-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sc-hsm-tool: Add options for public key authentication #1711
Closed
Closed
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
eee3f76
pkcs11-tool: Add prime521v1 curve
4a8d484
pkcs11-tool: Add secp521k1 curve
81ca015
sc-hsm-tool: Add options for public key auth
ccdbc6d
sc-hsm: Initialize card with public key auth
dec0dd3
sc-hsm-tool: Add option --export-for-pub-key-auth
0a074f5
sc-hsm-tool: Add option --register-public-key
9e5058c
sc-hsm-tool: Add option --public-key-auth-status
997b2f7
coding style
e9be520
convert spaces to tabs (consistent coding style)
ad35788
sc-hsm: use memcpy() instead of strncpy()
b340b09
sc-hsm: use smaller recvbuf
99faf14
sc-hsm: use sc_format_apdu_ex()
bf097e4
sc-hsm-tool: use fread_to_eof()
1e46ee4
sc-hsm: fix messed up formatting
60004bb
sc-hsm: fix error message
6c69699
sc-hsm-tool: improve argument checks
6287346
Revert "sc-hsm-tool: use fread_to_eof()"
5f14397
sc-hsm-tool: simplify argument checks
953b64f
sc-hsm-tool: use goto for error handling
de3d8e4
sc-hsm: strlen() -> strnlen()
5729c5e
sc-hsm-tool: check for expected tags (.pka files)
c06a843
adjust sc_format_apdu_ex() calls
1eddb58
check for possible out of bounds write
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
sc-hsm-tool: use goto for error handling
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use sc_pkcs15emu_sc_hsm_decode_cvc for parsing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding EF_C_DevAut I can see that it is set in the static function
sc_hsm_perform_chip_authentication()
.sc_hsm_perform_chip_authentication()
is only called fromsc_hsm_pin_cmd()
. That is, filling EF_C_DevAut currently requires PIN entry, which is not necessary for my implementation.What would be a good way to use EF_C_DevAut, ideally without PIN entry?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding
sc_pkcs15emu_sc_hsm_decode_cvc()
: I spent many hours trying to get it to work.Like I wrote in #1711 (comment), I wasn't able to parse the device certificate and the device issuer certificate with it. For the public key,
sc_cvc_t.car
is filled correctly, butsc_cvc_t.outer_car
contains garbage. Unfortunately, I couldn't figure out what the problem is.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The basic idea is in sc-hsm-tool to
struct sc_hsm_private_data *
and use itsEF_C_DevAut
if it's available.Additionally, you may want to transfer ownership of a newly read EF_C_DevAut to the driver for re-use. You don't need to perform CA to do this.