opensc-0.18.0-1 (#1567503)
This commit is contained in:
Jakub Jelen
parent
b7fabe1728
commit
6091968cf5
@ -1,204 +0,0 @@
|
||||
From 6dc118e1c3b89c50cda1998de1d62fa6fa666e60 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 3 Nov 2017 10:55:35 +0100
|
||||
Subject: [PATCH 1/3] Enable CAC ALT token card operations
|
||||
|
||||
---
|
||||
src/libopensc/card-cac.c | 33 +++++++++++++++++++++++++++++++++
|
||||
1 file changed, 33 insertions(+)
|
||||
|
||||
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
||||
index 82f5c7869..bc0a754a5 100644
|
||||
--- a/src/libopensc/card-cac.c
|
||||
+++ b/src/libopensc/card-cac.c
|
||||
@@ -229,6 +229,12 @@ static int cac_add_object_to_list(list_t *list, const cac_object_t *object)
|
||||
#define CAC_1_RID "\xA0\x00\x00\x00\x79"
|
||||
#define CAC_1_CM_AID "\xA0\x00\x00\x00\x30\x00\00"
|
||||
|
||||
+static const sc_path_t cac_ACA_Path = {
|
||||
+ "", 0,
|
||||
+ 0,0,SC_PATH_TYPE_DF_NAME,
|
||||
+ { CAC_TO_AID(CAC_1_RID "\x10\x00") }
|
||||
+};
|
||||
+
|
||||
static const sc_path_t cac_CCC_Path = {
|
||||
"", 0,
|
||||
0,0,SC_PATH_TYPE_DF_NAME,
|
||||
@@ -284,6 +290,8 @@ static const cac_object_t cac_1_objects[] = {
|
||||
static const int cac_1_object_count = sizeof(cac_1_objects)/sizeof(cac_1_objects[0]);
|
||||
|
||||
|
||||
+static int cac_select_ACA(sc_card_t *card);
|
||||
+
|
||||
/*
|
||||
* use the object id to find our object info on the object in our CAC-1 list
|
||||
*/
|
||||
@@ -815,6 +823,8 @@ static int cac_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
||||
case SC_CARDCTL_CAC_FINAL_GET_GENERIC_OBJECTS:
|
||||
return cac_final_iterator(&priv->general_list);
|
||||
case SC_CARDCTL_CAC_FINAL_GET_CERT_OBJECTS:
|
||||
+ /* select ACA to be able to verify PIN */
|
||||
+ cac_select_ACA(card);
|
||||
return cac_final_iterator(&priv->pki_list);
|
||||
}
|
||||
|
||||
@@ -1157,6 +1167,12 @@ static int cac_select_CCC(sc_card_t *card)
|
||||
return cac_select_file_by_type(card, &cac_CCC_Path, NULL, SC_CARD_TYPE_CAC_II);
|
||||
}
|
||||
|
||||
+/* Select ACA in non-standard location */
|
||||
+static int cac_select_ACA(sc_card_t *card)
|
||||
+{
|
||||
+ return cac_select_file_by_type(card, &cac_ACA_Path, NULL, SC_CARD_TYPE_CAC_II);
|
||||
+}
|
||||
+
|
||||
static int cac_path_from_cardurl(sc_card_t *card, sc_path_t *path, cac_card_url_t *val, int len)
|
||||
{
|
||||
if (len < 10) {
|
||||
@@ -1476,6 +1492,23 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
||||
}
|
||||
}
|
||||
|
||||
+ /* Even some ALT tokens can be missing CCC so we should try with ACA */
|
||||
+ r = cac_select_ACA(card);
|
||||
+ if (r == SC_SUCCESS) {
|
||||
+ r = cac_find_first_pki_applet(card, &index);
|
||||
+ if (r == SC_SUCCESS) {
|
||||
+ priv = cac_new_private_data();
|
||||
+ if (!priv)
|
||||
+ return SC_ERROR_OUT_OF_MEMORY;
|
||||
+ r = cac_populate_cac_1(card, index, priv);
|
||||
+ if (r == SC_SUCCESS) {
|
||||
+ card->type = SC_CARD_TYPE_CAC_II;
|
||||
+ card->drv_data = priv;
|
||||
+ return r;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/* is this a CAC-1 specified in DoD "CAC Applet Developer Guide" version 1.0 September 2002 */
|
||||
r = cac_find_first_pki_applet(card, &index);
|
||||
if (r == SC_SUCCESS) {
|
||||
|
||||
From 68c52640a3eff078243fd2db627cf2d12fdd37de Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Mon, 6 Nov 2017 12:37:40 +0100
|
||||
Subject: [PATCH 2/3] Add the ACA path to the PIN structure if we have one
|
||||
|
||||
---
|
||||
src/libopensc/card-cac.c | 25 +++++++++++++++++++------
|
||||
src/libopensc/cardctl.h | 1 +
|
||||
src/libopensc/pkcs15-cac.c | 6 ++++++
|
||||
3 files changed, 26 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
||||
index bc0a754a5..178150d35 100644
|
||||
--- a/src/libopensc/card-cac.c
|
||||
+++ b/src/libopensc/card-cac.c
|
||||
@@ -169,6 +169,7 @@ typedef struct cac_private_data {
|
||||
cac_object_t *pki_current; /* current pki object _ctl function */
|
||||
list_t general_list; /* list of general containers */
|
||||
cac_object_t *general_current; /* current object for _ctl function */
|
||||
+ sc_path_t *aca_path; /* ACA path to be selected before pin verification */
|
||||
} cac_private_data_t;
|
||||
|
||||
#define CAC_DATA(card) ((cac_private_data_t*)card->drv_data)
|
||||
@@ -207,6 +208,7 @@ static void cac_free_private_data(cac_private_data_t *priv)
|
||||
{
|
||||
free(priv->cac_id);
|
||||
free(priv->cache_buf);
|
||||
+ free(priv->aca_path);
|
||||
list_destroy(&priv->pki_list);
|
||||
list_destroy(&priv->general_list);
|
||||
free(priv);
|
||||
@@ -289,9 +291,6 @@ static const cac_object_t cac_1_objects[] = {
|
||||
|
||||
static const int cac_1_object_count = sizeof(cac_1_objects)/sizeof(cac_1_objects[0]);
|
||||
|
||||
-
|
||||
-static int cac_select_ACA(sc_card_t *card);
|
||||
-
|
||||
/*
|
||||
* use the object id to find our object info on the object in our CAC-1 list
|
||||
*/
|
||||
@@ -793,11 +792,21 @@ static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* seri
|
||||
if (priv->cac_id_len) {
|
||||
serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR);
|
||||
memcpy(serial->value, priv->cac_id, priv->cac_id_len);
|
||||
- SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
|
||||
}
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
+static int cac_get_ACA_path(sc_card_t *card, sc_path_t *path)
|
||||
+{
|
||||
+ cac_private_data_t * priv = CAC_DATA(card);
|
||||
+
|
||||
+ SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL);
|
||||
+ if (priv->aca_path) {
|
||||
+ *path = *priv->aca_path;
|
||||
+ }
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS);
|
||||
+}
|
||||
|
||||
static int cac_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
||||
{
|
||||
@@ -810,6 +819,8 @@ static int cac_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
||||
LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
|
||||
}
|
||||
switch(cmd) {
|
||||
+ case SC_CARDCTL_CAC_GET_ACA_PATH:
|
||||
+ return cac_get_ACA_path(card, (sc_path_t *) ptr);
|
||||
case SC_CARDCTL_GET_SERIALNR:
|
||||
return cac_get_serial_nr_from_CUID(card, (sc_serial_number_t *) ptr);
|
||||
case SC_CARDCTL_CAC_INIT_GET_GENERIC_OBJECTS:
|
||||
@@ -823,8 +834,6 @@ static int cac_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
|
||||
case SC_CARDCTL_CAC_FINAL_GET_GENERIC_OBJECTS:
|
||||
return cac_final_iterator(&priv->general_list);
|
||||
case SC_CARDCTL_CAC_FINAL_GET_CERT_OBJECTS:
|
||||
- /* select ACA to be able to verify PIN */
|
||||
- cac_select_ACA(card);
|
||||
return cac_final_iterator(&priv->pki_list);
|
||||
}
|
||||
|
||||
@@ -1502,6 +1511,10 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
r = cac_populate_cac_1(card, index, priv);
|
||||
if (r == SC_SUCCESS) {
|
||||
+ priv->aca_path = malloc(sizeof(sc_path_t));
|
||||
+ if (!priv->aca_path)
|
||||
+ return SC_ERROR_OUT_OF_MEMORY;
|
||||
+ memcpy(priv->aca_path, &cac_ACA_Path, sizeof(sc_path_t));
|
||||
card->type = SC_CARD_TYPE_CAC_II;
|
||||
card->drv_data = priv;
|
||||
return r;
|
||||
diff --git a/src/libopensc/cardctl.h b/src/libopensc/cardctl.h
|
||||
index b647b0537..b610eacc7 100644
|
||||
--- a/src/libopensc/cardctl.h
|
||||
+++ b/src/libopensc/cardctl.h
|
||||
@@ -220,6 +220,7 @@ enum {
|
||||
SC_CARDCTL_CAC_INIT_GET_CERT_OBJECTS,
|
||||
SC_CARDCTL_CAC_GET_NEXT_CERT_OBJECT,
|
||||
SC_CARDCTL_CAC_FINAL_GET_CERT_OBJECTS,
|
||||
+ SC_CARDCTL_CAC_GET_ACA_PATH,
|
||||
|
||||
/*
|
||||
* AuthentIC v3
|
||||
diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
|
||||
index fd463a9b4..ff87a2345 100644
|
||||
--- a/src/libopensc/pkcs15-cac.c
|
||||
+++ b/src/libopensc/pkcs15-cac.c
|
||||
@@ -250,6 +250,12 @@ static int sc_pkcs15emu_cac_init(sc_pkcs15_card_t *p15card)
|
||||
strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1);
|
||||
pin_obj.flags = pins[i].obj_flags;
|
||||
|
||||
+ /* get the ACA path in case it needs to be selected before PIN verify */
|
||||
+ r = sc_card_ctl(card, SC_CARDCTL_CAC_GET_ACA_PATH, &pin_info.path);
|
||||
+ if (r < 0) {
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
+ }
|
||||
+
|
||||
r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
|
||||
if (r < 0)
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
@ -1,78 +0,0 @@
|
||||
From 74885fb1c174468cc0a505cd7404e228d465efd8 Mon Sep 17 00:00:00 2001
|
||||
From: AnthonyA <ascanio.alba7@gmail.com>
|
||||
Date: Tue, 27 Mar 2018 00:48:05 +0000
|
||||
Subject: [PATCH] pkcs11-tool: allow mechanism to be specified in hexadecimal
|
||||
|
||||
To support vendor mechanisms, let -m accept hexadecimal strings,
|
||||
e.g., -m 0x80001234
|
||||
---
|
||||
doc/tools/pkcs11-tool.1.xml | 3 ++-
|
||||
src/tools/pkcs11-tool.c | 5 ++++-
|
||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml
|
||||
index f8d638b45..e78570b10 100644
|
||||
--- a/doc/tools/pkcs11-tool.1.xml
|
||||
+++ b/doc/tools/pkcs11-tool.1.xml
|
||||
@@ -231,7 +231,8 @@
|
||||
</term>
|
||||
<listitem><para>Use the specified <replaceable>mechanism</replaceable>
|
||||
for token operations. See <option>-M</option> for a list
|
||||
- of mechanisms supported by your token.</para></listitem>
|
||||
+ of mechanisms supported by your token. The mechanism can also be specified in
|
||||
+ hexadecimal, e.g., <replaceable>0x80001234</replaceable>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
|
||||
index 63e5c5f7f..484c019d8 100644
|
||||
--- a/src/tools/pkcs11-tool.c
|
||||
+++ b/src/tools/pkcs11-tool.c
|
||||
@@ -234,7 +234,7 @@ static const char *option_help[] = {
|
||||
"Hash some data",
|
||||
"Derive a secret key using another key and some data",
|
||||
"Derive ECDHpass DER encoded pubkey for compatibility with some PKCS#11 implementations",
|
||||
- "Specify mechanism (use -M for a list of supported mechanisms)",
|
||||
+ "Specify mechanism (use -M for a list of supported mechanisms), or by hexadecimal, e.g., 0x80001234",
|
||||
|
||||
"Log into the token first",
|
||||
"Specify login type ('so', 'user', 'context-specific'; default:'user')",
|
||||
@@ -6076,6 +6076,9 @@ static CK_MECHANISM_TYPE p11_name_to_mechanism(const char *name)
|
||||
{
|
||||
struct mech_info *mi;
|
||||
|
||||
+ if (strncasecmp("0x", name, 2) == 0) {
|
||||
+ return strtoul(name, NULL, 0);
|
||||
+ }
|
||||
for (mi = p11_mechanisms; mi->name; mi++) {
|
||||
if (!strcasecmp(mi->name, name)
|
||||
|| (mi->short_name && !strcasecmp(mi->short_name, name)))
|
||||
|
||||
|
||||
From ea4baf50d57a7a41164fedcd1b10fdb0438305c5 Mon Sep 17 00:00:00 2001
|
||||
From: AnthonyA <ascanio.alba7@gmail.com>
|
||||
Date: Mon, 19 Mar 2018 15:58:21 +0800
|
||||
Subject: [PATCH] pkcs11-tool: make ECPoint behaviour standards compliant by
|
||||
default
|
||||
|
||||
Fixes #1286. The behaviour of pkcs11-tool will follow the standard -
|
||||
send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will
|
||||
write plain bytes.
|
||||
---
|
||||
src/tools/pkcs11-tool.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
|
||||
index 876bba2dc..63e5c5f7f 100644
|
||||
--- a/src/tools/pkcs11-tool.c
|
||||
+++ b/src/tools/pkcs11-tool.c
|
||||
@@ -2632,7 +2632,7 @@ parse_ec_pkey(EVP_PKEY *pkey, int private, struct gostkey_info *gost)
|
||||
header_len = point-gost->public.value;
|
||||
memcpy(point, buf, point_len);
|
||||
gost->public.len = header_len+point_len;
|
||||
-#ifndef EC_POINT_NO_ASN1_OCTET_STRING // workaround for non-compliant cards not expecting DER encoding
|
||||
+#ifdef EC_POINT_NO_ASN1_OCTET_STRING // workaround for non-compliant cards not expecting DER encoding
|
||||
gost->public.len -= header_len;
|
||||
gost->public.value += header_len;
|
||||
#endif
|
||||
|
||||
@ -1,460 +0,0 @@
|
||||
From 8d7346406d166a9db4afd239e6669df3e3b99f79 Mon Sep 17 00:00:00 2001
|
||||
From: Feitian Technologies <hongbin@ftsafe.com>
|
||||
Date: Mon, 4 Sep 2017 19:29:24 +0800
|
||||
Subject: [PATCH] Add ECC support and solve wrong Length status codes with SM
|
||||
card
|
||||
|
||||
Fix #1073
|
||||
Fix #1115
|
||||
---
|
||||
src/libopensc/card-epass2003.c | 171 ++++++++++++++++++++++++++++++++++----
|
||||
src/libopensc/cardctl.h | 4 +-
|
||||
src/libopensc/sm.c | 2 +-
|
||||
src/pkcs15init/pkcs15-epass2003.c | 49 +++++++++--
|
||||
4 files changed, 197 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
|
||||
index 84ab64569..7feab5984 100644
|
||||
--- a/src/libopensc/card-epass2003.c
|
||||
+++ b/src/libopensc/card-epass2003.c
|
||||
@@ -98,6 +98,8 @@ typedef struct epass2003_exdata_st {
|
||||
unsigned char sk_enc[16]; /* encrypt session key */
|
||||
unsigned char sk_mac[16]; /* mac session key */
|
||||
unsigned char icv_mac[16]; /* instruction counter vector(for sm) */
|
||||
+ unsigned char currAlg; /* current Alg */
|
||||
+ unsigned int ecAlgFlags; /* Ec Alg mechanism type*/
|
||||
} epass2003_exdata;
|
||||
|
||||
#define REVERSE_ORDER4(x) ( \
|
||||
@@ -170,6 +172,7 @@ static const struct sc_card_error epass2003_errors[] = {
|
||||
static int epass2003_transmit_apdu(struct sc_card *card, struct sc_apdu *apdu);
|
||||
static int epass2003_select_file(struct sc_card *card, const sc_path_t * in_path, sc_file_t ** file_out);
|
||||
int epass2003_refresh(struct sc_card *card);
|
||||
+static int hash_data(const unsigned char *data, size_t datalen, unsigned char *hash, unsigned int mechanismType);
|
||||
|
||||
static int
|
||||
epass2003_check_sw(struct sc_card *card, unsigned int sw1, unsigned int sw2)
|
||||
@@ -403,6 +406,12 @@ sha1_digest(const unsigned char *input, size_t length, unsigned char *output)
|
||||
return openssl_dig(EVP_sha1(), input, length, output);
|
||||
}
|
||||
|
||||
+static int
|
||||
+sha256_digest(const unsigned char *input, size_t length, unsigned char *output)
|
||||
+{
|
||||
+ return openssl_dig(EVP_sha256(), input, length, output);
|
||||
+}
|
||||
+
|
||||
|
||||
static int
|
||||
gen_init_key(struct sc_card *card, unsigned char *key_enc, unsigned char *key_mac,
|
||||
@@ -1140,6 +1149,7 @@ static int
|
||||
epass2003_init(struct sc_card *card)
|
||||
{
|
||||
unsigned int flags;
|
||||
+ unsigned int ext_flags;
|
||||
unsigned char data[SC_MAX_APDU_BUFFER_SIZE] = { 0 };
|
||||
size_t datalen = SC_MAX_APDU_BUFFER_SIZE;
|
||||
epass2003_exdata *exdata = NULL;
|
||||
@@ -1192,6 +1202,11 @@ epass2003_init(struct sc_card *card)
|
||||
_sc_card_add_rsa_alg(card, 1024, flags, 0);
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
||||
|
||||
+ //set EC Alg Flags
|
||||
+ flags = SC_ALGORITHM_ONBOARD_KEY_GEN|SC_ALGORITHM_ECDSA_HASH_SHA1|SC_ALGORITHM_ECDSA_HASH_SHA256|SC_ALGORITHM_ECDSA_HASH_NONE|SC_ALGORITHM_ECDSA_RAW;
|
||||
+ ext_flags = 0;
|
||||
+ _sc_card_add_ec_alg(card, 256, flags, ext_flags, NULL);
|
||||
+
|
||||
card->caps = SC_CARD_CAP_RNG | SC_CARD_CAP_APDU_EXT;
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
@@ -1561,6 +1576,13 @@ epass2003_set_security_env(struct sc_card *card, const sc_security_env_t * env,
|
||||
u8 *p;
|
||||
unsigned short fid = 0;
|
||||
int r, locked = 0;
|
||||
+ epass2003_exdata *exdata = NULL;
|
||||
+
|
||||
+ if (!card->drv_data)
|
||||
+ return SC_ERROR_INVALID_ARGUMENTS;
|
||||
+
|
||||
+ exdata = (epass2003_exdata *)card->drv_data;
|
||||
+ exdata->currAlg = SC_ALGORITHM_RSA; //default algorithm
|
||||
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, 0x41, 0);
|
||||
switch (env->operation) {
|
||||
@@ -1590,6 +1612,28 @@ epass2003_set_security_env(struct sc_card *card, const sc_security_env_t * env,
|
||||
apdu.lc = r;
|
||||
apdu.datalen = r;
|
||||
apdu.data = sbuf;
|
||||
+
|
||||
+ if (env->algorithm == SC_ALGORITHM_EC)
|
||||
+ {
|
||||
+ apdu.p2 = 0xB6;
|
||||
+ exdata->currAlg = SC_ALGORITHM_EC;
|
||||
+ if(env->algorithm_flags | SC_ALGORITHM_ECDSA_HASH_SHA1)
|
||||
+ {
|
||||
+ sbuf[2] = 0x91;
|
||||
+ exdata->ecAlgFlags = SC_ALGORITHM_ECDSA_HASH_SHA1;
|
||||
+ }
|
||||
+ else if (env->algorithm_flags | SC_ALGORITHM_ECDSA_HASH_SHA256)
|
||||
+ {
|
||||
+ sbuf[2] = 0x92;
|
||||
+ exdata->ecAlgFlags = SC_ALGORITHM_ECDSA_HASH_SHA256;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ sc_log(card->ctx, "%0x Alg Not Support! ", env->algorithm_flags);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (se_num > 0) {
|
||||
r = sc_lock(card);
|
||||
LOG_TEST_RET(card->ctx, r, "sc_lock() failed");
|
||||
@@ -1640,7 +1684,55 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
|
||||
struct sc_apdu apdu;
|
||||
u8 rbuf[SC_MAX_APDU_BUFFER_SIZE] = { 0 };
|
||||
u8 sbuf[SC_MAX_APDU_BUFFER_SIZE] = { 0 };
|
||||
+ epass2003_exdata *exdata = NULL;
|
||||
+
|
||||
+ LOG_FUNC_CALLED(card->ctx);
|
||||
+
|
||||
+ if (!card->drv_data)
|
||||
+ return SC_ERROR_INVALID_ARGUMENTS;
|
||||
+
|
||||
+ exdata = (epass2003_exdata *)card->drv_data;
|
||||
|
||||
+ if(exdata->currAlg == SC_ALGORITHM_EC)
|
||||
+ {
|
||||
+ unsigned char hash[HASH_LEN] = { 0 };
|
||||
+ if(exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA1)
|
||||
+ {
|
||||
+ hash_data(data, datalen, hash, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
||||
+ sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
||||
+ memset(sbuf, 0, sizeof(sbuf));
|
||||
+ memcpy(sbuf, hash, 0x14);
|
||||
+ apdu.data = sbuf;
|
||||
+ apdu.lc = 0x14;
|
||||
+ apdu.datalen = 0x14;
|
||||
+ }
|
||||
+ else if (exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA256)
|
||||
+ {
|
||||
+ hash_data(data, datalen, hash, SC_ALGORITHM_ECDSA_HASH_SHA256);
|
||||
+ sc_format_apdu(card, &apdu, SC_APDU_CASE_3,0x2A, 0x9E, 0x9A);
|
||||
+ memset(sbuf, 0, sizeof(sbuf));
|
||||
+ memcpy(sbuf, hash, 0x20);
|
||||
+ apdu.data = sbuf;
|
||||
+ apdu.lc = 0x20;
|
||||
+ apdu.datalen = 0x20;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ return SC_ERROR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+ apdu.resp = rbuf;
|
||||
+ apdu.resplen = sizeof(rbuf);
|
||||
+ apdu.le = 0;
|
||||
+
|
||||
+ r = sc_transmit_apdu_t(card, &apdu);
|
||||
+ LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
||||
+ if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) {
|
||||
+ size_t len = apdu.resplen > outlen ? outlen : apdu.resplen;
|
||||
+ memcpy(out, apdu.resp, len);
|
||||
+ LOG_FUNC_RETURN(card->ctx, len);
|
||||
+ }
|
||||
+ LOG_FUNC_RETURN(card->ctx, sc_check_sw(card, apdu.sw1, apdu.sw2));
|
||||
+ }
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_EXT, 0x2A, 0x80, 0x86);
|
||||
apdu.resp = rbuf;
|
||||
apdu.resplen = sizeof(rbuf);
|
||||
@@ -1862,11 +1954,13 @@ epass2003_construct_fci(struct sc_card *card, const sc_file_t * file,
|
||||
|
||||
}
|
||||
else if (file->type == SC_FILE_TYPE_INTERNAL_EF) {
|
||||
- if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) {
|
||||
+ if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT ||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_CRT) {
|
||||
buf[0] = 0x11;
|
||||
buf[1] = 0x00;
|
||||
}
|
||||
- else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
|
||||
+ else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC ||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC) {
|
||||
buf[0] = 0x12;
|
||||
buf[1] = 0x00;
|
||||
}
|
||||
@@ -1903,7 +1997,9 @@ epass2003_construct_fci(struct sc_card *card, const sc_file_t * file,
|
||||
}
|
||||
else if (file->type == SC_FILE_TYPE_INTERNAL_EF) {
|
||||
if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT ||
|
||||
- file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_CRT||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC) {
|
||||
buf[0] = (file->size >> 8) & 0xFF;
|
||||
buf[1] = file->size & 0xFF;
|
||||
sc_asn1_put_tag(0x85, buf, 2, p, *outlen - (p - out), &p);
|
||||
@@ -1942,13 +2038,14 @@ epass2003_construct_fci(struct sc_card *card, const sc_file_t * file,
|
||||
ops[3] = SC_AC_OP_DELETE;
|
||||
}
|
||||
else if (file->type == SC_FILE_TYPE_INTERNAL_EF) {
|
||||
- if (file->ef_structure ==
|
||||
- SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) {
|
||||
+ if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT ||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_CRT) {
|
||||
ops[1] = SC_AC_OP_UPDATE;
|
||||
ops[2] = SC_AC_OP_CRYPTO;
|
||||
ops[3] = SC_AC_OP_DELETE;
|
||||
}
|
||||
- else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
|
||||
+ else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC) {
|
||||
ops[0] = SC_AC_OP_READ;
|
||||
ops[1] = SC_AC_OP_UPDATE;
|
||||
ops[2] = SC_AC_OP_CRYPTO;
|
||||
@@ -1973,13 +2070,22 @@ epass2003_construct_fci(struct sc_card *card, const sc_file_t * file,
|
||||
buf[ii] = rv;
|
||||
}
|
||||
sc_asn1_put_tag(0x86, buf, sizeof(ops), p, *outlen - (p - out), &p);
|
||||
+ if(file->size == 256)
|
||||
+ {
|
||||
+ out[4]= 0x13;
|
||||
+ }
|
||||
|
||||
}
|
||||
|
||||
/* VT ??? */
|
||||
- if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
|
||||
+ if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC||
|
||||
+ file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC) {
|
||||
unsigned char data[2] = {0x00, 0x66};
|
||||
sc_asn1_put_tag(0x87, data, sizeof(data), p, *outlen - (p - out), &p);
|
||||
+ if(file->size == 256)
|
||||
+ {
|
||||
+ out[4]= 0x14;
|
||||
+ }
|
||||
}
|
||||
|
||||
out[1] = p - out - 2;
|
||||
@@ -2129,19 +2235,36 @@ internal_write_rsa_key(struct sc_card *card, unsigned short fid, struct sc_pkcs1
|
||||
|
||||
|
||||
static int
|
||||
-hash_data(unsigned char *data, size_t datalen, unsigned char *hash)
|
||||
+hash_data(const unsigned char *data, size_t datalen, unsigned char *hash, unsigned int mechanismType)
|
||||
{
|
||||
- unsigned char data_hash[24] = { 0 };
|
||||
- size_t len = 0;
|
||||
|
||||
if ((NULL == data) || (NULL == hash))
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
- sha1_digest(data, datalen, data_hash);
|
||||
+ if(mechanismType | SC_ALGORITHM_ECDSA_HASH_SHA1)
|
||||
+ {
|
||||
+ unsigned char data_hash[24] = { 0 };
|
||||
+ size_t len = 0;
|
||||
|
||||
- len = REVERSE_ORDER4(datalen);
|
||||
- memcpy(&data_hash[20], &len, 4);
|
||||
- memcpy(hash, data_hash, 24);
|
||||
+ sha1_digest(data, datalen, data_hash);
|
||||
+ len = REVERSE_ORDER4(datalen);
|
||||
+ memcpy(&data_hash[20], &len, 4);
|
||||
+ memcpy(hash, data_hash, 24);
|
||||
+ }
|
||||
+ else if(mechanismType | SC_ALGORITHM_ECDSA_HASH_SHA256)
|
||||
+ {
|
||||
+ unsigned char data_hash[36] = { 0 };
|
||||
+ size_t len = 0;
|
||||
+
|
||||
+ sha256_digest(data, datalen, data_hash);
|
||||
+ len = REVERSE_ORDER4(datalen);
|
||||
+ memcpy(&data_hash[32], &len, 4);
|
||||
+ memcpy(hash, data_hash, 36);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ return SC_ERROR_NOT_SUPPORTED;
|
||||
+ }
|
||||
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
@@ -2214,7 +2337,7 @@ internal_install_pin(struct sc_card *card, sc_epass2003_wkey_data * pin)
|
||||
int r;
|
||||
unsigned char hash[HASH_LEN] = { 0 };
|
||||
|
||||
- r = hash_data(pin->key_data.es_secret.key_val, pin->key_data.es_secret.key_len, hash);
|
||||
+ r = hash_data(pin->key_data.es_secret.key_val, pin->key_data.es_secret.key_len, hash, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
||||
LOG_TEST_RET(card->ctx, r, "hash data failed");
|
||||
|
||||
r = install_secret_key(card, 0x04, pin->key_data.es_secret.kid,
|
||||
@@ -2265,7 +2388,14 @@ epass2003_gen_key(struct sc_card *card, sc_epass2003_gen_key_data * data)
|
||||
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
- sbuf[0] = 0x01;
|
||||
+ if(len == 256)
|
||||
+ {
|
||||
+ sbuf[0] = 0x02;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ sbuf[0] = 0x01;
|
||||
+ }
|
||||
sbuf[1] = (u8) ((len >> 8) & 0xff);
|
||||
sbuf[2] = (u8) (len & 0xff);
|
||||
sbuf[3] = (u8) ((data->prkey_id >> 8) & 0xFF);
|
||||
@@ -2285,6 +2415,10 @@ epass2003_gen_key(struct sc_card *card, sc_epass2003_gen_key_data * data)
|
||||
|
||||
/* read public key */
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0xb4, 0x02, 0x00);
|
||||
+ if(len == 256)
|
||||
+ {
|
||||
+ apdu.p1 = 0x00;
|
||||
+ }
|
||||
apdu.cla = 0x80;
|
||||
apdu.lc = apdu.datalen = 2;
|
||||
apdu.data = &sbuf[5];
|
||||
@@ -2349,6 +2483,7 @@ epass2003_card_ctl(struct sc_card *card, unsigned long cmd, void *ptr)
|
||||
{
|
||||
LOG_FUNC_CALLED(card->ctx);
|
||||
|
||||
+ sc_log(card->ctx, "cmd is %0lx", cmd);
|
||||
switch (cmd) {
|
||||
case SC_CARDCTL_ENTERSAFE_WRITE_KEY:
|
||||
return epass2003_write_key(card, (sc_epass2003_wkey_data *) ptr);
|
||||
@@ -2474,7 +2609,7 @@ external_key_auth(struct sc_card *card, unsigned char kid,
|
||||
r = sc_get_challenge(card, random, 8);
|
||||
LOG_TEST_RET(card->ctx, r, "get challenge external_key_auth failed");
|
||||
|
||||
- r = hash_data(data, datalen, hash);
|
||||
+ r = hash_data(data, datalen, hash, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
||||
LOG_TEST_RET(card->ctx, r, "hash data failed");
|
||||
|
||||
des3_encrypt_cbc(hash, HASH_LEN, iv, random, 8, tmp_data);
|
||||
@@ -2501,7 +2636,7 @@ update_secret_key(struct sc_card *card, unsigned char ktype, unsigned char kid,
|
||||
unsigned char tmp_data[256] = { 0 };
|
||||
unsigned char maxtries = 0;
|
||||
|
||||
- r = hash_data(data, datalen, hash);
|
||||
+ r = hash_data(data, datalen, hash, SC_ALGORITHM_ECDSA_HASH_SHA1);
|
||||
LOG_TEST_RET(card->ctx, r, "hash data failed");
|
||||
|
||||
r = get_external_key_maxtries(card, &maxtries);
|
||||
diff --git a/src/libopensc/cardctl.h b/src/libopensc/cardctl.h
|
||||
index 9a58427b7..b647b0537 100644
|
||||
--- a/src/libopensc/cardctl.h
|
||||
+++ b/src/libopensc/cardctl.h
|
||||
@@ -490,7 +490,9 @@ enum SC_CARDCTL_OBERTHUR_KEY_TYPE {
|
||||
SC_CARDCTL_OBERTHUR_KEY_RSA_SFM,
|
||||
SC_CARDCTL_OBERTHUR_KEY_RSA_CRT,
|
||||
SC_CARDCTL_OBERTHUR_KEY_DSA_PUBLIC,
|
||||
- SC_CARDCTL_OBERTHUR_KEY_DSA_PRIVATE
|
||||
+ SC_CARDCTL_OBERTHUR_KEY_DSA_PRIVATE,
|
||||
+ SC_CARDCTL_OBERTHUR_KEY_EC_CRT,
|
||||
+ SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC
|
||||
};
|
||||
|
||||
struct sc_cardctl_oberthur_genkey_info {
|
||||
diff --git a/src/libopensc/sm.c b/src/libopensc/sm.c
|
||||
index 94f7ce7c3..877a5ef12 100644
|
||||
--- a/src/libopensc/sm.c
|
||||
+++ b/src/libopensc/sm.c
|
||||
@@ -157,7 +157,7 @@ sc_sm_single_transmit(struct sc_card *card, struct sc_apdu *apdu)
|
||||
}
|
||||
|
||||
/* send APDU flagged as NO_SM */
|
||||
- sm_apdu->flags |= SC_APDU_FLAGS_NO_SM;
|
||||
+ sm_apdu->flags |= SC_APDU_FLAGS_NO_SM | SC_APDU_FLAGS_NO_RETRY_WL;
|
||||
rv = sc_transmit_apdu(card, sm_apdu);
|
||||
if (rv < 0) {
|
||||
card->sm_ctx.ops.free_sm_apdu(card, apdu, &sm_apdu);
|
||||
diff --git a/src/pkcs15init/pkcs15-epass2003.c b/src/pkcs15init/pkcs15-epass2003.c
|
||||
index 3be5ab856..786a71258 100644
|
||||
--- a/src/pkcs15init/pkcs15-epass2003.c
|
||||
+++ b/src/pkcs15init/pkcs15-epass2003.c
|
||||
@@ -312,6 +312,16 @@ cosm_new_file(struct sc_profile *profile, struct sc_card *card,
|
||||
num);
|
||||
while (1) {
|
||||
switch (type) {
|
||||
+ case SC_PKCS15_TYPE_PRKEY_EC:
|
||||
+ desc = "RSA private key";
|
||||
+ _template = "private-key";
|
||||
+ structure = SC_CARDCTL_OBERTHUR_KEY_EC_CRT;
|
||||
+ break;
|
||||
+ case SC_PKCS15_TYPE_PUBKEY_EC:
|
||||
+ desc = "RSA public key";
|
||||
+ _template = "public-key";
|
||||
+ structure = SC_CARDCTL_OBERTHUR_KEY_EC_PUBLIC;
|
||||
+ break;
|
||||
case SC_PKCS15_TYPE_PRKEY_RSA:
|
||||
desc = "RSA private key";
|
||||
_template = "private-key";
|
||||
@@ -497,11 +507,14 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
- if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA)
|
||||
+ if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA && obj->type != SC_PKCS15_TYPE_PRKEY_EC)
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
|
||||
+ if(obj->type == SC_PKCS15_TYPE_PRKEY_EC && keybits == 0)
|
||||
+ keybits = 256; //EC key length is 256 ...
|
||||
+
|
||||
/* allocate key object */
|
||||
- r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PRKEY_RSA, idx, &file);
|
||||
+ r = cosm_new_file(profile, card, obj->type, idx, &file); //replace SC_PKCS15_TYPE_PRKEY_RSA with obj->type
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"create key: failed to allocate new key object");
|
||||
file->size = keybits;
|
||||
@@ -525,11 +538,18 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
||||
"index %"SC_FORMAT_LEN_SIZE_T"u; keybits %"SC_FORMAT_LEN_SIZE_T"u\n",
|
||||
idx, keybits);
|
||||
if (keybits < 1024 || keybits > 2048 || (keybits % 0x20)) {
|
||||
- sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
- "Unsupported key size %"SC_FORMAT_LEN_SIZE_T"u\n",
|
||||
- keybits);
|
||||
- r = SC_ERROR_INVALID_ARGUMENTS;
|
||||
- goto err;
|
||||
+ if(obj->type == SC_PKCS15_TYPE_PRKEY_EC && keybits == 256)
|
||||
+ {
|
||||
+ sc_log(card->ctx, "current Alg is EC,Only support 256 ..\n");
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE_TOOL,
|
||||
+ "Unsupported key size %"SC_FORMAT_LEN_SIZE_T"u\n",
|
||||
+ keybits);
|
||||
+ r = SC_ERROR_INVALID_ARGUMENTS;
|
||||
+ goto err;
|
||||
+ }
|
||||
}
|
||||
|
||||
path = key_info->path;
|
||||
@@ -549,12 +569,23 @@ static int epass2003_pkcs15_generate_key(struct sc_profile *profile,
|
||||
SC_TEST_GOTO_ERR(card->ctx, SC_LOG_DEBUG_NORMAL, r,
|
||||
"generate key: pkcs15init_authenticate(SC_AC_OP_CREATE) failed");
|
||||
|
||||
- if ((r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, idx,
|
||||
- &pukf)) < 0) {
|
||||
+ if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA )
|
||||
+ {
|
||||
+
|
||||
+ r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_EC, idx, &pukf);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+
|
||||
+ r = cosm_new_file(profile, card, SC_PKCS15_TYPE_PUBKEY_RSA, idx, &pukf);
|
||||
+ }
|
||||
+
|
||||
+ if (r < 0) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"generate key: create temporary pukf failed\n");
|
||||
goto err;
|
||||
}
|
||||
+
|
||||
pukf->size = keybits;
|
||||
pukf->id = pukf->path.value[pukf->path.len - 2] * 0x100
|
||||
+ pukf->path.value[pukf->path.len - 1];
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
From 645f678af24fc1e0f1559e0384f57f8fd35836b4 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 21 Jul 2017 11:30:47 +0200
|
||||
Subject: [PATCH 1/4] cac: Make the retransmitted APDU valid by restoring the
|
||||
resplen
|
||||
|
||||
---
|
||||
src/libopensc/card-cac.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
||||
index ed15ba0a8..47f9aaf0c 100644
|
||||
--- a/src/libopensc/card-cac.c
|
||||
+++ b/src/libopensc/card-cac.c
|
||||
@@ -1106,6 +1106,7 @@ static int cac_select_file_by_type(sc_card_t *card, const sc_path_t *in_path, sc
|
||||
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
if (apdu.sw1 == 0x6A && apdu.sw2 == 0x86) {
|
||||
apdu.p2 = 0x00;
|
||||
+ apdu.resplen = sizeof(buf);
|
||||
if (sc_transmit_apdu(card, &apdu) == SC_SUCCESS)
|
||||
r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
}
|
||||
|
||||
From a57407a5257b24edf313a4839c523a19cd8b0dc5 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 21 Jul 2017 13:09:14 +0200
|
||||
Subject: [PATCH 2/4] cac: Check SWs for all the APDUs and report the errors to
|
||||
underlying layers
|
||||
|
||||
---
|
||||
src/libopensc/card-cac.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
|
||||
index 47f9aaf0c..f3b64a33d 100644
|
||||
--- a/src/libopensc/card-cac.c
|
||||
+++ b/src/libopensc/card-cac.c
|
||||
@@ -390,9 +390,7 @@ static int cac_apdu_io(sc_card_t *card, int ins, int p1, int p2,
|
||||
goto err;
|
||||
}
|
||||
|
||||
- if (apdu.sw1 == 0x61) {
|
||||
- r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
- }
|
||||
+ r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
|
||||
if (r < 0) {
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "Card returned error ");
|
||||
diff -up OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/src/libopensc/card-cac.c.old OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/src/libopensc/card-cac.c
|
||||
--- OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/src/libopensc/card-cac.c.old 2017-12-19 10:39:08.662925868 +0100
|
||||
+++ OpenSC-777e2a3751e3f6d53f056c98e9e20e42af674fb1/src/libopensc/card-cac.c 2017-12-19 10:39:58.665293224 +0100
|
||||
@@ -450,6 +450,10 @@ static int cac_read_file(sc_card_t *card
|
||||
if (r < 0) {
|
||||
goto fail;
|
||||
}
|
||||
+ if (len == 0) {
|
||||
+ r = SC_ERROR_FILE_NOT_FOUND;
|
||||
+ goto fail;
|
||||
+ }
|
||||
}
|
||||
*out_len = size;
|
||||
*out_buf = out;
|
||||
@ -1,121 +0,0 @@
|
||||
From bac1ced89dde5780ecb5014b3887e4fd81c7d81c Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 18 Aug 2017 13:49:57 +0200
|
||||
Subject: [PATCH 1/3] Use shorter PIN name for default PIN to accomodate Card
|
||||
Holder name in future
|
||||
|
||||
---
|
||||
src/libopensc/pkcs15-piv.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
|
||||
index d38d7ba73..7f9015dcc 100644
|
||||
--- a/src/libopensc/pkcs15-piv.c
|
||||
+++ b/src/libopensc/pkcs15-piv.c
|
||||
@@ -359,7 +359,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
||||
};
|
||||
|
||||
static const pindata pins[] = {
|
||||
- { "01", "PIV Card Holder pin", "", 0x80,
|
||||
+ { "01", "PIN", "", 0x80,
|
||||
/* label, flag and ref will change if using global pin */
|
||||
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
|
||||
8, 4, 8,
|
||||
@@ -932,7 +932,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
||||
pin_info.attrs.pin.reference = pin_ref;
|
||||
pin_info.attrs.pin.flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
|
||||
label = "Global PIN";
|
||||
- }
|
||||
+ }
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
||||
strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1);
|
||||
pin_obj.flags = pins[i].obj_flags;
|
||||
|
||||
From 74b070128c27e24aa67db041a049a9eee5dddcd6 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 18 Aug 2017 14:18:00 +0200
|
||||
Subject: [PATCH 2/3] Get cardholder name from the first certificate
|
||||
|
||||
---
|
||||
src/libopensc/pkcs15-piv.c | 24 +++++++++++++++++++++++-
|
||||
1 file changed, 23 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
|
||||
index 7f9015dcc..6f3c9199d 100644
|
||||
--- a/src/libopensc/pkcs15-piv.c
|
||||
+++ b/src/libopensc/pkcs15-piv.c
|
||||
@@ -613,7 +613,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
||||
char buf[SC_MAX_SERIALNR * 2 + 1];
|
||||
common_key_info ckis[PIV_NUM_CERTS_AND_KEYS];
|
||||
int follows_nist_fascn = 0;
|
||||
-
|
||||
+ char *token_name = NULL;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
@@ -765,6 +765,30 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
||||
sc_pkcs15_free_certificate(cert_out);
|
||||
continue;
|
||||
}
|
||||
+
|
||||
+ /* set the token name to the name of the CN of the first certificate */
|
||||
+ if (!token_name) {
|
||||
+ u8 * cn_name = NULL;
|
||||
+ size_t cn_len = 0;
|
||||
+ static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }};
|
||||
+ r = sc_pkcs15_get_name_from_dn(card->ctx, cert_out->subject,
|
||||
+ cert_out->subject_len, &cn_oid, &cn_name, &cn_len);
|
||||
+ if (r == SC_SUCCESS) {
|
||||
+ token_name = malloc (cn_len+1);
|
||||
+ if (!token_name) {
|
||||
+ sc_pkcs15_free_certificate(cert_out);
|
||||
+ free(cn_name);
|
||||
+ SC_FUNC_RETURN(card->ctx,
|
||||
+ SC_ERROR_OUT_OF_MEMORY, r);
|
||||
+ }
|
||||
+ memcpy(token_name, cn_name, cn_len);
|
||||
+ free(cn_name);
|
||||
+ token_name[cn_len] = 0;
|
||||
+ free(p15card->tokeninfo->label);
|
||||
+ p15card->tokeninfo->label = token_name;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* get keyUsage if present save in ckis[i]
|
||||
* Will only use it if this in a non FED issued card
|
||||
|
||||
From 78c2b7b970a8c2d841552926a7f4c386c31abeb8 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Mon, 21 Aug 2017 13:43:08 +0200
|
||||
Subject: [PATCH 3/3] Do not add non-informative PIN to the token label
|
||||
|
||||
---
|
||||
src/pkcs11/framework-pkcs15.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
|
||||
index 5b3cb32e5..8ded1125b 100644
|
||||
--- a/src/pkcs11/framework-pkcs15.c
|
||||
+++ b/src/pkcs11/framework-pkcs15.c
|
||||
@@ -1024,6 +1024,7 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
||||
struct sc_pkcs15_auth_info *pin_info = NULL;
|
||||
char label[64];
|
||||
|
||||
+ sc_log(context, "Called");
|
||||
pkcs15_init_token_info(p15card, &slot->token_info);
|
||||
slot->token_info.flags |= CKF_TOKEN_INITIALIZED;
|
||||
if (auth != NULL)
|
||||
@@ -1048,9 +1049,10 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
||||
pin_info = NULL;
|
||||
}
|
||||
else {
|
||||
- if (auth->label[0])
|
||||
+ if (auth->label[0] && strncmp(auth->label, "PIN", 4) != 0)
|
||||
snprintf(label, sizeof(label), "%.*s (%s)", (int) sizeof auth->label, auth->label, p15card->tokeninfo->label);
|
||||
else
|
||||
+ /* The PIN label is empty or says just non-useful "PIN" */
|
||||
snprintf(label, sizeof(label), "%s", p15card->tokeninfo->label);
|
||||
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
|
||||
}
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
commit 602279acecb9aaff1154ac1e2993562741a57281
|
||||
Author: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue Jan 2 11:08:31 2018 +0100
|
||||
|
||||
Skip correctly two bytes after reading 2b size
|
||||
|
||||
diff --git a/src/libopensc/simpletlv.c b/src/libopensc/simpletlv.c
|
||||
index f526a1cd..ab0401b5 100644
|
||||
--- a/src/libopensc/simpletlv.c
|
||||
+++ b/src/libopensc/simpletlv.c
|
||||
@@ -90,8 +90,9 @@ sc_simpletlv_read_tag(u8 **buf, size_t buflen, u8 *tag_out, size_t *taglen)
|
||||
*taglen = 0;
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
+ /* skip two bytes (the size) */
|
||||
len = lebytes2ushort(p);
|
||||
- p++;
|
||||
+ p+=2;
|
||||
}
|
||||
*taglen = len;
|
||||
*buf = p;
|
||||
@ -1,59 +0,0 @@
|
||||
diff --git a/src/libopensc/pkcs15-coolkey.c b/src/libopensc/pkcs15-coolkey.c
|
||||
index 5064a0f..d93875a 100644
|
||||
--- a/src/libopensc/pkcs15-coolkey.c
|
||||
+++ b/src/libopensc/pkcs15-coolkey.c
|
||||
@@ -484,7 +484,7 @@ static int sc_pkcs15emu_coolkey_init(sc_pkcs15_card_t *p15card)
|
||||
sc_card_t *card = p15card->card;
|
||||
sc_serial_number_t serial;
|
||||
int count;
|
||||
-
|
||||
+ struct sc_pkcs15_object *obj;
|
||||
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
|
||||
|
||||
@@ -558,6 +558,8 @@ static int sc_pkcs15emu_coolkey_init(sc_pkcs15_card_t *p15card)
|
||||
|
||||
|
||||
memset(&obj_obj, 0, sizeof(obj_obj));
|
||||
+ /* coolkey applets have label only on the certificates,
|
||||
+ * but we should copy it also to the keys maching the same ID */
|
||||
coolkey_get_attribute_bytes(card, &coolkey_obj, CKA_LABEL, (u8 *)obj_obj.label, &len, sizeof(obj_obj.label));
|
||||
coolkey_get_flags(card, &coolkey_obj, &obj_obj.flags);
|
||||
if (obj_obj.flags & SC_PKCS15_CO_FLAG_PRIVATE) {
|
||||
@@ -677,6 +679,36 @@ fail:
|
||||
}
|
||||
r = (card->ops->card_ctl)(card, SC_CARDCTL_COOLKEY_FINAL_GET_OBJECTS, &count);
|
||||
|
||||
+ /* Iterate over all the objects again and fill missing labels */
|
||||
+ for (obj = p15card->obj_list; obj != NULL; obj = obj->next) {
|
||||
+ struct sc_pkcs15_id *id = NULL;
|
||||
+ struct sc_pkcs15_object *cert_object;
|
||||
+
|
||||
+ sc_log(card->ctx, "Object with label %s", obj->label);
|
||||
+ if (obj->label[0] != '\0')
|
||||
+ /* label already filled -- do not overwrite */
|
||||
+ continue;
|
||||
+
|
||||
+ switch (obj->type & SC_PKCS15_TYPE_CLASS_MASK) {
|
||||
+ case SC_PKCS15_TYPE_PUBKEY:
|
||||
+ id = &((struct sc_pkcs15_pubkey_info *)obj->data)->id;
|
||||
+ break;
|
||||
+ case SC_PKCS15_TYPE_PRKEY:
|
||||
+ id = &((struct sc_pkcs15_prkey_info *)obj->data)->id;
|
||||
+ break;
|
||||
+ default:
|
||||
+ /* We do not care about other objects */
|
||||
+ continue;
|
||||
+ }
|
||||
+ sc_log(card->ctx, "Object ID is %s", id->value);
|
||||
+ r = sc_pkcs15_find_cert_by_id(p15card, id, &cert_object);
|
||||
+ if (r != 0)
|
||||
+ continue;
|
||||
+
|
||||
+ sc_log(card->ctx, "Found cert with with label %s", cert_object->label);
|
||||
+ memcpy(obj->label, cert_object->label, SC_PKCS15_MAX_LABEL_SIZE);
|
||||
+ }
|
||||
+
|
||||
LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
@ -1,475 +0,0 @@
|
||||
From cb73a14bd7ec1947871dd719536002cc4d8dc90b Mon Sep 17 00:00:00 2001
|
||||
From: Raul Metsma <raul@metsma.ee>
|
||||
Date: Fri, 27 Oct 2017 20:51:33 +0300
|
||||
Subject: [PATCH 1/5] EstEID ECDSA token support (#1158)
|
||||
|
||||
---
|
||||
src/libopensc/card-mcrd.c | 10 ++++++---
|
||||
src/libopensc/pkcs15-esteid.c | 47 +++++++++++++++++++++++++------------------
|
||||
2 files changed, 34 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-mcrd.c b/src/libopensc/card-mcrd.c
|
||||
index cbba3fdfa..28f8abfad 100644
|
||||
--- a/src/libopensc/card-mcrd.c
|
||||
+++ b/src/libopensc/card-mcrd.c
|
||||
@@ -304,7 +304,7 @@ static int mcrd_match_card(sc_card_t * card)
|
||||
|
||||
static int mcrd_init(sc_card_t * card)
|
||||
{
|
||||
- unsigned long flags;
|
||||
+ unsigned long flags, ext_flags;
|
||||
struct mcrd_priv_data *priv;
|
||||
int r;
|
||||
sc_path_t tmppath;
|
||||
@@ -329,6 +329,10 @@ static int mcrd_init(sc_card_t * card)
|
||||
flags = SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_SHA1 | SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA256;
|
||||
/* EstEID v3.0 has 2048 bit keys */
|
||||
_sc_card_add_rsa_alg(card, 2048, flags, 0);
|
||||
+
|
||||
+ flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ECDSA_HASH_NONE;
|
||||
+ ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;
|
||||
+ _sc_card_add_ec_alg(card, 384, flags, ext_flags, NULL);
|
||||
sc_reset(card, 0);
|
||||
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0xA4, 0x04, 0x00);
|
||||
@@ -1188,7 +1192,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
||||
if (is_esteid_card(card)) {
|
||||
/* some sanity checks */
|
||||
if (env->flags & SC_SEC_ENV_ALG_PRESENT) {
|
||||
- if (env->algorithm != SC_ALGORITHM_RSA)
|
||||
+ if (env->algorithm != SC_ALGORITHM_RSA && env->algorithm != SC_ALGORITHM_EC)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
if (!(env->flags & SC_SEC_ENV_KEY_REF_PRESENT)
|
||||
@@ -1375,7 +1379,7 @@ static int mcrd_compute_signature(sc_card_t * card,
|
||||
apdu.lc = datalen;
|
||||
apdu.data = data;
|
||||
apdu.datalen = datalen;
|
||||
- apdu.le = 0x80;
|
||||
+ apdu.le = MIN(0x80u, outlen);
|
||||
apdu.resp = out;
|
||||
apdu.resplen = outlen;
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-esteid.c b/src/libopensc/pkcs15-esteid.c
|
||||
index 361b2525a..a4655b7f7 100644
|
||||
--- a/src/libopensc/pkcs15-esteid.c
|
||||
+++ b/src/libopensc/pkcs15-esteid.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include "common/compat_strlcat.h"
|
||||
|
||||
#include "internal.h"
|
||||
+#include "opensc.h"
|
||||
#include "pkcs15.h"
|
||||
#include "esteid.h"
|
||||
|
||||
@@ -64,6 +65,7 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
sc_card_t *card = p15card->card;
|
||||
unsigned char buff[128];
|
||||
int r, i;
|
||||
+ size_t field_length = 0, modulus_length = 0;
|
||||
sc_path_t tmppath;
|
||||
|
||||
set_string (&p15card->tokeninfo->label, "ID-kaart");
|
||||
@@ -74,7 +76,7 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
r = sc_select_file (card, &tmppath, NULL);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "select esteid PD failed");
|
||||
|
||||
- /* read the serial (document number) */
|
||||
+ /* read the serial (document number) */
|
||||
r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
|
||||
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "read document number failed");
|
||||
buff[r] = '\0';
|
||||
@@ -93,10 +95,10 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
"3f00eeeeaace",
|
||||
"3f00eeeeddce"};
|
||||
static int esteid_cert_ids[2] = {1, 2};
|
||||
-
|
||||
+
|
||||
struct sc_pkcs15_cert_info cert_info;
|
||||
struct sc_pkcs15_object cert_obj;
|
||||
-
|
||||
+
|
||||
memset(&cert_info, 0, sizeof(cert_info));
|
||||
memset(&cert_obj, 0, sizeof(cert_obj));
|
||||
|
||||
@@ -110,6 +112,10 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
if (i == 0) {
|
||||
sc_pkcs15_cert_t *cert;
|
||||
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
|
||||
+ if (cert->key->algorithm == SC_ALGORITHM_EC)
|
||||
+ field_length = cert->key->u.ec.params.field_length;
|
||||
+ else
|
||||
+ modulus_length = cert->key->u.rsa.modulus.len * 8;
|
||||
if (r == SC_SUCCESS) {
|
||||
static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }};
|
||||
u8 *cn_name = NULL;
|
||||
@@ -155,16 +161,16 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
|
||||
memset(&pin_info, 0, sizeof(pin_info));
|
||||
memset(&pin_obj, 0, sizeof(pin_obj));
|
||||
-
|
||||
+
|
||||
/* read the number of tries left for the PIN */
|
||||
r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR);
|
||||
if (r < 0)
|
||||
return SC_ERROR_INTERNAL;
|
||||
tries_left = buff[5];
|
||||
-
|
||||
+
|
||||
pin_info.auth_id.len = 1;
|
||||
pin_info.auth_id.value[0] = esteid_pin_authid[i];
|
||||
- pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
+ pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
|
||||
pin_info.attrs.pin.reference = esteid_pin_ref[i];
|
||||
pin_info.attrs.pin.flags = esteid_pin_flags[i];
|
||||
pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||
@@ -188,16 +194,11 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
if (r < 0)
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
-
|
||||
+
|
||||
/* add private keys */
|
||||
for (i = 0; i < 2; i++) {
|
||||
static int prkey_pin[2] = {1, 2};
|
||||
- static int prkey_usage[2] = {
|
||||
- SC_PKCS15_PRKEY_USAGE_ENCRYPT
|
||||
- | SC_PKCS15_PRKEY_USAGE_DECRYPT
|
||||
- | SC_PKCS15_PRKEY_USAGE_SIGN,
|
||||
- SC_PKCS15_PRKEY_USAGE_NONREPUDIATION};
|
||||
-
|
||||
+
|
||||
static const char *prkey_name[2] = {
|
||||
"Isikutuvastus",
|
||||
"Allkirjastamine"};
|
||||
@@ -207,16 +208,19 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
|
||||
memset(&prkey_info, 0, sizeof(prkey_info));
|
||||
memset(&prkey_obj, 0, sizeof(prkey_obj));
|
||||
-
|
||||
+
|
||||
prkey_info.id.len = 1;
|
||||
prkey_info.id.value[0] = prkey_pin[i];
|
||||
- prkey_info.usage = prkey_usage[i];
|
||||
prkey_info.native = 1;
|
||||
prkey_info.key_reference = i + 1;
|
||||
- if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
|
||||
- prkey_info.modulus_length = 2048;
|
||||
+ prkey_info.field_length = field_length;
|
||||
+ prkey_info.modulus_length = modulus_length;
|
||||
+ if (i == 1)
|
||||
+ prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
||||
+ else if(field_length > 0) // ECC has only sign usage
|
||||
+ prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
|
||||
else
|
||||
- prkey_info.modulus_length = 1024;
|
||||
+ prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT;
|
||||
|
||||
strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
|
||||
prkey_obj.auth_id.len = 1;
|
||||
@@ -224,7 +228,10 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
prkey_obj.user_consent = 0;
|
||||
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
|
||||
|
||||
- r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
|
||||
+ if(field_length > 0)
|
||||
+ r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info);
|
||||
+ else
|
||||
+ r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
|
||||
if (r < 0)
|
||||
return SC_ERROR_INTERNAL;
|
||||
}
|
||||
@@ -236,7 +243,7 @@ static int esteid_detect_card(sc_pkcs15_card_t *p15card)
|
||||
{
|
||||
if (is_esteid_card(p15card->card))
|
||||
return SC_SUCCESS;
|
||||
- else
|
||||
+ else
|
||||
return SC_ERROR_WRONG_CARD;
|
||||
}
|
||||
|
||||
|
||||
From bea03e86d385a7d1ec58f42a501a5c2d471357d1 Mon Sep 17 00:00:00 2001
|
||||
From: Raul Metsma <raul@metsma.ee>
|
||||
Date: Wed, 8 Nov 2017 14:24:18 +0200
|
||||
Subject: [PATCH 2/5] Fix crash when certificate read failed (#1189)
|
||||
|
||||
Fixes https://github.com/OpenSC/OpenSC/issues/1176
|
||||
---
|
||||
src/libopensc/pkcs15-esteid.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libopensc/pkcs15-esteid.c b/src/libopensc/pkcs15-esteid.c
|
||||
index a4655b7f7..a5f9af8b2 100644
|
||||
--- a/src/libopensc/pkcs15-esteid.c
|
||||
+++ b/src/libopensc/pkcs15-esteid.c
|
||||
@@ -110,8 +110,10 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
if (r < 0)
|
||||
return SC_ERROR_INTERNAL;
|
||||
if (i == 0) {
|
||||
- sc_pkcs15_cert_t *cert;
|
||||
+ sc_pkcs15_cert_t *cert = NULL;
|
||||
r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
|
||||
+ if (r < 0)
|
||||
+ return SC_ERROR_INTERNAL;
|
||||
if (cert->key->algorithm == SC_ALGORITHM_EC)
|
||||
field_length = cert->key->u.ec.params.field_length;
|
||||
else
|
||||
|
||||
From da05d83a0d3a97eea8f33d5566c60798acc137fc Mon Sep 17 00:00:00 2001
|
||||
From: Raul Metsma <raul@metsma.ee>
|
||||
Date: Fri, 10 Nov 2017 09:58:31 +0200
|
||||
Subject: [PATCH 3/5] EstEID ECDH token support (#1185)
|
||||
|
||||
---
|
||||
src/libopensc/card-mcrd.c | 89 ++++++++++++++++++++++++++++++++++++++++---
|
||||
src/libopensc/pkcs15-esteid.c | 4 +-
|
||||
2 files changed, 86 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-mcrd.c b/src/libopensc/card-mcrd.c
|
||||
index 28f8abfad..085d02965 100644
|
||||
--- a/src/libopensc/card-mcrd.c
|
||||
+++ b/src/libopensc/card-mcrd.c
|
||||
@@ -59,9 +59,9 @@ static struct sc_atr_table mcrd_atrs[] = {
|
||||
{NULL, NULL, NULL, 0, 0, NULL}
|
||||
};
|
||||
|
||||
-static unsigned char EstEID_v3_AID[] = {0xF0, 0x45, 0x73, 0x74, 0x45, 0x49, 0x44, 0x20, 0x76, 0x65, 0x72, 0x20, 0x31, 0x2E, 0x30};
|
||||
-static unsigned char EstEID_v35_AID[] = {0xD2, 0x33, 0x00, 0x00, 0x00, 0x45, 0x73, 0x74, 0x45, 0x49, 0x44, 0x20, 0x76, 0x33, 0x35};
|
||||
-static unsigned char AzeDIT_v35_AID[] = {0xD0, 0x31, 0x00, 0x00, 0x00, 0x44, 0x69, 0x67, 0x69, 0x49, 0x44};
|
||||
+static const unsigned char EstEID_v3_AID[] = {0xF0, 0x45, 0x73, 0x74, 0x45, 0x49, 0x44, 0x20, 0x76, 0x65, 0x72, 0x20, 0x31, 0x2E, 0x30};
|
||||
+static const unsigned char EstEID_v35_AID[] = {0xD2, 0x33, 0x00, 0x00, 0x00, 0x45, 0x73, 0x74, 0x45, 0x49, 0x44, 0x20, 0x76, 0x33, 0x35};
|
||||
+static const unsigned char AzeDIT_v35_AID[] = {0xD0, 0x31, 0x00, 0x00, 0x00, 0x44, 0x69, 0x67, 0x69, 0x49, 0x44};
|
||||
|
||||
static struct sc_card_operations mcrd_ops;
|
||||
static struct sc_card_driver mcrd_drv = {
|
||||
@@ -119,6 +119,24 @@ struct mcrd_priv_data {
|
||||
|
||||
#define DRVDATA(card) ((struct mcrd_priv_data *) ((card)->drv_data))
|
||||
|
||||
+// Control Reference Template Tag for Key Agreement (ISO 7816-4:2013 Table 54)
|
||||
+static const struct sc_asn1_entry c_asn1_control[] = {
|
||||
+ { "control", SC_ASN1_STRUCT, SC_ASN1_CONS | SC_ASN1_CTX | 0xA6, 0, NULL, NULL },
|
||||
+ { NULL, 0, 0, 0, NULL, NULL }
|
||||
+};
|
||||
+
|
||||
+// Ephemeral public key Template Tag (ISO 7816-8:2016 Table 3)
|
||||
+static const struct sc_asn1_entry c_asn1_ephermal[] = {
|
||||
+ { "ephemeral", SC_ASN1_STRUCT, SC_ASN1_CONS | SC_ASN1_APP | 0x7F49, 0, NULL, NULL },
|
||||
+ { NULL, 0, 0, 0, NULL, NULL }
|
||||
+};
|
||||
+
|
||||
+// External Public Key
|
||||
+static const struct sc_asn1_entry c_asn1_public[] = {
|
||||
+ { "publicKey", SC_ASN1_OCTET_STRING, SC_ASN1_CTX | 0x86, 0, NULL, NULL },
|
||||
+ { NULL, 0, 0, 0, NULL, NULL }
|
||||
+};
|
||||
+
|
||||
static int load_special_files(sc_card_t * card);
|
||||
static int select_part(sc_card_t * card, u8 kind, unsigned short int fid,
|
||||
sc_file_t ** file);
|
||||
@@ -1208,6 +1226,7 @@ static int mcrd_set_security_env(sc_card_t * card,
|
||||
select_esteid_df(card);
|
||||
switch (env->operation) {
|
||||
case SC_SEC_OPERATION_DECIPHER:
|
||||
+ case SC_SEC_OPERATION_DERIVE:
|
||||
sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"Using keyref %d to dechiper\n",
|
||||
env->key_ref[0]);
|
||||
@@ -1351,11 +1370,14 @@ static int mcrd_compute_signature(sc_card_t * card,
|
||||
u8 * out, size_t outlen)
|
||||
{
|
||||
struct mcrd_priv_data *priv = DRVDATA(card);
|
||||
- sc_security_env_t *env = &priv->sec_env;
|
||||
+ sc_security_env_t *env = NULL;
|
||||
int r;
|
||||
sc_apdu_t apdu;
|
||||
|
||||
- assert(card != NULL && data != NULL && out != NULL);
|
||||
+ if (card == NULL || data == NULL || out == NULL)
|
||||
+ return SC_ERROR_INVALID_ARGUMENTS;
|
||||
+ env = &priv->sec_env;
|
||||
+
|
||||
SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL);
|
||||
if (env->operation != SC_SEC_OPERATION_SIGN)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
@@ -1391,6 +1413,62 @@ static int mcrd_compute_signature(sc_card_t * card,
|
||||
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen);
|
||||
}
|
||||
|
||||
+static int mcrd_decipher(struct sc_card *card,
|
||||
+ const u8 * crgram, size_t crgram_len,
|
||||
+ u8 * out, size_t outlen)
|
||||
+{
|
||||
+ sc_security_env_t *env = NULL;
|
||||
+ int r = 0;
|
||||
+ size_t sbuf_len = 0;
|
||||
+ sc_apdu_t apdu;
|
||||
+ u8 *sbuf = NULL;
|
||||
+ struct sc_asn1_entry asn1_control[2], asn1_ephermal[2], asn1_public[2];
|
||||
+
|
||||
+ if (card == NULL || crgram == NULL || out == NULL)
|
||||
+ return SC_ERROR_INVALID_ARGUMENTS;
|
||||
+ env = &DRVDATA(card)->sec_env;
|
||||
+
|
||||
+ LOG_FUNC_CALLED(card->ctx);
|
||||
+ if (env->operation != SC_SEC_OPERATION_DERIVE)
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, iso_ops->decipher(card, crgram, crgram_len, out, outlen));
|
||||
+ if (crgram_len > 255)
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
|
||||
+
|
||||
+ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
|
||||
+ "Will dervie (%d) for %"SC_FORMAT_LEN_SIZE_T"u (0x%02"SC_FORMAT_LEN_SIZE_T"x) bytes using key %d algorithm %d flags %d\n",
|
||||
+ env->operation, crgram_len, crgram_len, env->key_ref[0],
|
||||
+ env->algorithm, env->algorithm_flags);
|
||||
+
|
||||
+ // Encode TLV
|
||||
+ sc_copy_asn1_entry(c_asn1_control, asn1_control);
|
||||
+ sc_copy_asn1_entry(c_asn1_ephermal, asn1_ephermal);
|
||||
+ sc_copy_asn1_entry(c_asn1_public, asn1_public);
|
||||
+ sc_format_asn1_entry(asn1_public + 0, (void*)crgram, &crgram_len, 1);
|
||||
+ sc_format_asn1_entry(asn1_ephermal + 0, &asn1_public, NULL, 1);
|
||||
+ sc_format_asn1_entry(asn1_control + 0, &asn1_ephermal, NULL, 1);
|
||||
+ r = sc_asn1_encode(card->ctx, asn1_control, &sbuf, &sbuf_len);
|
||||
+ LOG_TEST_RET(card->ctx, r, "Error encoding TLV.");
|
||||
+
|
||||
+ // Create APDU
|
||||
+ sc_format_apdu(card, &apdu, SC_APDU_CASE_4, 0x2A, 0x80, 0x86);
|
||||
+ apdu.lc = sbuf_len;
|
||||
+ apdu.data = sbuf;
|
||||
+ apdu.datalen = sbuf_len;
|
||||
+ apdu.le = MIN(0x80u, outlen);
|
||||
+ apdu.resp = out;
|
||||
+ apdu.resplen = outlen;
|
||||
+
|
||||
+ r = sc_transmit_apdu(card, &apdu);
|
||||
+ sc_mem_clear(sbuf, sbuf_len);
|
||||
+ free(sbuf);
|
||||
+ LOG_TEST_RET(card->ctx, r, "APDU transmit failed");
|
||||
+
|
||||
+ r = sc_check_sw(card, apdu.sw1, apdu.sw2);
|
||||
+ LOG_TEST_RET(card->ctx, r, "Card returned error");
|
||||
+
|
||||
+ SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, apdu.resplen);
|
||||
+}
|
||||
+
|
||||
/* added by -mp, to give pin information in the card driver (pkcs15emu->driver needed) */
|
||||
static int mcrd_pin_cmd(sc_card_t * card, struct sc_pin_cmd_data *data,
|
||||
int *tries_left)
|
||||
@@ -1454,6 +1532,7 @@ static struct sc_card_driver *sc_get_driver(void)
|
||||
mcrd_ops.select_file = mcrd_select_file;
|
||||
mcrd_ops.set_security_env = mcrd_set_security_env;
|
||||
mcrd_ops.compute_signature = mcrd_compute_signature;
|
||||
+ mcrd_ops.decipher = mcrd_decipher;
|
||||
mcrd_ops.pin_cmd = mcrd_pin_cmd;
|
||||
|
||||
return &mcrd_drv;
|
||||
diff --git a/src/libopensc/pkcs15-esteid.c b/src/libopensc/pkcs15-esteid.c
|
||||
index a5f9af8b2..b3cf5178f 100644
|
||||
--- a/src/libopensc/pkcs15-esteid.c
|
||||
+++ b/src/libopensc/pkcs15-esteid.c
|
||||
@@ -219,8 +219,8 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
prkey_info.modulus_length = modulus_length;
|
||||
if (i == 1)
|
||||
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
||||
- else if(field_length > 0) // ECC has only sign usage
|
||||
- prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
|
||||
+ else if(field_length > 0) // ECC has sign and derive usage
|
||||
+ prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE;
|
||||
else
|
||||
prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT;
|
||||
|
||||
|
||||
From 3b33bf0e11253302ae48c2a3027b114162b92472 Mon Sep 17 00:00:00 2001
|
||||
From: Raul Metsma <raul@metsma.ee>
|
||||
Date: Thu, 9 Nov 2017 14:42:30 +0200
|
||||
Subject: [PATCH 4/5] Cleanup expired EstEID card ATR-s
|
||||
|
||||
Signed-off-by: Raul Metsma <raul@metsma.ee>
|
||||
---
|
||||
etc/opensc.conf.in | 24 +-----------------------
|
||||
1 file changed, 1 insertion(+), 23 deletions(-)
|
||||
|
||||
diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in
|
||||
index 63abba9bf..2bbbe624c 100644
|
||||
--- a/etc/opensc.conf.in
|
||||
+++ b/etc/opensc.conf.in
|
||||
@@ -309,33 +309,11 @@ app default {
|
||||
# driver = "piv";
|
||||
# }
|
||||
|
||||
- # Estonian ID card and Micardo driver sometimes only play together with T=0
|
||||
+ # Micardo driver sometimes only play together with T=0
|
||||
# In theory only the 'cold' ATR should be specified, as T=0 will
|
||||
# be the preferred protocol once you boot it up with T=0, but be
|
||||
# paranoid.
|
||||
#
|
||||
- # Warm ATR v1
|
||||
- card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
- force_protocol = t0;
|
||||
- }
|
||||
- # Cold ATR v1
|
||||
- card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {
|
||||
- force_protocol = t0;
|
||||
- }
|
||||
- # Warm ATR v2
|
||||
- card_atr 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
- force_protocol = t0;
|
||||
- }
|
||||
- # Cold ATR v2
|
||||
- card_atr 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b {
|
||||
- force_protocol = t0;
|
||||
- }
|
||||
- # Digi-ID cold ATR. The same card has the same warm ATR as "Cold ATR v1" above
|
||||
- # The card is claimed to only support T=0 but in fact (sometimes) works with T=1, even if not advertised in ATR.
|
||||
- card_atr 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {
|
||||
- force_protocol = t0;
|
||||
- }
|
||||
-
|
||||
# D-Trust cards are also based on micardo and need T=0 for some reason
|
||||
card_atr 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 {
|
||||
force_protocol = t0;
|
||||
|
||||
From 1c28c1b56a28c38d24714f1377eebe87a0371421 Mon Sep 17 00:00:00 2001
|
||||
From: Raul Metsma <raul@metsma.ee>
|
||||
Date: Fri, 17 Nov 2017 11:46:34 +0200
|
||||
Subject: [PATCH 5/5] Fix reading EstEID certificates with T=0 (#1193)
|
||||
|
||||
---
|
||||
src/libopensc/card-mcrd.c | 21 +++++++++++++--------
|
||||
1 file changed, 13 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/libopensc/card-mcrd.c b/src/libopensc/card-mcrd.c
|
||||
index 085d02965..525717ce9 100644
|
||||
--- a/src/libopensc/card-mcrd.c
|
||||
+++ b/src/libopensc/card-mcrd.c
|
||||
@@ -365,15 +365,20 @@ static int mcrd_init(sc_card_t * card)
|
||||
if(apdu.sw1 != 0x90 && apdu.sw2 != 0x00)
|
||||
{
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0xA4, 0x04, 0x00);
|
||||
- apdu.lc = sizeof(EstEID_v35_AID);
|
||||
- apdu.data = EstEID_v35_AID;
|
||||
- apdu.datalen = sizeof(EstEID_v35_AID);
|
||||
- apdu.resplen = 0;
|
||||
- apdu.le = 0;
|
||||
+ apdu.lc = sizeof(EstEID_v35_AID);
|
||||
+ apdu.data = EstEID_v35_AID;
|
||||
+ apdu.datalen = sizeof(EstEID_v35_AID);
|
||||
+ apdu.resplen = 0;
|
||||
+ apdu.le = 0;
|
||||
r = sc_transmit_apdu(card, &apdu);
|
||||
- SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
|
||||
- sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "SELECT AID: %02X%02X", apdu.sw1, apdu.sw2);
|
||||
- if (apdu.sw1 != 0x90 && apdu.sw2 != 0x00) {
|
||||
+ SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
|
||||
+ sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "SELECT AID: %02X%02X", apdu.sw1, apdu.sw2);
|
||||
+ if (apdu.sw1 == 0x90 && apdu.sw2 == 0x00) {
|
||||
+ // Force EstEID 3.5 card recv size 255 with T=0 to avoid recursive read binary
|
||||
+ // sc_read_binary cannot handle recursive 61 00 calls
|
||||
+ if (card->reader && card->reader->active_protocol == SC_PROTO_T0)
|
||||
+ card->max_recv_size = 255;
|
||||
+ } else {
|
||||
sc_format_apdu(card, &apdu, SC_APDU_CASE_3, 0xA4, 0x04, 0x00);
|
||||
apdu.lc = sizeof(AzeDIT_v35_AID);
|
||||
apdu.data = AzeDIT_v35_AID;
|
||||
|
||||
41
opensc.spec
41
opensc.spec
@ -2,8 +2,8 @@
|
||||
%define nssdb %{_sysconfdir}/pki/nssdb
|
||||
|
||||
Name: opensc
|
||||
Version: 0.17.0
|
||||
Release: 10%{?dist}
|
||||
Version: 0.18.0
|
||||
Release: 1%{?dist}
|
||||
Summary: Smart card library and applications
|
||||
|
||||
Group: System Environment/Libraries
|
||||
@ -12,22 +12,6 @@ URL: https://github.com/OpenSC/OpenSC/wiki
|
||||
Source0: https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: opensc.module
|
||||
Source2: pkcs11-switch.sh
|
||||
Patch0: opensc-coolkey.patch
|
||||
# Allow functionality of new Estonia ID cards (#1519751)
|
||||
Patch1: opensc-estonia.patch
|
||||
# Use Cardholder name in the token label (#1449740)
|
||||
Patch2: opensc-0.17.0-piv-cardholder-name.patch
|
||||
# Avoid infinite loop when reading CAC cards (#1473335)
|
||||
Patch3: opensc-0.17.0-infinite-loop.patch
|
||||
# Workaround for CAC Alt tokens (#1473418)
|
||||
Patch4: opensc-0.17.0-cac-alt.patch
|
||||
# Properly parse multi-byte length (#1473418)
|
||||
Patch5: opensc-0.17.0-simpletlv.patch
|
||||
# Make Feitian tokens working again (#1558099)
|
||||
# https://github.com/OpenSC/OpenSC/pull/1145
|
||||
Patch6: opensc-0.17.0-feitian.patch
|
||||
# CloudHSM improvements (proper EC_POINT, specification of mechanisms)
|
||||
Patch7: opensc-0.17.0-cloudhsm.patch
|
||||
|
||||
BuildRequires: pcsc-lite-devel
|
||||
BuildRequires: readline-devel
|
||||
@ -35,6 +19,7 @@ BuildRequires: openssl-devel
|
||||
BuildRequires: /usr/bin/xsltproc
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: autoconf automake libtool gcc
|
||||
BuildRequires: desktop-file-utils
|
||||
Requires: pcsc-lite-libs%{?_isa}
|
||||
Requires: pcsc-lite
|
||||
Requires: nss-tools
|
||||
@ -54,14 +39,6 @@ every software/card that does so, too.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .coolkey
|
||||
%patch1 -p1 -b .estonia
|
||||
%patch2 -p1 -b .piv
|
||||
%patch3 -p1 -b .infinite
|
||||
%patch4 -p1 -b .cac-alt
|
||||
%patch5 -p1 -b .simpletlv
|
||||
%patch6 -p1 -b .feitian
|
||||
%patch7 -p1 -b .cloudhsm
|
||||
|
||||
cp -p src/pkcs15init/README ./README.pkcs15init
|
||||
cp -p src/scconf/README.scconf .
|
||||
@ -109,6 +86,8 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
|
||||
rm -rf %{buildroot}%{_bindir}/npa-tool
|
||||
rm -rf %{buildroot}%{_mandir}/man1/npa-tool.1*
|
||||
|
||||
desktop-file-validate %{buildroot}/%{_datadir}/applications/org.opensc.notify.desktop
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
isThere=`modutil -rawlist -dbdir %{nssdb} | grep %{opensc_module} || echo NO`
|
||||
@ -152,6 +131,8 @@ fi
|
||||
%{_bindir}/openpgp-tool
|
||||
%{_bindir}/opensc-explorer
|
||||
%{_bindir}/opensc-tool
|
||||
%{_bindir}/opensc-asn1
|
||||
%{_bindir}/opensc-notify
|
||||
%{_bindir}/piv-tool
|
||||
%{_bindir}/pkcs11-tool
|
||||
%if 0%{?rhel} <= 7
|
||||
@ -163,6 +144,8 @@ fi
|
||||
%{_bindir}/sc-hsm-tool
|
||||
%{_bindir}/dnie-tool
|
||||
%{_bindir}/westcos-tool
|
||||
%{_bindir}/egk-tool
|
||||
%{_datadir}/applications/org.opensc.notify.desktop
|
||||
%{_libdir}/lib*.so.*
|
||||
%{_libdir}/opensc-pkcs11.so
|
||||
%{_libdir}/pkcs11-spy.so
|
||||
@ -182,6 +165,8 @@ fi
|
||||
%{_mandir}/man1/openpgp-tool.1*
|
||||
%{_mandir}/man1/opensc-explorer.*
|
||||
%{_mandir}/man1/opensc-tool.1*
|
||||
%{_mandir}/man1/opensc-asn1.1*
|
||||
%{_mandir}/man1/opensc-notify.1*
|
||||
%{_mandir}/man1/piv-tool.1*
|
||||
%{_mandir}/man1/pkcs11-tool.1*
|
||||
%{_mandir}/man1/pkcs15-crypt.1*
|
||||
@ -190,10 +175,14 @@ fi
|
||||
%{_mandir}/man1/sc-hsm-tool.1*
|
||||
%{_mandir}/man1/westcos-tool.1*
|
||||
%{_mandir}/man1/dnie-tool.1*
|
||||
%{_mandir}/man1/egk-tool.1*
|
||||
%{_mandir}/man5/*.5*
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu May 17 2018 Jakub Jelen <jjelen@redhat.com> - 0.18.0-1
|
||||
- New upstream release (#1567503)
|
||||
|
||||
* Wed Apr 04 2018 Jakub Jelen <jjelen@redhat.com> - 0.17.0-10
|
||||
- Install the PKCS#11 modules also to the new NSS DB
|
||||
- Drop the pkcs11-switch as the coolkey is gone
|
||||
|
||||
Loading…
Reference in New Issue
Block a user