Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sc-hsm-tool: Add options for public key authentication #1711

Closed
wants to merge 23 commits into from
Closed

sc-hsm-tool: Add options for public key authentication #1711

Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
eee3f76
pkcs11-tool: Add prime521v1 curve
Mar 29, 2019
4a8d484
pkcs11-tool: Add secp521k1 curve
Mar 29, 2019
81ca015
sc-hsm-tool: Add options for public key auth
May 15, 2018
ccdbc6d
sc-hsm: Initialize card with public key auth
May 15, 2018
dec0dd3
sc-hsm-tool: Add option --export-for-pub-key-auth
Aug 8, 2018
0a074f5
sc-hsm-tool: Add option --register-public-key
Aug 8, 2018
9e5058c
sc-hsm-tool: Add option --public-key-auth-status
Jun 11, 2019
997b2f7
coding style
Jun 18, 2019
e9be520
convert spaces to tabs (consistent coding style)
Jun 20, 2019
ad35788
sc-hsm: use memcpy() instead of strncpy()
Jun 20, 2019
b340b09
sc-hsm: use smaller recvbuf
Jun 20, 2019
99faf14
sc-hsm: use sc_format_apdu_ex()
Jun 20, 2019
bf097e4
sc-hsm-tool: use fread_to_eof()
Jun 20, 2019
1e46ee4
sc-hsm: fix messed up formatting
Jun 20, 2019
60004bb
sc-hsm: fix error message
Jun 20, 2019
6c69699
sc-hsm-tool: improve argument checks
Jun 20, 2019
6287346
Revert "sc-hsm-tool: use fread_to_eof()"
Jun 20, 2019
5f14397
sc-hsm-tool: simplify argument checks
Jun 20, 2019
953b64f
sc-hsm-tool: use goto for error handling
Jun 20, 2019
de3d8e4
sc-hsm: strlen() -> strnlen()
Jun 20, 2019
5729c5e
sc-hsm-tool: check for expected tags (.pka files)
Jun 20, 2019
c06a843
adjust sc_format_apdu_ex() calls
Oct 17, 2019
1eddb58
check for possible out of bounds write
Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
check for possible out of bounds write
  • Loading branch information
Frank Braun committed Oct 29, 2019
commit 1eddb58cfbdadce46f47ca5615811da39edb64c8
8 changes: 6 additions & 2 deletions src/libopensc/card-sc-hsm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1440,7 +1440,7 @@ static int sc_hsm_unwrap_key(sc_card_t *card, sc_cardctl_sc_hsm_wrapped_key_t *p



static int get_CAR(u8 *carstr, sc_context_t *ctx, const u8 *buf, size_t buflen)
static int get_CAR(u8 *carstr, size_t carstr_len, sc_context_t *ctx, const u8 *buf, size_t buflen)
{
const u8 *cb = NULL, *car = NULL;
size_t taglen;
Expand All @@ -1460,6 +1460,10 @@ static int get_CAR(u8 *carstr, sc_context_t *ctx, const u8 *buf, size_t buflen)
}

/* return CAR */
if (taglen > carstr_len) {
fprintf(stderr, "Output buffer too small.\n");
LOG_FUNC_RETURN(ctx, SC_ERROR_BUFFER_TOO_SMALL);
}
memcpy(carstr, car, taglen);
frankbraun marked this conversation as resolved.
Show resolved Hide resolved
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe you also want to look at OpenPACE for more extended parsing/verification of CVCs. If you want to keep this self sustained within OpenSC, you should use sc_pkcs15emu_sc_hsm_decode_cvc()

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to parse this with sc_pkcs15emu_sc_hsm_decode_cvc(), but wasn't able to. I got the following error:

Required ASN.1 object not found

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea is not to parse ASN.1 by hand. Please check what object is missing and why.

Expand Down Expand Up @@ -1499,7 +1503,7 @@ static int verify_certificate(sc_card_t *card, const u8 *cert, size_t cert_len,
}

/* select public key for verification */
r = get_CAR(car, card->ctx, cert, cert_len);
r = get_CAR(car, sizeof car, card->ctx, cert, cert_len);
LOG_TEST_RET(card->ctx, r, "cannot parse CAR");
car_len = strnlen((const char*) car, sizeof car);

Expand Down