC_PKCS11_FRAMEWORK_DATA_MAX_NUM = 4```.

Because there is no point in calling ```sc_pkcs15_bind_internal``` for this card, I added it to ```sc_pkcs15_is_emulation_only```. This does not prevent ```sc_pkcs15_bind_internal``` from [getting called](https://github.com/OpenSC/OpenSC/blob/70771735ae10180bb039043b9a1b00b66bf00fc1/src/libopensc/pkcs15.c#L1296
) though (if synthetic binding was unsuccessful).

I consider this behaviour a bit counterintuitive. I mention it here to report on and justify what I have done, it has no noticeable effect on my driver (any more). Let me know if ```sc_pkcs15_is_emulation_only``` warrants a separate GitHub issue.

## PINs

There is a global User PIN labeled BOK. The qualified certificate (key) requires user consent and a separate (local) Signature PIN labeled KEP. The "official" proprietary PKCS\#11 module requires both the codes for every signature. Fortunately, the card is happy with the Signature PIN only, as there seems to be no convenient way to have multiple PIN codes per slot. 

I considered emulating (parts of) the "official" behaviour wihtin a custom ```pin_cmd``` that contained the following:

```C
    if (data->pin_reference == 0x87 && data->cmd != SC_PIN_CMD_CHANGE && data->pin_type != SC_AC_CONTEXT_SPECIFIC)
        {
               sc_log(card->ctx, "Non-specific KEP PIN encountered, handling it as BOK instead.");
               data->pin_reference = 0x03;
       }

```
I ultimately decided against the idea. It adds complexity (or confusion) and provides little benefit. I mention the issue because it is connected to a failure in ```pkcs11-tool --test --slot 1 --login```: [log](https://github.com/OpenSC/OpenSC/files/10326667/pkcs11-tool_test_slot_1.log).

Because the local Signature PIN is used for the session, ```test_verify()``` fails [here](https://github.com/OpenSC/OpenSC/blob/70771735ae10180bb039043b9a1b00b66bf00fc1/src/tools/pkcs11-tool.c#L6639).

The card enforces CKA_ALWAYS_AUTHENTICATE and therefore reports that the Signature PIN is (no longer) verified, apparently because signatures have been computed during ```test_signature()```. The only effect of this is that the built-in test fails even though the token works (reasonably) well.

The above ```pin_cmd``` hack would result in a passed ```pkcs11-tool --test --slot 1 --login```.

I include this information mainly to justify a PR with a failed test attached. If the behaviour of ```pkcs11-tool --test``` in the context of a local Signature PIN and ```user_consent``` warrants a separate GitHub issue, do please let me know.

For completeness,  [here](https://github.com/OpenSC/OpenSC/files/10326703/pkcs11-tool_test_slot_0.log) is the output of ```pkcs11-tool --test --slot 0 --login```.
@Jakuje Jakuje mentioned this pull request Aug 1, 2023
Closed
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Sep 12, 2023
@Jakuje
p11test: Do not test weird inputs lengths with ECDSA mechanism
18a84e4 
It is usually made to work only with known digest sizes, regardless
what the PKCS OpenSC#11 specification says about that it should work
with any input lengths.
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Sep 15, 2023
@Jakuje
p11test: Do not test weird inputs lengths with ECDSA mechanism
f7e0e05 
It is usually made to work only with known digest sizes, regardless
what the PKCS OpenSC#11 specification says about that it should work
with any input lengths.
Jakuje added a commit to Jakuje/OpenSC that referenced this pull request Sep 19, 2023
@Jakuje
p11test: Do not test weird inputs lengths with ECDSA mechanism
e0223dc 
It is usually made to work only with known digest sizes, regardless
what the PKCS OpenSC#11 specification says about that it should work
with any input lengths.
Jakuje added a commit that referenced this pull request Sep 21, 2023
@Jakuje
p11test: Do not test weird inputs lengths with ECDSA mechanism
6414aec 
It is usually made to work only with known digest sizes, regardless
what the PKCS #11 specification says about that it should work
with any input lengths.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dengert @viktorTarasov